From a023a4f07401b5923cf52e92c13b1b09463929da Mon Sep 17 00:00:00 2001
From: Jesse Pretorius <jesse.pretorius@rackspace.co.uk>
Date: Thu, 2 Aug 2018 09:10:41 +0100
Subject: [PATCH] Move role setup into service setup tasks

Instead of adding the same boilerplate as the service setup
in order to create the roles required, we simply move the
role creation into the service add tasks.

Change-Id: I27f26e79735dd1e60d41691deb70e11bbef315e1
---
 tasks/octavia_policy.yml      | 24 ------------------------
 tasks/octavia_service_add.yml | 13 +++++++++++++
 2 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/tasks/octavia_policy.yml b/tasks/octavia_policy.yml
index 1f6e4d49..953c35ee 100644
--- a/tasks/octavia_policy.yml
+++ b/tasks/octavia_policy.yml
@@ -13,30 +13,6 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 
-- name: Create load-balancer_observer role
-  keystone:
-    command: "ensure_role"
-    endpoint: "{{ keystone_service_adminurl }}"
-    login_user: "{{ keystone_admin_user_name }}"
-    login_password: "{{ keystone_auth_admin_password }}"
-    login_project_name: "{{ keystone_admin_tenant_name }}"
-    region_name: "{{ octavia_service_region }}"
-    service_name: "{{ octavia_service_name }}"
-    service_type: "{{ octavia_service_type }}"
-    insecure: "{{ keystone_service_adminuri_insecure }}"
-    role_name: "{{ item }}"
-  register: add_role
-  until: add_role is success
-  retries: 5
-  delay: 10
-  no_log: True
-  with_items:
-    - load-balancer_observer
-    - load-balancer_global_observer
-    - load-balancer_member
-    - load-balancer_admin
-    - load-balancer_quota_admin
-
 - name: Set legacy role policies
   config_template:
     src: policy.json.j2
diff --git a/tasks/octavia_service_add.yml b/tasks/octavia_service_add.yml
index 3029ac9f..28c0cc6b 100644
--- a/tasks/octavia_service_add.yml
+++ b/tasks/octavia_service_add.yml
@@ -93,3 +93,16 @@
           url: "{{ octavia_service_adminuri }}"
       when: octavia_v2 | bool
 
+    - name: Create service roles
+      os_keystone_role:
+        cloud: default
+        state: present
+        name: "{{ item }}"
+        endpoint_type: admin
+        verify: "{{ not keystone_service_adminuri_insecure }}"
+      with_items:
+        - load-balancer_observer
+        - load-balancer_global_observer
+        - load-balancer_member
+        - load-balancer_admin
+        - load-balancer_quota_admin