From e8209b10a2cd11e2f9f1cf28b6bcbd924c86c9e1 Mon Sep 17 00:00:00 2001 From: lkuchlan Date: Sun, 12 Apr 2026 13:11:18 +0300 Subject: [PATCH] [SKMO] Grant swiftoperator role to cinder for backup Add swiftoperator role assignment for cinder service user to enable Cinder Backup with Swift backend in SKMO deployments. The role is granted in the prepare-leaf hook after Keystone and openstackclient are ready, ensuring the cinder service can create backup containers in Swift. Signed-off-by: lkuchlan --- hooks/playbooks/skmo/prepare-leaf.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/hooks/playbooks/skmo/prepare-leaf.yaml b/hooks/playbooks/skmo/prepare-leaf.yaml index 8e0f3a706..406e7e7cc 100644 --- a/hooks/playbooks/skmo/prepare-leaf.yaml +++ b/hooks/playbooks/skmo/prepare-leaf.yaml @@ -115,6 +115,15 @@ args: executable: /bin/bash + - name: Grant swiftoperator role to cinder service user for backup + ansible.builtin.command: + cmd: >- + oc rsh -n {{ central_namespace }} openstackclient + openstack role add --user cinder --project service swiftoperator + register: _cinder_swift_role + changed_when: false + failed_when: (_cinder_swift_role.rc | int) >= 1 + - name: Get existing leaf CA bundle secret if present kubernetes.core.k8s_info: api_version: v1