Bug 2004867

Summary: Nova Host Manager role is missing from the undercloud service
Product: Red Hat OpenStack Reporter: David Sedgmen <dsedgmen>
Component: ansible-tripleo-ipaAssignee: Ade Lee <alee>
Status: CLOSED CURRENTRELEASE QA Contact: Jeremy Agee <jagee>
Severity: medium Docs Contact:
Priority: medium    
Version: 16.1 (Train)CC: alee, dwilde, ggrasza
Target Milestone: z9Keywords: Triaged, ZStream
Target Release: 16.1 (Train on RHEL 8.2)   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: ansible-tripleo-ipa-0.2.3-2.20220301185252.060a393.el8ost Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-02-16 14:52:26 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description David Sedgmen 2021-09-16 10:06:58 UTC 
Description of problem: scale is failing with the error

"response host_add: Insufficient access: Insufficient 'add' privilege to the 'userPassword' attribute"

This is because the role has gone missing from the IdM service for the director so it is no longer added to create the records for the new nodes

This because the ansible role `ipa_role` explicit sets privileges to the list of services provides instead of appending.

So when a second director is integrated to the IdM server it remove the role form the first directors service

How reproducible: everytime


Steps to Reproduce:
1. install undercloud with tripleo-ipa ingratiation 
2. install second undercloud with tripleo-ipa ingratiation 
3. try to deploy an overcloud with  tripleo-ipa ingratiation from first director

Actual results:

Only second overcloud is able to deploy with IdM intergations

Expected results:

For the Nova Host Manager role not to be remove from the first director

Additional info: