I'm trying to test enabling enforce_scope on a kolla-ansible deployment in prep for rolling it out to an actual deployment and I am having issues with services registering themselves.  The playbook fails at registering nova services and the keytsone log says the nova user doesn't exist, as well as the service project and the admin role.   I've added enforce_scope and enforce_new_defaults to global.conf, which causes the referenced error.  I assume that I'm missing something in the configuration that is required beyond just setting those two oslo_policy options, but I haven't been able to find anything beyond these two settings.  Can anyone let me know if there's something specific that I'm missing?

Thanks!
This email and its attachments, if any, may contain information that is proprietary, business-confidential, and/or legally protected. If you received this communication in error, please notify me by reply message and delete the email and any attachments without copying, distributing, or otherwise using.