Hey Danish,

This failure is related to the security vulnerability [1].
There are several things to mention with this regards:
1. Cinder has not backported fix to Wallaby, due to its complexity, so vulnerability is still not fully covered there.
2. Nova has backported the fix, which is raising the error you see
3. In OpenStack-Ansible we also have not backported work that is required to support service tokens to Wallaby, as there was huge amount of changes that are required for this to fix, while vulnerability is not fixed in services themselves.
4. There is huge ongoing discussion in Technical Commetee on what to do with releases in Extended Maintenance and if we should End Of Life them or not due, which was raised by this vulnerability.

Keeping all that in mind, you still should be able to deploy OpenStack-Ansible. And there are several ways of doing that.

1. Deploy vulnerable version of services. So I would try using 23.4.3 instead of stable/wallaby or 23.4.4 or wallaby-em.
You can also override nova SHA to install not patched version by providing `nova_git_install_branch: a9e81626c5e9dac897759c5f66c7ae1b4efa3c6d` to user-variables
2. Apply manual config overrides for nova and cinder services to comply with new requirements for this vulnerability. So you need smth like that:

nova_nova_conf_overrides:
  keystone_authtoken:
    service_token_roles_required: True
    service_token_roles: admin
  service_user:
    send_service_user_token: True
    region_name: "{{ nova_service_region }}"
    auth_type: password
    username: "{{ nova_service_user_name }}"
    password: "{{ nova_service_password }}"
    project_name: "{{ nova_service_project_name }}"
    user_domain_id: "{{ nova_service_user_domain_id }}"
    project_domain_id: "{{ nova_service_project_domain_id }}"
    auth_url: "{{ keystone_service_adminurl }}"
    insecure: "{{ keystone_service_adminuri_insecure | bool }}"


[1] https://security.openstack.org/ossa/OSSA-2023-003.html


On Sun, Jul 23, 2023, 01:25 Danish Khan <danish52.jmi@gmail.com> wrote:
Dear Team,

I am trying to deploy openstack-ansible wallaby but it is getting
failed with error:

service user token configuration is required for all Nova services.
For more details see the following:
https://docs.openstack.org/latest/nova/admin/configuration/service-user-token.html

But the mentioned webpage is not available.

This is fixed in yoga but wallay is still failing.

I tried to copy few variables from Yoga but that is working for me.

Can someone please help me on this ? where I need to make some changes
to deploy openstack-ansible wallaby?

Thanks in advance :)

Regards,
Danish