diff --git a/ansible/roles/nova/defaults/main.yml b/ansible/roles/nova/defaults/main.yml
index 1ab5eb0cfc..71ad943480 100644
--- a/ansible/roles/nova/defaults/main.yml
+++ b/ansible/roles/nova/defaults/main.yml
@@ -252,7 +252,7 @@ nova_pool_pgp_num: "{{ ceph_pool_pgp_num }}"
 nova_hw_disk_discard: "unmap"
 
 ceph_client_nova_keyring_caps:
-  mon: 'allow r'
+  mon: 'allow r, allow command "osd blacklist"'
   osd: >-
     allow class-read object_prefix rbd_children,
     allow rwx pool={{ ceph_cinder_pool_name }},