Support Keystone Domain specific files

Currently, it is not possible to make use of Keystone Domain
specific settings. Such as different domains using different
LDAP servers or SQL.

To enable for example domain ACME - domain settings would be
put into:
{{ node_custom_config }}keystone/domains/keystone.ACME.conf

Change-Id: I23620978c618dd4a3598d7cb74c3e9cf8c2394ac
Closes-Bug: #1599868
Signed-off-by: Dave Walker (Daviey) <email@daviey.com>

ansible/roles/keystone/tasks/config.yml

 ---
+- name: Check if Keystone Domain specific settings enabled
+  local_action: stat path="{{ node_custom_config }}/keystone/domains"
+  register: keystone_domain_cfg
+
 - name: Ensuring config directories exist
   file:
     path: "{{ node_config_directory }}/{{ item }}"
@@ -7,6 +11,15 @@
   with_items:
     - "keystone"
 
+- name: Creating Keystone Domain directory
+  file:
+    dest: "{{ node_config_directory }}/{{ item }}/domains/"
+    state: "directory"
+  when:
+      keystone_domain_cfg.stat.exists
+  with_items:
+    - "keystone"
+
 - name: Copying over config.json files for services
   template:
     src: "{{ item }}.json.j2"
@@ -29,6 +42,13 @@
   with_items:
     - "keystone"
 
+- name: Copying Keystone Domain specific settings
+  copy:
+    src: "{{ item }}"
+    dest: "{{ node_config_directory }}/keystone/domains/"
+  with_fileglob:
+    - "{{ node_custom_config }}/keystone/domains/*"
+
 - name: Copying over wsgi-keystone.conf
   template:
     src: "wsgi-keystone.conf.j2"

ansible/roles/keystone/templates/keystone.conf.j2

@@ -10,6 +10,12 @@ secure_proxy_ssl_header = HTTP_X_FORWARDED_PROTO
 connection = mysql+pymysql://{{ keystone_database_user }}:{{ keystone_database_password }}@{{ keystone_database_address }}/{{ keystone_database_name }}
 max_retries = -1
 
+{% if keystone_domain_cfg.stat.exists %}
+[identity]
+domain_specific_drivers_enabled = true
+domain_config_dir = /etc/keystone/domains
+{% endif %}
+
 [cache]
 backend = oslo_cache.memcache_pool
 enabled = True

ansible/roles/keystone/templates/keystone.json.j2

@@ -9,6 +9,13 @@
             "owner": "keystone",
             "perm": "0600"
         },
+        {
+            "source": "{{ container_config_directory }}/domains",
+            "dest": "/etc/keystone/domains",
+            "owner": "keystone",
+            "perm": "0600",
+            "optional": true
+        },
         {
             "source": "{{ container_config_directory }}/wsgi-keystone.conf",
             "dest": "/etc/{{ keystone_dir }}/wsgi-keystone.conf",

releasenotes/notes/support-ldap-e678ce5b0a7eaedb.yaml

+---
+features:
+  - LDAP & AD support has been added to the base images, and support
+    for Keystone multidomains config files.