This addresses the ansible aspects of fernet key bootstrapping as
well as distributed key rotation.

- Bootstrapping is handled in the same way as keystone bootstrap.
- A new keystone-fernet and keystone-ssh container is created to allow
  the nodes to communicate with each other (taken from nova-ssh).
- The keystone-fernet is a keystone container with crontab installed.
  This will handle key rotations through keystone-manage and trigger
  an rsync to push new tokens to other nodes.
- Key rotation is setup to be balanced across the keystone nodes using
  a round-robbin style. This ensures that any node failures will not
  stop the keys from rotating. This is configured by a desired token
  expiration time which then determines the cron scheduling for each
  node as well as the number of fernet tokens in rotation.
- Ability for recovered node to resync with the cluster. When a node
  starts it will run sanity checks to ensure that its fernet tokens
  are not stale. If they are it will rsync with other nodes to ensure
  its tokens are up to date.

The Docker component is implemented in:
  https://review.openstack.org/#/c/349366

Change-Id: I15052c25a1d1149d364236f10ced2e2346119738
Implements: blueprint keystone-fernet-token

Change-Id: Ifbfd85ae44985049fdfb73a90078893511f0beab

Signed-off-by: Jeffrey Zhang <jeffrey.zhang@99cloud.net>
Closes-Bug: #1616349
Change-Id: I82a245474392d22017faf30fa89d6dc5e01ab2c2

TrivialFix

Change-Id: If5221d695bf966b4de57b4f3f7bfe1eeeb4199ff

The kolla-toolbox container contains ansible which has the mysql_db
module which helps on various mysql tasks such as db creation. The
mysql_db module requires certain mysql binaries in order to accomplish
tasks such as restoring a database from a dump.

This change adds those client libraries which weren't previously
included in the container.

Change-Id: I6516838381bf9327c8901fc4c32ebd5151fb053f
Signed-off-by: Stephan Michaud <michauds90@gmail.com>
Closes-Bug: #1616155

1.remove the # - it makes copy and paste very difficult
2.change "ubuntu" to "Ubuntu"
3.add "Restart docker by executing the following commands: "

TrivialFix
Change-Id: I0192d9fd7f597b0e2dc8d26d4fe5ba8b32483ce0

1、As mentioned in [1], we should avoid using six.iteritems/keys
   achieve iterators. We can use dict.items/keys instead, as it
   will return iterators in PY3 as well. And dict.items/keys will
   more readable.
2、In py2, the performance about list should be negligible,
   see the link [2].

  [1] https://wiki.openstack.org/wiki/Python3
  [2] http://lists.openstack.org/pipermail/openstack-dev/
      2015-June/066391.html

TrivialFix.

Change-Id: I0cbe8af3210233a58d25f0df187c3d085405aa2a

In ansible/roles/iscsi/tasks/pull.yml, there are references to
'iscsi', which should be 'iscsid' instead.  This patchset
fixes this typo.

Change-Id: Id2c31bf69556ec8dcf66cc1d32d2bfe77f02367b
Closes-bug: #1602566

Use a fixed and released Ansible version to keep stability.

Change-Id: I885816d85249b15be91b5a101718a05841a20c18
Closes-Bug: #1615350

Disable the log propagate for all logger is bad.

TrivialFix

Change-Id: I5e9a3356c7a34710ac2c020fa32370b5172411d2

Change-Id: I402fdf7d24071cf85c9bb5ca839cff785e69e08e

local_settings.j2 is out of date, sync with the horizon

TrivialFix

Change-Id: I4771452504a7f0caeeac7b8801dcc2350e70b6ca

There were some problems in the documentaiton that
prevented tox -e docs from working.  Also changed
attention to WARNING since attention was not as eye-grabbing
as I'd hoped during a previous review.

Change-Id: I2b661afa2cd4a4331bbcc99240d3e127a5d94a11

Upgrade Ubuntu base image to Xenial

Closes-Bug: #1593599
Change-Id: I5832a729a9a4fa73c02442047c92ba088ce20db3

In CI environment, MySQL-python wheel package has a wrong _mysql.so
file, which is not compatible with Ubuntu.

Disable wheel index in the CI for pip.

Closes-Bug: #1615231
Change-Id: I127ebb017e09a5bf245e0fdad9bf052203e68e55

TrivialFix

Change-Id: Ib2474257554e0b294bc39a658108326fcbbdbe58

Related-Bug: #1577194

Change-Id: Idad2a78d3b4251a321c1a05b435bff4625d5fe56

The location for the Kolla configurations in the workflow for evaluation
needs to be fixed correctly to /usr/share/kolla/etc_examples

This was brought up on IRC -
http://eavesdrop.openstack.org/irclogs/%23openstack-kolla/%23openstack-kolla.2016-08-18.log.html#t2016-08-18T21:02:18

Change-Id: Ie9f651308a7b51cfd3ad1c617637bab1b5cc568e