Allow specifying the keystone token provider

The new default for mitaka+ is fernet tokens which not all
container images support.  This allows the operator to
specify the token provider, allowing uuid token usage in
images which is required until the infrastructure to setup
and distribute fernet keys is created.

keystone/templates/etc/_keystone.conf.tpl

@@ -1,5 +1,5 @@
 [DEFAULT]
-debug = {{ .Values.misc.debug }}
+debug = {{ .Values.api.default.debug }}
 use_syslog = False
 use_stderr = True
 
@@ -10,6 +10,9 @@ max_retries = -1
 [memcache]
 servers = {{ include "memcached_host" . }}:11211
 
+[token]
+provider = {{ .Values.api.token.provider }}
+
 [cache]
 backend = dogpile.cache.memcached
 memcache_servers = {{ include "memcached_host" . }}:11211

keystone/values.yaml

@@ -31,6 +31,12 @@ keystone:
   admin_password: password
   admin_project_name: admin
 
+api:
+  default:
+    debug: false
+  token:
+    provider: uuid
+
 network:
   port:
     admin: 35357
@@ -52,9 +58,6 @@ database:
   keystone_password: password
   keystone_user: keystone
 
-misc:
-  debug: false
-
 dependencies:
   api:
     jobs: