Add variable to control cinder backups

Heat has a `backups_enabled` configuration parameter that controls
whether heat will attempt to use cinder's backup service:

  https://review.openstack.org/#/c/332851/

By default, this feature is enabled in heat, but heat doesn't have
any idea if the feature is enabled in cinder. If the backup service
is disabled in cinder but enabled in heat, deployers may create
undeletable stacks.

This patch adds a new variable, `heat_cinder_backups_enabled` that
controls heat's ability to use cinder's backup service. It is
disabled by default (to match the backup service configuration in
the cinder role, which is also disabled by default).

Closes-Bug: 1650035
Change-Id: I3875cc34ec92ba588d995a6d9c0341977a408ad7

defaults/main.yml

@@ -89,6 +89,9 @@ heat_max_nested_stack_depth: 5
 heat_deferred_auth_method: trusts
 heat_trusts_delegated_roles: []
 
+## Cinder backups
+heat_cinder_backups_enabled: false
+
 # osprofiler
 heat_profiler_enabled: false
 heat_profiler_trace_sqlalchemy: false

releasenotes/notes/cinder-backups-e615607a558248cd.yaml

@@ -0,0 +1,10 @@
+---
+features:
+  - |
+    Deployers can set ``heat_cinder_backups_enabled`` to enable or disable
+    the cinder backups feature in heat. If heat has cinder backups enabled,
+    but cinder's backup service is disabled, newly built stacks will be
+    undeletable.
+
+    The ``heat_cinder_backups_enabled`` variable is set to ``false`` by
+    default.

templates/heat.conf.j2

@@ -112,3 +112,9 @@ auth_url = {{ keystone_service_adminurl }}
 user_domain_id = {{ heat_service_trustee_user_domain_id }}
 username = {{ heat_service_trustee_user_name }}
 password = {{ heat_service_trustee_password }}
+
+[volumes]
+# Indicate if cinder-backup service is enabled. This is a temporary workaround
+# until cinder-backup service becomes discoverable, see LP#1334856. (boolean
+# value)
+backups_enabled = {{ heat_cinder_backups_enabled }}