Enable custom keystone endpoint_type in templates

Allow to specify a custom AUTH_URL for the templates in case instances
cannot reach internalURL which is the case in mose deployment.

A new variable in trust section: trustee_keystone_interface which
default to public for OSA.

Also set magnum_client URL which is passed to instances to publicURL
also, this is similar to what is done with heat which default to
publicURL.

Related to this change: https://review.openstack.org/#/c/455353/

Change-Id: I51bf7615ca91f90b7d998e66327ed1bb662783b6
Partial-Bug: #1643197

releasenotes/notes/magnum-client-urls-64af5efc9ece6680.yaml

@@ -0,0 +1,13 @@
+---
+upgrade:
+  - The magnum client interaction will now make use of the public endpoints by
+    default. Previously this was set to use internal endpoints.
+  - The keystone endpoints for instances spawned by magnum will now be provided
+    with the public endpoints by default. Previously this was set to use
+    internal endpoints.
+security:
+  - The magnum client interaction will now make use of the public endpoints by
+    default. Previously this was set to use internal endpoints.
+  - The keystone endpoints for instances spawned by magnum will now be provided
+    with the public endpoints by default. Previously this was set to use
+    internal endpoints.

templates/magnum.conf.j2

@@ -45,7 +45,7 @@ admin_tenant_name = {{ magnum_service_project_name }}
 admin_password = {{ magnum_service_password }}
 
 [magnum_client]
-endpoint_type = internalURL
+endpoint_type = publicURL
 
 [neutron_client]
 endpoint_type = internalURL
@@ -71,6 +71,7 @@ trustee_domain_admin_password = {{ magnum_trustee_password }}
 trustee_domain_admin_name = {{ magnum_trustee_domain_admin_name }}
 trustee_domain_name = {{ magnum_trustee_domain_name }}
 cluster_user_trust = {{ magnum_cluster_user_trust }}
+trustee_keystone_interface= public
 
 [certificates]
 cert_manager_type = {{ magnum_cert_manager_type }}