Tacker uses OpenStack Barbican for secret keys

Use the OpenStack Barbican component instead of OpenStack Keystone
as secret key handler.
The reason behind is the way that Tacker handles the secret keys of
complex scenarios (specially the scenarios with HA) and how they are
stored or retrieved between different VMs or Blades.

Change-Id: I63d40c5239d2585e8bb7ac3b9338252c9e28c4c6
Signed-off-by: Panagiotis Karalis <pkaralis@intracom-telecom.com>

defaults/main.yml

@@ -129,6 +129,8 @@ tacker_service_publicuri_proto: "{{ openstack_service_publicuri_proto | default(
 tacker_service_adminuri_proto: "{{ openstack_service_adminuri_proto | default(tacker_service_proto) }}"
 tacker_service_internaluri_proto: "{{ openstack_service_internaluri_proto | default(tacker_service_proto) }}"
 
+## Barbican service
+barbican_keys_backend: false
 
 #NOTE:  move password to tests/test-vars.yml
 tacker_service_password: password

templates/tacker.conf.j2

@@ -103,6 +103,7 @@ mgmt_driver = noop,openwrt
 monitor_driver = ping, http_ping
 
 [vim_keys]
+use_barbican = {{ barbican_keys_backend | bool }}
 openstack = {{ tacker_etc_dir }}/vim/fernet_keys
 
 [oslo_messaging_rabbit]