This change adds a number of new tasks that are dependent on the value
of the Keystone token provider (keystone_token_provider) user variable.
If the keystone_token_provider user_variable is set to
keystone.token.providers.fernet.Provider then the playbooks will
appropriately create the fernet keys and distribute them to the rest of
the keystone containers.
This also implements key rotation for generated fernet keys similar to
how the os_nova roles implement key rotation.
Finally, we also need to build cryptography from master for now.
Currently, 0.8.x and 0.9.x use versions of cffi<1.0 which causes a bug
when used with mod_wsgi and Apache. This is fixed in cryptography master
and will be released in 1.0.
Closes-bug: 1463569
Change-Id: I8605e0490a8889d57c6b1b7e03e078fb0da978ab
ff2ed22c90