keystone: rotate fernet keys every 5 minutes

Add fernet keys rotations to our testing.

- Rotate keys every 5 minutes
- Maintain tokens valid 10 minutes
- Keep 4 active keys: (token_expiration / rotation_frequency) +2
  10 / 2 + 2 = 4

The frequencies are very short but that way we can have a real scenario
of fernet keys rotations in our CI jobs where Tempest runs during ~15
minutes.

See example on:
https://docs.openstack.org/admin-guide/identity-fernet-token-faq.html

Change-Id: I3d4133ee3a0e3dc52586a6d671d7ef85a9e886d0
Depends-On: I125e81d8cd130fadb8271f1b7bcdcf9794c79f47

manifests/keystone.pp

@@ -34,6 +34,10 @@ class openstack_integration::keystone (
 
   if $token_provider == 'fernet' {
     $enable_fernet_setup = true
+    class { '::keystone::cron::fernet_rotate':
+      hour   => '*',
+      minute => '*/5',
+    }
   } else {
     $enable_fernet_setup = false
   }
@@ -67,6 +71,8 @@ class openstack_integration::keystone (
     token_provider          => $token_provider,
     enable_fernet_setup     => $enable_fernet_setup,
     enable_credential_setup => $enable_credential_setup,
+    fernet_max_active_keys  => '4',
+    token_expiration        => '600',
   }
   include ::apache
   class { '::keystone::wsgi::apache':