Use Internal API by default for Keystone admin endpoint

We have been using ctlplane network by default for Keystone admin
endpoint. The intention was to let undercloud talk with the endpoint to
create resources like endpoints, but that requirement is not true,
since we use tripleo-ansible, which relies on public endpoint, to
create keystone resources.

This change updates the default to internal api network. The ctlplane
network, which is the provisioning network, usually has no redundancy,
and we should not make any of overcloud functionalities rely on this
network if there is no actual requirement to do so.

Closes-Bug: #1959459
Change-Id: I931e4c3c8a081adb144d915410e0d38760466561

environments/updates/update-from-keystone-admin-internal-api.yaml

@@ -1,6 +0,0 @@
-# This environment file provides a default value for ServiceNetMap where
-# Keystone Admin API service is running on the Internal API network
-
-parameter_defaults:
-  ServiceNetMap:
-    KeystoneAdminApiNetwork: internal_api

overcloud-resource-registry-puppet.j2.yaml

@@ -377,7 +377,7 @@ parameter_defaults:
     IronicApiNetwork: ctlplane
     IronicNetwork: ctlplane
     IronicInspectorNetwork: ctlplane
-    KeystoneAdminApiNetwork: ctlplane # allows undercloud to config endpoints
+    KeystoneAdminApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
     KeystonePublicApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
     ManilaApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}
     NeutronApiNetwork: {{ _service_nets.get('internal_api', 'ctlplane') }}

releasenotes/notes/change-keystone-admin-network-a29499018c323cea.yaml

@@ -0,0 +1,4 @@
+---
+features:
+  - |
+    Admin endpoint of Keystone listens on Internal API network by default.