Tie keystone admin API port to what we configure in t-h-t

This only exposes the port that we actually will use for the admin API
port, as well as bonding the actual port to what we configure of the
keystone service (apache and the keystone configuration).

Change-Id: I4b27d774d5ab291340c0a3e537efbb75ed311d49
Closes-Bug: #1746180

puppet/services/keystone.yaml

@@ -378,6 +378,7 @@ outputs:
             keystone::endpoint::admin_url: {get_param: [EndpointMap, KeystoneAdmin, uri_no_suffix]}
             keystone::endpoint::region: {get_param: KeystoneRegion}
             keystone::endpoint::version: ''
+            keystone::admin_port: {get_param: [EndpointMap, KeystoneAdmin, port]}
             keystone_enable_db_purge: {get_param: KeystoneEnableDBPurge}
             keystone::rabbit_heartbeat_timeout_threshold: 60
             keystone::cron::token_flush::maxdelay: 3600
@@ -389,6 +390,7 @@ outputs:
                 value: 'keystone.contrib.ec2.backends.sql.Ec2'
             keystone::service_name: 'httpd'
             keystone::enable_ssl: {get_param: EnableInternalTLS}
+            keystone::wsgi::apache::admin_port: {get_param: [EndpointMap, KeystoneAdmin, port]}
             keystone::wsgi::apache::ssl: {get_param: EnableInternalTLS}
             keystone::wsgi::apache::servername:
               str_replace:
@@ -412,8 +414,7 @@ outputs:
                 dport:
                   - 5000
                   - 13000
-                  - 35357
-                  - 13357
+                  - {get_param: [EndpointMap, KeystoneAdmin, port]}
             keystone::admin_bind_host:
               str_replace:
                 template: