identity: write db_sync logging with keystone user

When bootstrapping cloud::identity, the DB is populated with
keystone-manage and tries to write logs in /var/log/keystone as root
user by default.
The problem is that if we don't use syslog, keystone won't be able to
start because of permissions issues, because Keystone can't write in
keystone.log who belongs to root user.

We should use 'keystone' user to run the command.
Signed-off-by: Emilien Macchi <emilien.macchi@enovance.com>

manifests/identity.pp

@@ -558,7 +558,9 @@ class cloud::identity (
   # We have to do this only on the primary node of the galera cluster to avoid race condition
   # https://github.com/enovance/puppet-openstack-cloud/issues/156
   exec {'keystone_db_sync':
-    command => '/usr/bin/keystone-manage db_sync',
+    command => 'keystone-manage db_sync',
+    path    => '/usr/bin',
+    user    => 'keystone',
     unless  => "/usr/bin/mysql keystone -h ${keystone_db_host} -u ${encoded_user} -p${encoded_password} -e \"show tables\" | /bin/grep Tables"
   }
 

spec/classes/cloud_identity_spec.rb

@@ -118,7 +118,9 @@ describe 'cloud::identity' do
 
     it 'checks if Keystone DB is populated' do
       should contain_exec('keystone_db_sync').with(
-        :command => '/usr/bin/keystone-manage db_sync',
+        :command => 'keystone-manage db_sync',
+        :path    => '/usr/bin',
+        :user    => 'keystone',
         :unless  => '/usr/bin/mysql keystone -h 10.0.0.1 -u keystone -psecrete -e "show tables" | /bin/grep Tables'
       )
     end