Keystone/multiple-datastores

Problem Description
Currently, Keystone supports one RDBMS and one LDAP server for all backends.

In the case of LDAP, we have a request to support one back-end per domain.

For RDBMS, we may want to user a different user, or even a different server, for a high volume back-end like tokens versus the Identity or other back-ends which are more read-heavy.

Design
Each Data store becomes a named object in the Python global namespace. It is created based on a configuration file.

Create a subdirectory /etc/keystone/data for each data store, have a key value pairing to configure it, based on the values from the current config file:

example: token.conf
 * name = token-sql
 * type = sql
 * url = postgresql://keystone:keystone@localhost/keystone?client_encoding=utf8

example identity.conf For Simple Bind
 * name = identity-simple
 * type = ldap
 * url = ldap://localhost
 * user = dc=Manager,dc=openstack,dc=org
 * password = test

example identity.conf for GSSAPI
 * name = identity-gss
 * type = ldap
 * url = ldaps://ldap.openstack.org
 * user = dc=Manager,dc=openstack,dc=org
 * sasl = mech=GSSAPI

Then, the keystone config file, the name from above would be bound to the backend. For example.


 * [identity]
 * driver = keystone.identity.backends.ldap.Identity
 * source = data.identity-gss

or


 * [identity]
 * driver = keystone.identity.backends.sql.Identity
 * source = data.token-sql