Configure PKI cache dirs

* Configure Cinder, Glance, Keystone, Nova to put cached credentials
  from keystone.auth_token into /var/cache/<service>

It is not obvious to me that having each of these service share a
credentials cache is a good idea.  It does appear to work but this
patch takes the conservative approach of putting each service's cache
in a distinct directory.

More importantly it gets them out of $HOME!

Change-Id: If88088fc287a2f2f4f3e34f6d9be9de3da7ee00d
diff --git a/lib/keystone b/lib/keystone
index 73d82c5..36a0e66 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -32,13 +32,18 @@
 KEYSTONE_DIR=$DEST/keystone
 KEYSTONE_CONF_DIR=${KEYSTONE_CONF_DIR:-/etc/keystone}
 KEYSTONE_CONF=$KEYSTONE_CONF_DIR/keystone.conf
+KEYSTONE_AUTH_CACHE_DIR=${KEYSTONE_AUTH_CACHE_DIR:-/var/cache/keystone}
 
 KEYSTONECLIENT_DIR=$DEST/python-keystoneclient
 
-# Select the backend for Keystopne's service catalog
+# Select the backend for Keystone's service catalog
 KEYSTONE_CATALOG_BACKEND=${KEYSTONE_CATALOG_BACKEND:-sql}
 KEYSTONE_CATALOG=$KEYSTONE_CONF_DIR/default_catalog.templates
 
+# Select Keystone's token format
+# Choose from 'UUID' and 'PKI'
+KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
+
 # Set Keystone interface configuration
 KEYSTONE_API_PORT=${KEYSTONE_API_PORT:-5000}
 KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
@@ -47,7 +52,6 @@
 KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
 KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
 KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-http}
-KEYSTONE_TOKEN_FORMAT=${KEYSTONE_TOKEN_FORMAT:-PKI}
 
 
 # Entry Points
@@ -147,8 +151,14 @@
     # Initialize keystone database
     $KEYSTONE_DIR/bin/keystone-manage db_sync
 
-    # Set up certificates
-    $KEYSTONE_DIR/bin/keystone-manage pki_setup
+    if [[ "$KEYSTONE_TOKEN_FORMAT" == "PKI" ]]; then
+        # Set up certificates
+        $KEYSTONE_DIR/bin/keystone-manage pki_setup
+
+        # Create cache dir
+        sudo mkdir -p $KEYSTONE_AUTH_CACHE_DIR
+        sudo chown `whoami` $KEYSTONE_AUTH_CACHE_DIR
+    fi
 }
 
 # install_keystoneclient() - Collect source and prepare