Drop keystone dedicated ports

Those historic references to port 5000 and 35357 aren't being used
anymore for some time, so let us drop them.

Clean up some python2/3 wording along the way.

No longer mention Identity API v2, which is also a thing of the past.

Change-Id: Iafff097eee082f24ea2ae27ad038ad115aa36c61
diff --git a/lib/keystone b/lib/keystone
index d4c7b06..29407a0 100644
--- a/lib/keystone
+++ b/lib/keystone
@@ -83,14 +83,10 @@
 
 # Set Keystone interface configuration
 KEYSTONE_AUTH_HOST=${KEYSTONE_AUTH_HOST:-$SERVICE_HOST}
-KEYSTONE_AUTH_PORT=${KEYSTONE_AUTH_PORT:-35357}
-KEYSTONE_AUTH_PORT_INT=${KEYSTONE_AUTH_PORT_INT:-35358}
 KEYSTONE_AUTH_PROTOCOL=${KEYSTONE_AUTH_PROTOCOL:-$SERVICE_PROTOCOL}
 
 # Public facing bits
 KEYSTONE_SERVICE_HOST=${KEYSTONE_SERVICE_HOST:-$SERVICE_HOST}
-KEYSTONE_SERVICE_PORT=${KEYSTONE_SERVICE_PORT:-5000}
-KEYSTONE_SERVICE_PORT_INT=${KEYSTONE_SERVICE_PORT_INT:-5001}
 KEYSTONE_SERVICE_PROTOCOL=${KEYSTONE_SERVICE_PROTOCOL:-$SERVICE_PROTOCOL}
 
 # Bind hosts
@@ -170,22 +166,14 @@
     local keystone_ssl=""
     local keystone_certfile=""
     local keystone_keyfile=""
-    local keystone_service_port=$KEYSTONE_SERVICE_PORT
-    local keystone_auth_port=$KEYSTONE_AUTH_PORT
     local venv_path=""
 
-    if is_service_enabled tls-proxy; then
-        keystone_service_port=$KEYSTONE_SERVICE_PORT_INT
-        keystone_auth_port=$KEYSTONE_AUTH_PORT_INT
-    fi
     if [[ ${USE_VENV} = True ]]; then
         venv_path="python-path=${PROJECT_VENV["keystone"]}/lib/$(python_version)/site-packages"
     fi
 
     sudo cp $FILES/apache-keystone.template $keystone_apache_conf
     sudo sed -e "
-        s|%PUBLICPORT%|$keystone_service_port|g;
-        s|%ADMINPORT%|$keystone_auth_port|g;
         s|%APACHE_NAME%|$APACHE_NAME|g;
         s|%SSLLISTEN%|$keystone_ssl_listen|g;
         s|%SSLENGINE%|$keystone_ssl|g;
@@ -222,21 +210,8 @@
 
     iniset_rpc_backend keystone $KEYSTONE_CONF oslo_messaging_notifications
 
-    local service_port=$KEYSTONE_SERVICE_PORT
-    local auth_port=$KEYSTONE_AUTH_PORT
-
-    if is_service_enabled tls-proxy; then
-        # Set the service ports for a proxy to take the originals
-        service_port=$KEYSTONE_SERVICE_PORT_INT
-        auth_port=$KEYSTONE_AUTH_PORT_INT
-    fi
-
     # Override the endpoints advertised by keystone (the public_endpoint and
-    # admin_endpoint) so that clients use the correct endpoint. By default, the
-    # keystone server uses the public_port and admin_port which isn't going to
-    # work when you want to use a different port (in the case of proxy), or you
-    # don't want the port (in the case of putting keystone on a path in
-    # apache).
+    # admin_endpoint) so that clients use the correct endpoint.
     iniset $KEYSTONE_CONF DEFAULT public_endpoint $KEYSTONE_SERVICE_URI
     iniset $KEYSTONE_CONF DEFAULT admin_endpoint $KEYSTONE_AUTH_URI
 
@@ -270,12 +245,6 @@
 
     iniset $KEYSTONE_CONF credential key_repository "$KEYSTONE_CONF_DIR/credential-keys/"
 
-    # Configure the project created by the 'keystone-manage bootstrap' as the cloud-admin project.
-    # The users from this project are globally admin as before, but it also
-    # allows policy changes in order to clarify the adminess scope.
-    #iniset $KEYSTONE_CONF resource admin_project_domain_name Default
-    #iniset $KEYSTONE_CONF resource admin_project_name admin
-
     if [[ "$KEYSTONE_SECURITY_COMPLIANCE_ENABLED" = True ]]; then
         iniset $KEYSTONE_CONF security_compliance lockout_failure_attempts $KEYSTONE_LOCKOUT_FAILURE_ATTEMPTS
         iniset $KEYSTONE_CONF security_compliance lockout_duration $KEYSTONE_LOCKOUT_DURATION
@@ -510,14 +479,6 @@
 
 # start_keystone() - Start running processes
 function start_keystone {
-    # Get right service port for testing
-    local service_port=$KEYSTONE_SERVICE_PORT
-    local auth_protocol=$KEYSTONE_AUTH_PROTOCOL
-    if is_service_enabled tls-proxy; then
-        service_port=$KEYSTONE_SERVICE_PORT_INT
-        auth_protocol="http"
-    fi
-
     if [ "$KEYSTONE_DEPLOY" == "mod_wsgi" ]; then
         enable_apache_site keystone
         restart_apache_server
@@ -526,23 +487,13 @@
     fi
 
     echo "Waiting for keystone to start..."
-    # Check that the keystone service is running. Even if the tls tunnel
-    # should be enabled, make sure the internal port is checked using
-    # unencryted traffic at this point.
-    # If running in Apache, use the path rather than port.
-
+    # Check that the keystone service is running.
     local service_uri=$auth_protocol://$KEYSTONE_SERVICE_HOST/identity/v$IDENTITY_API_VERSION/
 
     if ! wait_for_service $SERVICE_TIMEOUT $service_uri; then
         die $LINENO "keystone did not start"
     fi
 
-    # Start proxies if enabled
-    if is_service_enabled tls-proxy; then
-        start_tls_proxy keystone-service '*' $KEYSTONE_SERVICE_PORT $KEYSTONE_SERVICE_HOST $KEYSTONE_SERVICE_PORT_INT
-        start_tls_proxy keystone-auth '*' $KEYSTONE_AUTH_PORT $KEYSTONE_AUTH_HOST $KEYSTONE_AUTH_PORT_INT
-    fi
-
     # (re)start memcached to make sure we have a clean memcache.
     restart_service memcached
 }
@@ -561,11 +512,9 @@
 # This function uses the following GLOBAL variables:
 # - ``KEYSTONE_BIN_DIR``
 # - ``ADMIN_PASSWORD``
-# - ``IDENTITY_API_VERSION``
+# - ``KEYSTONE_AUTH_URI``
 # - ``REGION_NAME``
-# - ``KEYSTONE_SERVICE_PROTOCOL``
-# - ``KEYSTONE_SERVICE_HOST``
-# - ``KEYSTONE_SERVICE_PORT``
+# - ``KEYSTONE_SERVICE_URI``
 function bootstrap_keystone {
     $KEYSTONE_BIN_DIR/keystone-manage bootstrap \
         --bootstrap-username admin \