Comment 1 for bug 1724691

Project scoped auth don't have access to list-projects and list-domains.
Api-server do list-domains during initialization.

So when project scoped auth parameters are used in contrail-keystone-auth.conf api-server is in initializing state.

Solutions:

1. Use domain scope auth parameters in contrail-keystone-auth.conf instead of project scope.

contrail-keystone-auth.conf
-----------------------------
[KEYSTONE]
auth_url=https://keystoneIp:35357/v3
auth_host=<keystoneIp>
auth_protocol=https
auth_port=35357
admin_user=admin
admin_password=c0ntrail123
admin_tenant_name=admin
memcache_servers=127.0.0.1:11211
insecure=False
certfile=/etc/contrail/ssl/certs/keystone.pem
keyfile=/etc/contrail/ssl/certs/keystone.pem
cafile=/etc/contrail/ssl/certs/keystone_ca.pem
auth_type = password
user_domain_name = Default
domain_name = Default <<<<<<<<< Domain scope auth

2. Use project scoped auth parameters in contrail-keystone-auth.conf, also set admin_project_name and admin_project_domain_name in [resource] section of keystone.conf

contrail-keystone-auth.conf
-----------------------------
[KEYSTONE]
auth_url=https://keystoneIp:35357/v3
auth_host=<keystoneIp>
auth_protocol=https
auth_port=35357
admin_user=admin
admin_password=c0ntrail123
admin_tenant_name=admin
memcache_servers=127.0.0.1:11211
insecure=False
certfile=/etc/contrail/ssl/certs/keystone.pem
keyfile=/etc/contrail/ssl/certs/keystone.pem
cafile=/etc/contrail/ssl/certs/keystone_ca.pem
auth_type = password
user_domain_name = Default
project_domain_name = Default <<<<< Project scope auth

keystone.conf
---------------
[resource]
admin_project_domain_name = Default <<<<<
#admin_project_name = admin <<<<<