Join a tenant's network

Manila needs to have a way for tenants/users to provide the needed details to create a storage server that integrates with the tenant network and its security services.

Assumptions:
1) Tenants may have more than 1 security domain each
2) Each security domain is specific to one tenant -- there can be no sharing of filesystems across tenants unless the tenants share significant infrastructure between them
3) The server(s) providing the storage may have multiple network interfaces connected to multiple physical switch ports.

I propose that we add a new API called "setup-network" (name subject to change) which does the following:
Inputs:
* Network protocol (nfs, cifs, other)
* Security params relevant to the protocol
  * NFS: DNS IP, Kerberos Server, LDAP Server, Kerberos domain, LDAP domain, Kerberos account, Kerberos password
  * CIFS: DNS IP, AD Server, AD Domain, Admin account, Admin password
Outputs:
* UUID identifying the created network
Errors:
* Invalid network protocol
* Missing required security params
Description:
This API creates a row in a database table to store the details the tenant passed in. The row is assigned a new UUID which is returned to the caller. The row stores the tenant's ID as well as the inputs supplied. TBD: should we create the "virtual server" immediately so that we can check the validity of the supplied security parameters or just save them so we can create the virtual server just in time?

We would also change the share-create API to require that the client passes in the UUID of a previously created network, and the share would only be accessible to members of that tenant network from then on. Whether we create virtual servers immediately when the "network-setup" APIs is called or not, it's still possible that the share-create API would need to create an additional virtual server in situations where space runs out on all previously created virtual servers. This will add additional failure modes to the share-create API and increase the complexity of that API.

The process of actually creating a "virtual server" will need to involve the following steps:
1) The manila backend decides how many IPs it wants. This could be 1 for a simple virtual server or possibly 8 or more for a storage cluster.
2) Manila asks neutron to provide the IPs on the tenant network using the stored tenant ID.
3) Neutron returns the IPs, along with netmask, gateway IP, and VLAN number to manila.
4) The manila backend creates "virtual NICs" using the given IPs and returns the MAC addresses of the VLAN trunk interfaces.
5) Manila asks neutron to connect the trunk interfaces to the tenant network by supplying the MAC addresses.
6) The manila backend configures the server for the appropriate storage protocol using the stored security params. Any connectivity problems will be detected at this point.

Most of the above changes can be implemented inside the drivers themselves with a significant amount of shared code between the drives (basically everything that talks to neutron).