Use public interface for Magnum client and trustee Keystone interface

While all other clients should use internalURL, the Magnum client itself
and Keystone interface for trustee credentials should be publicly
accessible (upstream default when no config is specified) since
instances need to be able to reach them.

Closes-Bug: #1885420
Change-Id: I74359cec7147a80db24eb4aa4156c35d31a026bf
(cherry picked from commit 78bb594264)

ansible/roles/magnum/templates/magnum.conf.j2

@@ -25,7 +25,7 @@ default_docker_volume_type = {{ default_docker_volume_type }}
 
 [magnum_client]
 region_name = {{ openstack_region_name }}
-endpoint_type = internalURL
+endpoint_type = publicURL
 
 [heat_client]
 region_name = {{ openstack_region_name }}
@@ -85,6 +85,7 @@ trustee_domain_admin_password = {{ magnum_keystone_password }}
 trustee_domain_admin_name = {{ magnum_trustee_domain_admin }}
 trustee_domain_name = {{ magnum_trustee_domain }}
 trustee_keystone_region_name = {{ openstack_region_name }}
+trustee_keystone_interface = public
 cluster_user_trust = {{ enable_cluster_user_trust }}
 
 [oslo_concurrency]

releasenotes/notes/clients-in-magnum-use-internalURL-af3ad82af71a88c6.yaml

@@ -1,7 +1,6 @@
 ---
 fixes:
   - |
-    In line with clients for other services used by Magnum, it now uses
-    endpoint_type = internalURL also for Magnum itself, Cinder and Octavia
-    clients. In the same tune, these services also use the globally defined
-    `openstack_region_name`.
+    In line with clients for other services used by Magnum, Cinder and Octavia
+    also use endpoint_type = internalURL. In the same tune, these services also
+    use the globally defined `openstack_region_name`.