Disable UCA keystone apache2 site early

If the chef-client fails between keystone package installation and the
disabling of the default keystone config file from UCA package, then
apache2 may end up with conflicting site configurations trying to bind
to the same port.

Change-Id: Ib52a4d5195f9ef8d7caa8478c8293fe894624ee5
(cherry picked from commit ebfa5bbdb5)

metadata.rb

@@ -4,7 +4,7 @@ maintainer_email 'openstack-dev@lists.openstack.org'
 license          'Apache-2.0'
 description      'The OpenStack Identity service Keystone.'
 long_description IO.read(File.join(File.dirname(__FILE__), 'README.md'))
-version          '17.1.0'
+version          '17.1.1'
 
 %w(ubuntu redhat centos).each do |os|
   supports os

recipes/server-apache.rb

@@ -103,6 +103,12 @@ service 'keystone' do
   action [:stop, :disable]
 end
 
+# disable default keystone config file from UCA package
+apache_site 'keystone' do
+  enable false
+  only_if { platform_family?('debian') }
+end
+
 # create the keystone config directory and set correct permissions
 directory '/etc/keystone' do
   owner keystone_user
@@ -302,12 +308,6 @@ web_app 'identity' do
   ciphers node['openstack']['identity']['ssl']['ciphers']
 end
 
-# disable default keystone config file from UCA package
-apache_site 'keystone' do
-  enable false
-  only_if { platform_family?('debian') }
-end
-
 # Hack until Apache cookbook has lwrp's for proper use of notify
 # restart apache2 after keystone if completely configured
 execute 'Keystone apache restart' do