Enable TLS in the internal networkf or Mysql

This adds the necessary hieradata for enabling TLS for MySQL (which
happens to run on the internal network). It also adds a template so
this can be done via certmonger. As with other services, this will
fill the necessary specs for the certificate to be requested in a
hash that will be consumed in puppet-tripleo.

Note that this only enables that we can now use TLS, however, we still
need to configure the services (or limit the users the services use)
to only connect via SSL. But that will be done in another patch, as
there is some things that need to land before we can do this (changes
in puppetlabs-mysql and puppet-openstacklib).

Change-Id: I71e1d4e54f2be845f131bad7b8db83498e21c118
Depends-On: I7275e5afb3a6550cf2abbb9a8007dedb62ada4b4

1 files changed, 1 insertions, 0 deletions

diff --git a/overcloud-resource-registry-puppet.j2.yaml b/overcloud-resource-registry-puppet.j2.yaml
index 19766ad8..aaf9ac0f 100644
--- a/overcloud-resource-registry-puppet.j2.yaml
+++ b/overcloud-resource-registry-puppet.j2.yaml
@@ -125,6 +125,7 @@ resource_registry:
   OS::TripleO::Services::HeatEngine: puppet/services/heat-engine.yaml
   OS::TripleO::Services::Kernel: puppet/services/kernel.yaml
   OS::TripleO::Services::MySQL: puppet/services/database/mysql.yaml
+  OS::TripleO::Services::MySQLTLS: OS::Heat::None
   OS::TripleO::Services::NeutronDhcpAgent: puppet/services/neutron-dhcp.yaml
   OS::TripleO::Services::NeutronL3Agent: puppet/services/neutron-l3.yaml
   OS::TripleO::Services::NeutronMetadataAgent: puppet/services/neutron-metadata.yaml