scenario003: enable SSL by default

This patch enables SSL by default on scenario003 for both Ubuntu &
CentOS7, like it's done for scenario001 and 002.

Note: we don't enable SSL for Sahara because of:
https://bugs.launchpad.net/sahara/+bug/1565082

Change-Id: I7e25b8acaeda2fc51a1a83b3a3aae0c89f332323

manifests/heat.pp

@@ -1,5 +1,8 @@
 class openstack_integration::heat {
 
+  include ::openstack_integration::config
+  include ::openstack_integration::params
+
   rabbitmq_user { 'heat':
     admin    => true,
     password => 'an_even_bigger_secret',
@@ -14,12 +17,28 @@ class openstack_integration::heat {
     require              => Class['::rabbitmq'],
   }
 
+  if $::openstack_integration::config::ssl {
+    openstack_integration::ssl_key { 'heat':
+      require => Package['heat-common'],
+    }
+    $key_file = "/etc/heat/ssl/private/${::fqdn}.pem"
+    $crt_file = $::openstack_integration::params::cert_path
+    File[$key_file] ~> Service<| tag == 'heat-service' |>
+    Exec['update-ca-certificates'] ~> Service<| tag == 'heat-service' |>
+  } else {
+    $key_file = undef
+    $crt_file = undef
+  }
+
   class { '::heat':
     rabbit_userid       => 'heat',
     rabbit_password     => 'an_even_bigger_secret',
-    rabbit_host         => '127.0.0.1',
+    rabbit_host         => $::openstack_integration::config::ip_for_url,
+    rabbit_use_ssl      => $::openstack_integration::config::ssl,
+    rabbit_port         => $::openstack_integration::config::rabbit_port,
     database_connection => 'mysql+pymysql://heat:heat@127.0.0.1/heat?charset=utf8',
-    identity_uri        => 'http://127.0.0.1:35357/',
+    identity_uri        => $::openstack_integration::config::keystone_auth_uri,
+    auth_uri            => $::openstack_integration::config::keystone_admin_uri,
     keystone_password   => 'a_big_secret',
     debug               => true,
     verbose             => true,
@@ -30,6 +49,9 @@ class openstack_integration::heat {
   class { '::heat::keystone::auth':
     password                  => 'a_big_secret',
     configure_delegated_roles => true,
+    public_url                => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
+    internal_url              => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
+    admin_url                 => "${::openstack_integration::config::base_url}:8004/v1/%(tenant_id)s",
   }
   class { '::heat::keystone::domain':
     domain_password => 'oh_my_no_secret',
@@ -37,16 +59,28 @@ class openstack_integration::heat {
   Keystone_user_role['heat_admin::heat@::heat'] -> File['/root/openrc']
   class { '::heat::client': }
   class { '::heat::api':
-    workers => '2',
+    workers   => '2',
+    use_ssl   => $::openstack_integration::config::ssl,
+    cert_file => $crt_file,
+    key_file  => $key_file,
   }
   class { '::heat::engine':
-    auth_encryption_key => '1234567890AZERTYUIOPMLKJHGFDSQ12',
+    auth_encryption_key           => '1234567890AZERTYUIOPMLKJHGFDSQ12',
+    heat_metadata_server_url      => "${::openstack_integration::config::base_url}:8000",
+    heat_waitcondition_server_url => "${::openstack_integration::config::base_url}:8000/v1/waitcondition",
+    heat_watch_server_url         => "${::openstack_integration::config::base_url}:8003",
   }
   class { '::heat::api_cloudwatch':
-    workers => '2',
+    workers   => '2',
+    use_ssl   => $::openstack_integration::config::ssl,
+    cert_file => $crt_file,
+    key_file  => $key_file,
   }
   class { '::heat::api_cfn':
-    workers => '2',
+    workers   => '2',
+    use_ssl   => $::openstack_integration::config::ssl,
+    cert_file => $crt_file,
+    key_file  => $key_file,
   }
 
 }