This patch reverts the revert of Redis TLS [1], and fixes the
encryption of Redis replication traffic for HA deployments.
In order to encrypt replication traffic, Redis is configured to
drive outgoing replication traffic to a stunnel endpoint on
<localhost:port_xxx>. Stunnel then manages the encryption up to
the peer Redis master.
Likewise, slave Redis nodes advertise themselves as coming from
<localhost:port_yyy> in order to let the Master initiate connection
the Slave over its own stunnel endpoint, should it needs to.
Each redis node is assigned a unique replication port, and has
dedicated stunnels to each one of its peer. This port mapping
info is used by the redis resource agent to manage A/P failover.
The regular Redis port is unchanged, so Redis clients (OpenStack
services, HAproxy, CLI, firewall) are not impacted by this change.
Only SELinux needs to be adapted.
[1] I37501c4c983c87e3a38841272eb176ebbe626a65
Change-Id: I6cc818973fab25b4cd6f7a0d040aaa05a35c5bb1
Related-bug: #1737707