Fix broken metadata_settings for redis templates

metadata_settings in docker/services/redis.yaml was returning a list
of two items rather than one as expected. As a result, the compact/
mangedby service principals were not being created by novajoin service.
This results ina permission issue during overcloud deploy as the
`getcert` request will hit a permissions issue during Step2.

Note that this only affects Rocky and earlier branches. The issue was
resolved in Stein when redis service was flattened[1,2].

- Push tls logic into redis-base and consume in child templates.
- Move away from use_tls_proxy to more accurate internal_tls_enabled
- Ensure redis service has both service principals created if internal
  tls is enabled
[1] - https://review.opendev.org/#/c/635930/
[2] - https://review.opendev.org/640944

Change-Id: Ic781905b63a0635b7bd0c7079fa84ca1e7f93989
Partial-bug: #1838679

docker/services/database/redis.yaml

@@ -198,16 +198,6 @@ outputs:
                 - {}
       metadata_settings:
         get_attr: [RedisBase, role_data, metadata_settings]
-        if:
-          - internal_tls_enabled
-          -
-            - service: redis
-              network: {get_param: [ServiceNetMap, RedisNetwork]}
-              type: vip
-            - service: redis
-              network: {get_param: [ServiceNetMap, RedisNetwork]}
-              type: node
-          - null
       host_prep_tasks:
         - name: create persistent directories
           file:

puppet/services/database/redis-base.yaml

@@ -47,7 +47,7 @@ parameters:
     type: boolean
 
 conditions:
-  use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+  internal_tls_enabled: {equals : [{get_param: EnableInternalTLS}, true]}
   redis_ipv6: {get_param: RedisIPv6}
 
 outputs:
@@ -69,7 +69,7 @@ outputs:
         # proxy in front.
         redis::bind:
           if:
-          - use_tls_proxy
+          - internal_tls_enabled
           - if:
             - redis_ipv6
             - '::1'
@@ -85,7 +85,7 @@ outputs:
         redis::sentinel::notification_script: '/usr/local/bin/redis-notifications.sh'
         redis::sentinel::sentinel_bind:
           if:
-          - use_tls_proxy
+          - internal_tls_enabled
           - if:
             - redis_ipv6
             - '::1'
@@ -96,3 +96,14 @@ outputs:
               params:
                 $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
         redis::ulimit: {get_param: RedisFDLimit}
+      metadata_settings:
+        if:
+          - internal_tls_enabled
+          -
+            - service: mysql
+              network: {get_param: [ServiceNetMap, MysqlNetwork]}
+              type: vip
+            - service: mysql
+              network: {get_param: [ServiceNetMap, MysqlNetwork]}
+              type: node
+          - null

puppet/services/database/redis.yaml

@@ -35,7 +35,7 @@ parameters:
     default: false
 
 conditions:
-  use_tls_proxy: {equals : [{get_param: EnableInternalTLS}, true]}
+  internal_tls_enabled: {equals : [{get_param: EnableInternalTLS}, true]}
 
 resources:
 
@@ -77,7 +77,7 @@ outputs:
                   $NETWORK: {get_param: [ServiceNetMap, RedisNetwork]}
             tripleo::profile::base::database::redis::tls_proxy_port: 6379
           - if:
-            - use_tls_proxy
+            - internal_tls_enabled
             - tripleo::redis::service_certificate: '/etc/pki/tls/certs/redis.crt'
               redis_certificate_specs:
                 service_certificate: '/etc/pki/tls/certs/redis.crt'
@@ -97,13 +97,7 @@ outputs:
       step_config: |
         include ::tripleo::profile::base::database::redis
       metadata_settings:
-        if:
+        get_attr: [RedisBase, role_data, metadata_settings]
-          - use_tls_proxy
-          -
-            - service: redis
-              network: {get_param: [ServiceNetMap, RabbitmqNetwork]}
-              type: vip
-          - null
       upgrade_tasks:
         - name: Check if redis is deployed
           command: systemctl is-enabled redis