Extract stunnel from openstack-ssl

Other elements may wish to use stunnel, so split its installation and
management into a new element which openstack-ssl (and the other
elements) can have in their element-deps.

Change-Id: Ia2cc793448a20244f781666e3ed1889f85e227c5

elements/openstack-ssl/README.md

@@ -1,4 +1,4 @@
-Install and configure stunnel4 for local services.
+Configure stunnel4 for local services.
 
 Configuration
 -------------

elements/openstack-ssl/element-deps

@@ -0,0 +1 @@
+stunnel

elements/stunnel/README.md

@@ -0,0 +1,27 @@
+Install stunnel4
+
+Configuration
+-------------
+
+None, this is a low-level element. Elements which intend using
+stunnel4 should depend on this and provide their own configuration
+files. By default any file matching /etc/stunnel4/\*.conf will be
+picked up by stunnel.
+
+See the stunnel man page for documentation on configuration etc.
+
+As an example, an element which wanted stunnel to bind to port 443
+externally, and forward traffic to port 80 internally would use a
+config like:
+
+    cert = /etc/ssl/certs/overcloud-servercert.pem
+    key = /etc/ssl/private/overcloud-serverkey.key
+
+    options = NO_SSLv2
+
+    # Clients must have valid certs, according to our CA cert
+    verify = 2
+
+    [rmq-server]
+      accept = {{local-ipv4}}:443
+      connect = 127.0.0.1:80

elements/stunnel/install.d/70-install-stunnel

@@ -30,10 +30,9 @@ PPP_RESTART=0
 EOF
 fi
 
-SCRIPTDIR=$(dirname $0)
-DIB_INIT_SYSTEM=$(dib-init-system)
-
-if [ "$DIB_INIT_SYSTEM" == "systemd" ]; then
-    install -D -g root -o root -m 0755 ${SCRIPTDIR}/stunnel4.service /usr/lib/systemd/system/stunnel4.service
+FILES=$(dirname $0)/../files
+FILE=/usr/lib/systemd/system/stunnel4.service
+if [ "$(dib-init-system)" == "systemd" ]; then
+    install -D -g root -o root -m 0755 "${FILES}${FILE}" "${FILE}"
 fi