Comment 14 for bug 1730631

Reviewed: https://review.opencontrail.org/37343
Committed: http://github.com/Juniper/contrail-ansible/commit/978a5bb448cfe136a83e8e80d0841a1a69237c95
Submitter: Zuul (<email address hidden>)
Branch: R4.1

commit 978a5bb448cfe136a83e8e80d0841a1a69237c95
Author: Ramprakash Ram Mohan <email address hidden>
Date: Wed Nov 8 21:43:07 2017 -0800

metadata ssl configuration support for Ocata

When metadata_ssl_enable is set to 'true' under contrail_4 in the cluster.json,
set the following settings in the nova.conf of the nova_api container:
enabled_ssl_apis= metadata
nova_metadata_protocol = https
nova_metadata_insecure = True
ssl_cert_file = /etc/nova/ssl/certs/nova.pem
ssl_key_file = /etc/nova/ssl/private/novakey.pem
ssl_ca_file = /etc/nova/ssl/certs/ca.pem

Also the following files are copied from the server-manager node to the
openstack node:
1. /etc/contrail_smgr/puppet/ssl/<hostname>.pem as /etc/nova/ssl/certs/nova.pem
2. /etc/contrail_smgr/puppet/ssl/<hostname>-privkey.pem as
/etc/nova/ssl/private/novakey.pem
3. /etc/contrail_smgr/puppet/ssl/ca-cert.pem as /etc/nova/ssl/certs/ca.pem

To enable this, metadata_ssl_enable knob has been added to the
etc/kolla/globals.yml

Change-Id: I45e7448a97dc129d17a5248d7290827b57a95423
Partial-bug: #1730631