Add tls support to firehose

This commit adds the necessary configuration to pass the tls certs
to the puppet-mosquitto module to configure 2 tls enabled ports on
the mosquitto server.

Change-Id: I128b2bb5d061794746bedd7541988c65abcaafff
Depends-On: I7c77285e347d8c1b2c3318360258246b78f885a8

manifests/site.pp

@@ -468,7 +468,7 @@ node /^elasticsearch0[1-7]\.openstack\.org$/ {
 # Node-OS: xenial
 node /^firehose\d+\.openstack\.org$/ {
   class { 'openstack_project::server':
-    iptables_public_tcp_ports => [22, 80, 1883],
+    iptables_public_tcp_ports => [22, 80, 1883, 8080, 8883],
     sysadmins                 => hiera('sysadmins', []),
   }
   class { 'openstack_project::firehose':
@@ -476,6 +476,9 @@ node /^firehose\d+\.openstack\.org$/ {
     gerrit_public_key   => hiera('germqtt_gerrit_ssh_public_key'),
     gerrit_private_key  => hiera('germqtt_gerrit_ssh_private_key'),
     mqtt_password       => hiera('mqtt_service_user_password'),
+    ca_file             => hiera('mosquitto_tls_ca_file'),
+    cert_file           => hiera('mosquitto_tls_server_cert_file'),
+    key_file            => hiera('mosquitto_tls_server_key_file'),
   }
 }
 

modules/openstack_project/manifests/firehose.pp

@@ -22,11 +22,18 @@ class openstack_project::firehose (
   $mqtt_hostname = 'firehose01.openstack.org',
   $mqtt_password,
   $mqtt_username = 'infra',
+  $ca_file,
+  $cert_file,
+  $key_file,
 ) {
   include mosquitto
   class {'mosquitto::server':
     infra_service_username => $mqtt_username,
     infra_service_password => $mqtt_password,
+    enable_tls             => true,
+    ca_file                => $ca_file,
+    cert_file              => $cert_file,
+    key_file               => $key_file,
   }
 
   include germqtt