List PyPI mirrors as trusted hosts everywhere

Upcoming versions of pip are going to get more and more nasty about
non-SSL index locations. In order to deal with that well, add a global
config file listing our PyPI mirrors as "trusted" - which means
that pip will not complain about their non-SSL qualities.

Change-Id: If9f3cec10d8057631978f7f1d5cd7e4936e163ef

modules/openstack_project/files/pip.conf

@@ -1,2 +1,7 @@
 [global]
-index-url = http://pypi.dfw.openstack.org/simple
+index-url = https://pypi.python.org/simple
+trusted-host =
+  pypi.dfw.openstack.org
+  pypi.iad.openstack.org
+  pypi.ord.openstack.org
+  pypi.region-b.geo-1.openstack.org

modules/openstack_project/manifests/base.pp

@@ -72,6 +72,13 @@ class openstack_project::base(
     provider => pip,
     require  => Class['pip'],
   }
+  file { '/etc/pip.conf':
+    owner   => 'root',
+    group   => 'root',
+    mode    => '0444',
+    source  => 'puppet:///modules/openstack_project/pip.conf',
+    replace => true,
+  }
 
   if ($install_users) {
     package { $::openstack_project::params::user_packages: