This change adds support for SSL to the haproxy role. When
enabled, this implements/upgrades haproxy to v1.5.x from a PPA.
* A new boolean variable called 'haproxy_ssl' enables/disables
the configuration of SSL for the haproxy service.
* A new variable called 'haproxy_ssl_self_signed_subject' has
been implemented to allow the user to override the certificate
properties, such as the CN and subjectAltName.
* A new variable called 'haproxy_cert_regen' has been
implemented to allow the user to regenerate the self-signed
certificate used for the SSL endpoint.
* SSL will only be enabled for a load balanced service if
haproxy_ssl is true in the service vars. This has only been
implemented for the Keystone service endpoints in this patch.
* The keystone admin service endpoint will only have SSL enabled
if keystone_service_adminuri_proto == 'https'.
* The keystone internal/public service endpoint will only have
SSL enabled if keystone_service_publicuri_proto == 'https'.
Implements: blueprint keystone-federation
Change-Id: I069f1a0f928feb754816b7d450929fb62df66244
36640a8f43