This patch adds optional support for TLS encryption in libvirtd endpoints using
certificates.
Without encryption, libvirtd listens on private interface of K8s node without
any authentication thus allowing connections from any host on the internal
network.
TLS for libvirt is ENABLED by default and can be disabled in fuel-ccp-nova's
defaults.yaml file. When using TLS, CCP operator has 3 options:
1. Use sample, self-signed wildcard certificates valid for 10 years built into
config files (e.g. for testing purposes) - default.
2. Regenerate above certs using a script provided in tools/.
3. Provide own certificates.
The TLS configuration provided by this patch uses workarounds to make wildcard
certifcates work and should be used for testing purposes only.
The reason to have TLS enabled by default is to run all tests (e.g. CI) with
encrypted communication and catch possible errors.
An implementation more suitable for production usage may follow in a separate
patch.
Change-Id: I1d770e3618e2f5a32573b7ded74b11df18338f85