Add DB SSL support

Change-Id: I2c98680a77b9e2c9b027db0d7517ae7161f77429
Depends-On: I9e6d9ee439cab734eba02320d58ccfcd73e23106

service/files/sahara.conf.j2

@@ -16,7 +16,7 @@ transport_url = rabbit://{{ rabbitmq.user }}:{{ rabbitmq.password }}@{{ address(
 heat_enable_wait_condition = {{ sahara.enable_wait_condition }}
 
 [database]
-connection = mysql+pymysql://{{ sahara.db.username }}:{{ sahara.db.password }}@{{ address(service.database) }}/{{ sahara.db.name }}
+connection = mysql+pymysql://{{ sahara.db.username }}:{{ sahara.db.password }}@{{ address(service.database) }}/{{ sahara.db.name }}{% if percona.tls.enabled %}?ssl_ca=/opt/ccp/etc/tls/ca.pem{% endif %}
 max_retries = -1
 
 [keystone_authtoken]

service/sahara-api.yaml

@@ -14,7 +14,10 @@ service:
           type: single
           command:
             mysql -u root -p{{ db.root_password }} -h {{ address(service.database) }} -e "create database {{ sahara.db.name }};
-            grant all privileges on {{ sahara.db.name }}.* to '{{ sahara.db.username }}'@'%' identified by '{{ sahara.db.password }}';"
+            create user '{{ sahara.db.username }}'@'%' identified by '{{ sahara.db.password }}'
+            {% if percona.tls.enabled %} require ssl {% endif %};
+            grant all privileges on {{ sahara.db.name }}.* to '{{ sahara.db.username }}'@'%' identified by '{{ sahara.db.password }}'
+            {% if percona.tls.enabled %} require ssl {% endif %};"
         - name: sahara-db-sync
           files:
             - sahara-conf