Enable TLS configuration for containerized RabbitMQ

In non-containerized deployments, RabbitMQ can be configured to use TLS for
serving and mirroring traffic.

Fix the creation of the rabbitmq bundle resource to enable TLS when configured.
The key and cert are passed as other configuration files and must be copied by
Kolla at container startup.

Change-Id: I8af63a1cb710e687a593505c0202d717842d5496
Depends-On: Ia64d79462de7012e5bceebf0ffe478a1cccdd6c9
Closes-Bug: #1709558

docker/services/pacemaker/rabbitmq.yaml

@@ -92,6 +92,11 @@ outputs:
             dest: "/"
             merge: true
             preserve_properties: true
+          - source: "/var/lib/kolla/config_files/src-tls/*"
+            dest: "/"
+            merge: true
+            optional: true
+            preserve_properties: true
           permissions:
            - path: /var/lib/rabbitmq
              owner: rabbitmq:rabbitmq
@@ -99,6 +104,14 @@ outputs:
            - path: /var/log/rabbitmq
              owner: rabbitmq:rabbitmq
              recurse: true
+           - path: /etc/pki/tls/certs/rabbitmq.crt
+             owner: rabbitmq:rabbitmq
+             perm: '0600'
+             optional: true
+           - path: /etc/pki/tls/private/rabbitmq.key
+             owner: rabbitmq:rabbitmq
+             perm: '0600'
+             optional: true
       # When using pacemaker we don't launch the container, instead that is done by pacemaker
       # itself.
       docker_config:
@@ -164,6 +177,8 @@ outputs:
             echo 'export ERL_EPMD_ADDRESS=127.0.0.1' > /etc/rabbitmq/rabbitmq-env.conf
             echo 'export ERL_EPMD_PORT=4370' >> /etc/rabbitmq/rabbitmq-env.conf
             for pid in $(pgrep epmd); do if [ "$(lsns -o NS -p $pid)" == "$(lsns -o NS -p 1)" ]; then kill $pid; break; fi; done
+      metadata_settings:
+        get_attr: [RabbitmqBase, role_data, metadata_settings]
       upgrade_tasks:
         - name: get bootstrap nodeid
           tags: common