Added Galera SSL support

MySQL SSL connections allowed. Self-signed SSL CA cert or user-provided
CA certificate delivered from the deployment host.

Change-Id: Iaa07435357139133e325d85808b419e8c55b5e50
Partial-Bug: #1667789

defaults/main.yml

@@ -42,3 +42,11 @@ galera_client_fatal_deprecations: false
 galera_client_my_cnf_overrides: {}
 
 mariadb_repo_filename: "MariaDB"
+
+# SSL support
+galera_use_ssl: false
+# The path where to store the database server CA certificate
+galera_ssl_ca_cert: /etc/ssl/certs/galera-ca.pem
+# The path to Galera CA certificate file on the deployment host
+galera_user_ssl_ca_cert: /etc/openstack_deploy/self_signed_certs/galera-ca.pem
+

releasenotes/notes/implement-ssl-48a82cf611db0eb6.yaml

@@ -0,0 +1,5 @@
+---
+features:
+  - Allows SSL connection to Galera with SSL support. ``galera_use_ssl`` option has to
+    be set to ``true``, in this case self-signed CA cert or user-provided CA cert will
+    be delivered to the container/host.

tasks/galera_client_post_install.yml

@@ -25,3 +25,15 @@
   when: galera_client_drop_config_file
   tags:
     - galera-client-user-config
+
+- name: Distribute Galera ssl CA cert
+  copy:
+    dest: "{{ galera_ssl_ca_cert }}"
+    src: "{{ galera_user_ssl_ca_cert }}"
+    owner: "root"
+    group: "root"
+    mode: "0644"
+  when:
+    - galera_use_ssl | bool
+  tags:
+    - galera-client-user-config