Permit specification of host in stunnel templates

While we can in principle do this already, there is a bug (1344284)
in heat which breaks our ability to calculate an appropriate unified
line from within heat. Instead, we can pass separate metadata to
os-apply-config and avoid this bug (which has no straight forward
fix).

Change-Id: I820862982afee07d85f1f0ad02b08cd5b0f35e49
Related-Bug: #1344284

elements/openstack-ssl/README.md

@@ -28,6 +28,7 @@ stunnel:
    - name: 'cinder'
      accept: 13776
      connect: 8776
+     connect_host: localhost
 
 The certificate and key data will be written to /etc/ssl/from-heat.{crt,key}.
 
@@ -37,3 +38,5 @@ from this implementation.
 
 Note that the public API endpoints in keystone need to be registered with https
 urls, which is outside the scope of the local machine configuration process.
+
+See the stunnel man page for documentation on crt and key formats etc.

elements/openstack-ssl/os-apply-config/etc/stunnel/from-heat.conf

@@ -6,5 +6,5 @@ options = NO_SSLv2
 {{#stunnel.ports}}
 [{{name}}]
 accept = {{accept}}
-connect = {{connect}}
+connect = {{#connect_host}}{{.}}:{{/connect_host}}{{connect}}
 {{/stunnel.ports}}