Cause: There were no options to configure qpid, mysql and horizon with SSL using puppet.
Consequence: It was difficult if not impossible to configure SSL to encrypt backend communication.
Fix: New options were added to puppet-qpid, including two new modules, puppet-nssdb and puppet-certmonger. The former is used to manage NSS-based security libraries and the later is used for handing automatic issuance of SSL certificates from an IdM server. New options were also added to mysql. The top-level mysql module had support for SSL but the OpenStack module did not. Horizon had an option to enable SSL but it didn't actually do that.
Result: The lower level puppet modules now support enabling SSL. This will provide the building blocks for securing services with SSL.