Not yet MODIFIED, still need to backport THT fix.

Verified:
Environment:
puppet-tripleo-9.4.1-0.20190508182403.89735a1.el7ost.noarch
openstack-tripleo-heat-templates-9.3.1-0.20190513171733.9995be9.el7ost.noarch



Was able to successfully deploy OC:

(overcloud) [stack@undercloud-0 ~]$ cat /etc/rhosp-release 
Red Hat OpenStack Platform release 14.0.3 RC (Rocky)
(overcloud) [stack@undercloud-0 ~]$ cat overcloud_deploy.sh 
#!/bin/bash

openstack overcloud deploy \
--timeout 100 \
--templates /usr/share/openstack-tripleo-heat-templates \
--stack overcloud \
--libvirt-type kvm \
--ntp-server clock.redhat.com \
-e /home/stack/virt/config_lvm.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/network-isolation.yaml \
-e /home/stack/virt/network/network-environment.yaml \
-e /home/stack/virt/enable-tls.yaml \
-e /home/stack/virt/inject-trust-anchor.yaml \
-e /home/stack/virt/public_vip.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-endpoints-public-ip.yaml \
-e /home/stack/virt/hostnames.yml \
-e /home/stack/virt/debug.yaml \
-e /home/stack/virt/nodes_data.yaml \
--environment-file /usr/share/openstack-tripleo-heat-templates/environments/services/ironic.yaml \
-e ~/containers-prepare-parameter.yaml \
-e /home/stack/virt/ironic-custom.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/ssl/tls-everywhere-endpoints-dns.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/services/haproxy-public-tls-certmonger.yaml \
-e /usr/share/openstack-tripleo-heat-templates/environments/ssl/enable-internal-tls.yaml \
-e /home/stack/virt/cloud-names.yaml \
--log-file overcloud_deployment_45.log
(overcloud) [stack@undercloud-0 ~]$ source overcloudrc
(overcloud) [stack@undercloud-0 ~]$ openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------------------------+
| ID                               | Region    | Service Name | Service Type   | Enabled | Interface | URL                                                               |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------------------------+
| 0e37f9e7f0a544de94254866df271dca | regionOne | placement    | placement      | True    | public    | https://overcloud.redhat.local:13778/placement                    |
| 11bb8f2a61ee4fa2bc6f05f9feeaa5ce | regionOne | swift        | object-store   | True    | public    | https://overcloud.redhat.local:13808/v1/AUTH_%(tenant_id)s        |
| 1d84f1e8e428440ab829a2197a4a13b3 | regionOne | nova         | compute        | True    | internal  | https://overcloud.internalapi.redhat.local:8774/v2.1              |
| 2766478ccbb24a5f9149643912b71a38 | regionOne | gnocchi      | metric         | True    | public    | https://overcloud.redhat.local:13041                              |
| 2b559cc6979e4d71856260645c10ca16 | regionOne | gnocchi      | metric         | True    | internal  | https://overcloud.internalapi.redhat.local:8041                   |
| 2e89bdf4aff94ad3a9d97841b73b379e | regionOne | heat-cfn     | cloudformation | True    | admin     | https://overcloud.internalapi.redhat.local:8000/v1                |
| 3478db0db9f142f891278ddab3635312 | regionOne | panko        | event          | True    | internal  | https://overcloud.internalapi.redhat.local:8977                   |
| 360c3e9e116d408c8af89caecc61bb5b | regionOne | cinderv2     | volumev2       | True    | internal  | https://overcloud.internalapi.redhat.local:8776/v2/%(tenant_id)s  |
| 374fddd359b142938c0b09447c787591 | regionOne | neutron      | network        | True    | public    | https://overcloud.redhat.local:13696                              |
| 3a8b756d9880405da7ea5439342fd0f9 | regionOne | nova         | compute        | True    | admin     | https://overcloud.internalapi.redhat.local:8774/v2.1              |
| 3c523669464b43a8b6457bf981460e16 | regionOne | ironic       | baremetal      | True    | public    | https://overcloud.redhat.local:13385                              |
| 3dd53794c395412995958dad628ad8e1 | regionOne | keystone     | identity       | True    | internal  | https://overcloud.internalapi.redhat.local:5000                   |
| 49006c9cddaa4987bfee3bf0f1ff27c1 | regionOne | glance       | image          | True    | admin     | https://overcloud.internalapi.redhat.local:9292                   |
| 4e01fc57120643169de37eef7157125a | regionOne | placement    | placement      | True    | admin     | https://overcloud.internalapi.redhat.local:8778/placement         |
| 53d8cf1362c94c5d84b892941ce8df99 | regionOne | glance       | image          | True    | public    | https://overcloud.redhat.local:13292                              |
| 541ed0101af5435dbd3a173085c047df | regionOne | neutron      | network        | True    | internal  | https://overcloud.internalapi.redhat.local:9696                   |
| 5845864fa8184d989d564c3fbe42aa6f | regionOne | keystone     | identity       | True    | public    | https://overcloud.redhat.local:13000                              |
| 5e81bcb4def4457883d30412d008c20d | regionOne | aodh         | alarming       | True    | internal  | https://overcloud.internalapi.redhat.local:8042                   |
| 6607995dd4c34a3185052214057f8acc | regionOne | cinderv3     | volumev3       | True    | public    | https://overcloud.redhat.local:13776/v3/%(tenant_id)s             |
| 692aefa1b5f04e5890a8eafeed66df18 | regionOne | swift        | object-store   | True    | internal  | https://overcloud.storage.redhat.local:8080/v1/AUTH_%(tenant_id)s |
| 7948b57a6afa452b8330aa7582aa1f79 | regionOne | glance       | image          | True    | internal  | https://overcloud.internalapi.redhat.local:9292                   |
| 7c1273569ca84cd9b3904951b114a1fd | regionOne | cinderv3     | volumev3       | True    | internal  | https://overcloud.internalapi.redhat.local:8776/v3/%(tenant_id)s  |
| 7db33ffaba3940ebb3ee7de2be7b9b1f | regionOne | heat         | orchestration  | True    | public    | https://overcloud.redhat.local:13004/v1/%(tenant_id)s             |
| 88c30c4ca63b41c0891e8eba1ea47078 | regionOne | swift        | object-store   | True    | admin     | https://overcloud.storage.redhat.local:8080                       |
| 8961a198f1774d779a63985c4f2d8d34 | regionOne | cinderv2     | volumev2       | True    | admin     | https://overcloud.internalapi.redhat.local:8776/v2/%(tenant_id)s  |
| 8a3c3483f66a471291941ad8a429c76f | regionOne | heat         | orchestration  | True    | admin     | https://overcloud.internalapi.redhat.local:8004/v1/%(tenant_id)s  |
| 8d11692695a84ec880e401076e50bd28 | regionOne | ironic       | baremetal      | True    | internal  | https://overcloud.ctlplane.redhat.local:6385                      |
| 94e7353f1e5f4b6d8a36c19fe7bca7d4 | regionOne | gnocchi      | metric         | True    | admin     | https://overcloud.internalapi.redhat.local:8041                   |
| a295af31fb424b55b9189e44080f1cda | regionOne | placement    | placement      | True    | internal  | https://overcloud.internalapi.redhat.local:8778/placement         |
| acaa5b98ad3340c380240e36e6085c15 | regionOne | cinderv3     | volumev3       | True    | admin     | https://overcloud.internalapi.redhat.local:8776/v3/%(tenant_id)s  |
| b3673268b9a6464c9e3ac6edbc4033ee | regionOne | ironic       | baremetal      | True    | admin     | https://overcloud.ctlplane.redhat.local:6385                      |
| be7f9e33d3c84f1a9c603e24aa0adf10 | regionOne | heat-cfn     | cloudformation | True    | internal  | https://overcloud.internalapi.redhat.local:8000/v1                |
| beabcfbacdb543e49ec73aa931bf5870 | regionOne | neutron      | network        | True    | admin     | https://overcloud.internalapi.redhat.local:9696                   |
| ced182bc2c6745eba81e7246271ea6e3 | regionOne | keystone     | identity       | True    | admin     | https://overcloud.ctlplane.redhat.local:35357                     |
| d1b35a4d6130436792fafd9f66433cb2 | regionOne | aodh         | alarming       | True    | public    | https://overcloud.redhat.local:13042                              |
| d1bb856e0d604463aaa889123c487890 | regionOne | nova         | compute        | True    | public    | https://overcloud.redhat.local:13774/v2.1                         |
| d8b74e4f34d743d9a26ed4fedc6faee8 | regionOne | panko        | event          | True    | public    | https://overcloud.redhat.local:13977                              |
| dca802848c3e4e84a459fdc4ad9a9334 | regionOne | cinderv2     | volumev2       | True    | public    | https://overcloud.redhat.local:13776/v2/%(tenant_id)s             |
| e5ac9aaae7444c45bb18c98ede7de866 | regionOne | aodh         | alarming       | True    | admin     | https://overcloud.internalapi.redhat.local:8042                   |
| ee80fdd54fe54fc4a192d9eca383e759 | regionOne | heat         | orchestration  | True    | internal  | https://overcloud.internalapi.redhat.local:8004/v1/%(tenant_id)s  |
| f7c7fd5c90e34c1d959064ea31b6e3fe | regionOne | panko        | event          | True    | admin     | https://overcloud.internalapi.redhat.local:8977                   |
| fb4e888602c549169618522ae3478c9f | regionOne | heat-cfn     | cloudformation | True    | public    | https://overcloud.redhat.local:13005/v1                           |
+----------------------------------+-----------+--------------+----------------+---------+-----------+-------------------------------------------------------------------+

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:1672