Description of problem: The Distributed Lock Manager (DLM) that cinder uses when running A/A is broken when deployed with TLS-everywhere. Several problems have been uncovered, and this BZ is intended to be a tracker. When running A/A, cinder uses etcd (via an etcd HTTP gateway) for its DLM. The following issues have been noted when TLS-everywhere is included in the overcloud deployment: 1. Puppet-tripleo fails when trying to set the permission on etcd’s TLS cert and key files. 2. THT fails to bind etcd’s cert and key files into the etcd container. 3. The DLM (tooz's coordination library) doesn’t have a driver that supports etcd3 with HTTPS (it only supports HTTP). The first two issues are bugs that warrant their own BZ. However, fixing the third issue will require an enhancement to tooz (not a bug fix). Version-Release number of selected component (if applicable): How reproducible: always Steps to Reproduce: 1. Deploy cinder A/A with TLS-everywhere 2. 3. Actual results: Cinder services fail to start. Expected results: Things work. Additional info: