Ensure that keystone service is paused if needed on series upgrade
During series upgrade, the keystone packages get re-installed as the
underlying Linux has been upgraded and new package sets are updated and
then pulled in. For trusty->xenial this means that keystone.service
gets enabled which then breaks haproxy. On install, on xenial+, the
keystone.service is disabled in the install hook. This just replicates
this in the series-upgrade hook.
When the certificates endpoint has completed TLS configuration
via Vault, ensure that any federated identity backends are
updated for the switch to TLS, other the generated SP data
incorrectly used http:// instead of https://
This change is required as Zaza underwent a split of the openstack
tests from the Zaza project, so we had to track the working branch
until that change landed. As it has landed, it is now time to use
Zaza from master again
If the certificates that Apache is using change then Apache needs to
be restarted. This change adds the SSL directory to the restart map
to ensure any certificate changes trigger a restart.