ansible-scylla-node: Add support for encryption at rest

[igorribeiroduarte]

This PR adds the following features to the role:

• The ability of managing table keys and system keys
• The ability of enabling/disabling system encryption

Note that enabling data encryption is not part of this PR and needs to be done manually by the user.

The following tests were executed:

• Validate that if handle_system_keys is set to true, any keys inside localhost_system_key_directory will be copied to system_key_directory
• Validate that if handle_table_keys is set to true, any keys inside localhost_table_key_directory will be copied to table_key_directory
• Validate that if any already existing key in the system_key_directory has a different content from a key with the same name in the localhost_system_key_diretory, the role will fail.
• Validate that if any existing key in the table_key_directory has a different content from a key with the same name in the localhost_table_key_directory, the role will fail.
• Validate that if system_info_encryption_local.enabled is set to true, the scylla.yaml file will be set appropriately
• Validate that if system_info_encryption_kmip.enabled is set to true, the scylla.yaml file will be set appropriately
• Validate that if system_info_encryption_kms.enabled is set to true, the scylla.yaml file will be set appropriately

[vladzcloudius]

How was this PR tested?

[igorribeiroduarte]

How was this PR tested?

@vladzcloudius, the following tests were executed:

• Executed the role for an existing cluster where encryption at rest was initially disabled, with both, system_info_encryption_local and data_encryption_local enabled:
  • Validated that after the rolling restart, the necessary params were set in scylla.yaml
  • Validated that the keys were generated and copied to the localhost
  • Validated that the same keys were copied to all scylla nodes
  • Validated that I'm able to encrypt a table with the data_key generated
• Executed the role for an existing cluster with system_info_encryption_kmip enabled and validated that scylla.yaml was updated correctly.
• Executed the role for an existing cluster, with keys in the localhost but without the keys on the nodes and validated that the keys were copied to the nodes. This test was executed with both, system_info_encryption_local and data_encryption_local enabled.
• Executed the role for an existing cluster with keys on the nodes but without keys in the localhost and validated that the task failed. This test was executed with both, system_info_encryption_local and data_encryption_local enabled.
• Executed the role for an existing cluster with keys on the nodes but with different keys in the localhost and validated that the task failed. This test was executed with both, system_info_encryption_local and data_encryption_local enabled.
• Validated that if encryption at rest is disabled, the current behavior of the role is not affected.