[tls] Make a cert SLS IDs globally unique At the moment most of openstack formulas have the same ids of certs at state files, e.g.: nova/server.sls - rabbitmq_ca : file_managed glance/server.sls - rabbitmq_ca : file_managed So, any attempt to use the: salt-call state.apply fails with: Detected conflicting IDs, SLS IDs need to be globally unique. Change-Id: If7c62d551a2ad503b6ab5ab444e143f5ba7f3a52

commit: be59d5382679e198e11c4b9fe081794c1be74ead [log] [tgz]
author: Kirill Bespalov <kbespalov@mirantis.com> Tue Nov 14 17:01:54 2017 +0300
committer: Kirill Bespalov <kbespalov@mirantis.com> Tue Nov 14 17:02:29 2017 +0300
tree: fc2146b04e5d2a3a4c71768ba91df1827279f8e5
parent: 6327e039997a338ba423e2fd0317433e9a1f1f87 [diff]
diff --git a/nova/compute.sls b/nova/compute.sls
index 61f6d4f..eb3127e 100644
--- a/nova/compute.sls
+++ b/nova/compute.sls

@@ -75,9 +75,10 @@
   - template: jinja
   - require:
     - pkg: nova_compute_packages
+{%- endif %}
 
 {%- if compute.message_queue.get('ssl',{}).get('enabled',False)  %}
-rabbitmq_ca:
+rabbitmq_ca_nova_compute:
 {%- if compute.message_queue.ssl.cacert is defined %}
   file.managed:
     - name: {{ compute.message_queue.ssl.cacert_file }}
@@ -90,8 +91,6 @@
 {%- endif %}
 {%- endif %}
 
-{%- endif %}
-
 nova_compute_services:
   service.running:
   - enable: true
@@ -99,7 +98,7 @@
   - watch:
     - file: /etc/nova/nova.conf
   {%- if compute.message_queue.get('ssl',{}).get('enabled',False) %}
-    - file: rabbitmq_ca
+    - file: rabbitmq_ca_nova_compute
   {%- endif %}
 
 {%- set ident = compute.identity %}

diff --git a/nova/controller.sls b/nova/controller.sls
index bf4ba28..2f05978 100644
--- a/nova/controller.sls
+++ b/nova/controller.sls

@@ -25,7 +25,7 @@
   - names: {{ controller.pkgs }}
 
 {%- if controller.message_queue.get('ssl',{}).get('enabled',False)  %}
-rabbitmq_ca:
+rabbitmq_ca_nova_controller:
 {%- if controller.message_queue.ssl.cacert is defined %}
   file.managed:
     - name: {{ controller.message_queue.ssl.cacert_file }}
@@ -278,7 +278,7 @@
     - file: /etc/nova/api-paste.ini
     - file: /etc/apache2/sites-available/nova-placement-api.conf
     {%- if controller.database.get('ssl',{}).get('enabled',False)  %}
-    - file: mysql_ca
+    - file: mysql_ca_nova_controller
     {% endif %}
 
 {%- endif %}
@@ -296,10 +296,10 @@
     - file: /etc/nova/nova.conf
     - file: /etc/nova/api-paste.ini
     {%- if controller.message_queue.get('ssl',{}).get('enabled',False) %}
-    - file: rabbitmq_ca
+    - file: rabbitmq_ca_nova_controller
     {%- endif %}
     {%- if controller.database.get('ssl',{}).get('enabled',False)  %}
-    - file: mysql_ca
+    - file: mysql_ca_nova_controller
     {% endif %}
 
 {%- if grains.get('virtual_subtype', None) == "Docker" %}
@@ -314,7 +314,7 @@
 {%- endif %}
 
 {%- if controller.database.get('ssl',{}).get('enabled',False)  %}
-mysql_ca:
+mysql_ca_nova_controller:
 {%- if controller.database.ssl.cacert is defined %}
   file.managed:
     - name: {{ controller.database.ssl.cacert_file }}
commit	be59d5382679e198e11c4b9fe081794c1be74ead	[log] [tgz]
author	Kirill Bespalov <kbespalov@mirantis.com>	Tue Nov 14 17:01:54 2017 +0300
committer	Kirill Bespalov <kbespalov@mirantis.com>	Tue Nov 14 17:02:29 2017 +0300
tree	fc2146b04e5d2a3a4c71768ba91df1827279f8e5
parent	6327e039997a338ba423e2fd0317433e9a1f1f87 [diff]