Change-Id: Icd6334902ca47d83ae263905d65ef91b8e6a7335

1:
In case of trust_salt_ca usage, the salt.minion.cert state
generates broken certs body due to a space replacing:

-----BEGINCERTIFICATE-----
  MIIFzzCCA7egAwIBAgIITiyuuFgl1S4wDQYJKoZIhvcNAQELBQAwSjELMAkGA1UE
  BhMCY3oxFzAVBgNVBAMMDlNhbHQgT
  ....

To fix it the "x509.pem_managed" is used.

2:
If a symlink to CA cert is already exists, then the state is failing.
The force=True (replace) is used now to avoid the issue.

Change-Id: I4a2bd7c882e179560657a3dc7edf18c7e5835492

Change-Id: I73a4a14734651f6483fae169a2290e9c5b377d76

Change-Id: Ic64656c6fc3d4f561226d884b8bfb535dd537e14

Change-Id: I7b4dc2001e07b047964f4ebbbbe0b23db7819566

Change-Id: I484f7156dc82ca528307857f41018f4048467f78

Change-Id: Ie1f1397817b47f299107e4f44dfb4c5ffe1c010c

Terse output is not enough for debugging.

Change-Id: Ida9a4ef0a2ad053fc370d3833d716d9e8d38d814

This option can configure default output of state calls. Terse (default
option) will make each call to be on single line and make salt output
better.

Change-Id: Id0987561e34a84fb26a796729d6ab3de3b9ae8e5

Change-Id: I6f1292779858c45f9cf6f4caf3657ee000b2cf06

Change-Id: I2b8ee84718e10d6261f1c93ca02ff4b60977e37f

Add ability to specify custom node name in reclass.

Change-Id: I1e1269268a81d8cd01b5fe9328f63e8bf85e941b

We can have this failing because of bad mine data:
salt['mine.get'](cert.host, 'x509.get_pem_entries')

Without this change, dependency between salt_minion_cert_*_all and
ca_file is just ignored and salt_minion_cert_*_all state fails because
it can't find appropriate file.

Change-Id: I2a5dd12e08159bf110ff0d9879ebf0ad5d9d97c1

Change-Id: I2aba1213b1dda46aee929b8ea583c41316e3eb0b

Change-Id: I26aeae62cc1c1d407d36d1d6bf101db073d9e610

It was failing with:
	Rendering SLS 'base:salt.minion.cert' failed: Conflicting ID 'salt_ca_certificates_packages'

ca-certificates installation should be probably moved out of the loop in
the future.

Change-Id: I26aeae62cc1c1d407d36d1d6bf101db073d9e601

Change-Id: I89cec95e87db52fd59a84d57c485d8c938711ef3

Unfortunately this is not idempotent, however we surely want to sync
everything when salt.minion state is executed.

Change-Id: I0faaf606b57dbd7d009156abfe50d2e5f350190e

This policy will be used for certificate with various keyUsage
parameters. Etcd for example.

Change-Id: I2a6387f8b7ee58fb6f256881e3e09142f13119a9

Change-Id: I1eaa9cf7a7f861cc5de604e03fba8a74436d99ad

By default the check is OK for a number of processes between 1 and 15
but on our machine the number is up to 48. So we set the limit
accordingly.

Change-Id: Iac3d2b91312dfe778ebcd39b5eb985348c7aee5a

Previous approach fails when all of formulas are installed from git.

Change-Id: I0622461ee6469c59c1fd3ad4a23cdaeaeee1b444

Install all pkgs for formulas together.

This error occures when multiple certs signed by same CA are requested
on minion.

Change-Id: I6b20ab4e1795298c94f55fdc61af99f933d8491c

First run is made during salt-master cloud-init and thus it is onchanges
is not suitable here because ca.crt file is already generated.

Letsencrypt could makes symlinks to standard locations in the future.