[4.0] keystone: Use correct paths when syncing certs

[skazi0]

The sync failed when certs and/or keys were located in non-default paths.

[JanZerebecki]

@ skazi0 found that this bug was uncovered by SUSE-Cloud/automation@4194b0e from SUSE-Cloud/automation#3194 .

[nicolasbock]

👍

[JanZerebecki]

This isn't needed for SOC8 nor 9, because of #1204 .

[JanZerebecki]

Responding to #2146 (comment) :
This PR is in response to ci ha job failing with:

Errno::ENOENT: ruby_block[synchronize signing keys for founder and remember them for non-HA case] (keystone::server line 347) had an error: Errno::ENOENT: No such file or directory @ rb_sysopen - /etc/keystone/ssl/certs/ca.pem

E.g. in https://ci.suse.de/job/openstack-mkcloud/171079/parsed_console/ testing #2144 .

[JanZerebecki]

cmurphy pointed out in the comment linked above that the here modified lines are not about https, which means it changes it to the wrong certificates.
Maybe the postinst script calling pki_setup https://build.opensuse.org/package/view_file/Cloud:OpenStack:Newton/openstack-keystone/openstack-keystone.spec?expand=1 failed?

[skazi0]

@cmurphy @JanZerebecki ah, now I get it. I got confused because node[:keystone][:ssl] and node[:keystone][:signing] have the same values by default. I will change this PR but it will probably not work as automation scripts don't set those values correctly in signing section.

[skazi0]

Updated version uses signing section but SUSE-Cloud/automation#3467 is needed before it could work.

[skazi0]

This PR was closed as the only commit here was moved to #2146 to avoid cross-PR dependencies in gating.