Currently they use instance ids, which are horrible, horrible things.
|Resolved||Andrew||T1154 Make labs salt use instance names than ids|
|Resolved||Andrew||T95480 Abolish use of ec2id in cert names|
|Resolved||ArielGlenn||T95481 Fix monitor_labs_salt_keys.py to handle the new labs naming scheme|
|Resolved||Andrew||T95519 Automatically clean salt and puppet certs on instance deletion|
So... talked to Ryan Lane some more and this is more complicated than expected ;)
Problem with fqdn is that deleting and creating an instance will cause complications because the salt (and puppet too, for that matter) certificates for the old instance won't be purged, so puppet/salt won't work.
Solution to this is to write a nova plugin that purges salt/puppet certs when an instance gets deleted.
I've setup a salt environment today: The DNS seems to work fine with a minor tweak: In the pre-generated /etc/salt/minion there's a line starting with "id:" which sets the ec2id. If I remove these salt only uses the proper hostnames in salt-key.