Description of problem:
Overcloud deploy fails to boot instances after scaling out compute node.


Version-Release number of selected component (if applicable):
2016-02-16.1 puddle

How reproducible:
100%

Steps to Reproduce:
1. deploy overcloud with ssl (1 controller, 1 compute, passed -e ~/enable-tls.yaml -e ~/inject-trust-anchor.yaml templates)
2. ready another node
3. deploy overcloud again with --compute-scale 2 (same parameters as before)

Actual results:
Instances created are in ERROR state. Looking at the logs in /var/log/neutron/server.log there is this SSL error:
2016-02-18 12:19:26.848 26692 ERROR neutron.notifiers.nova [-] Failed to notify nova on events: [{'status': 'completed', 'tag': u'aece1d42-331b-429c-b74f-016d044619d3', 'name': 'network-vif-p
lugged', 'server_uuid': u'c45624af-493c-4ac7-ac3f-53f87d414223'}]
2016-02-18 12:24:27.685 26692 TRACE neutron.notifiers.nova SSLError: SSL exception connecting to https://172.16.23.110:13774/v2/27d8eeabff0a4e3b93a4e783d47719d1/os-server-external-events: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed (_ssl.c:765)
Neutron is unable to communicate with controller to signal the creation of the interface in the specified network.

Expected results:
Instance is created successfully


Additional info:
In the controller node, if I manually copy /etc/pki/tls/private/overcloud_endpoint.pem to /etc/pki/ca-trust/source/anchors/ and call update-ca-trust extract, certificate is added correctly to /etc/pki/tls/certs/ca-bundle.crt and neutron is able to connect to endpoint with SSL.
But all the other nodes lack the correct CA too.