Comment 13 for bug 627963

Directory /var/lib/eucalyptus/keys/<Cluster Name> is only relevant on the CLC, since it needs to have keys for multiple clusters. For all other components the keys are in /var/lib/eucalyptus/keys. Hence, if CLC and a CC are co-located, you will see the same keys in two places.

Cloud key is created when CLC starts for the first time. Cluster and node keys are created (by the CLC) when the cluster is registered. Eucalyptus version of euca_conf --register-cluster or --register-node attempts to ensure that the keys for two hosts match by using rsync and rcp. UEC version of the file attempts to do the same but with somewhat different code.

I am not sure how one ends up with mismatched keys on a fresh install. (If synchronization didn't work you would have no keys on the downstream side, such as CC or NC.) If you run into this again, I would look at modification times and checksums of all *.pem files under the /var/lib/eucalyptus/keys tree.