diff --git a/base/server/etc/default.cfg b/base/server/etc/default.cfg index 367c147493a..586dce36893 100644 --- a/base/server/etc/default.cfg +++ b/base/server/etc/default.cfg @@ -206,8 +206,6 @@ pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.con pki_client_admin_cert=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.cert pki_instance_path=/var/lib/pki/%(pki_instance_name)s -pki_instance_configuration_path=/etc/pki/%(pki_instance_name)s - ############################################################################### ## Tomcat Configuration: ## diff --git a/base/server/python/pki/server/deployment/pkihelper.py b/base/server/python/pki/server/deployment/pkihelper.py index 88c7bb3f7be..ac0489013d5 100644 --- a/base/server/python/pki/server/deployment/pkihelper.py +++ b/base/server/python/pki/server/deployment/pkihelper.py @@ -363,20 +363,20 @@ def collision_detection(self, instance): instance.log_dir) subsystem_conf_dir = os.path.join( - self.mdict['pki_instance_configuration_path'], + instance.conf_dir, self.mdict['pki_subsystem_type']) - if os.path.exists(self.mdict['pki_instance_configuration_path']) and\ + if os.path.exists(instance.conf_dir) and\ os.path.exists(subsystem_conf_dir): # Top-Level PKI configuration path collision logger.error( log.PKIHELPER_NAMESPACE_COLLISION_2, self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path']) + instance.conf_dir) raise Exception( log.PKIHELPER_NAMESPACE_COLLISION_2 % ( self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path'])) + instance.conf_dir)) subsystem_registry_dir = os.path.join( instance.registry_dir, @@ -411,11 +411,11 @@ def collision_detection(self, instance): logger.error( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2, self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path']) + instance.conf_dir) raise Exception( log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % ( self.mdict['pki_instance_name'], - self.mdict['pki_instance_configuration_path'])) + instance.conf_dir)) # Top-Level Tomcat PKI registry path reserved name collision if self.mdict['pki_instance_name'] in\ @@ -2126,7 +2126,7 @@ def execute_using_pki( tks_url = 'https://%s:%s' % (tkshost, tksport) password_conf = os.path.join( - self.mdict['pki_instance_configuration_path'], + instance.conf_dir, 'password.conf') command = ["pki", diff --git a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py index fc9100f17fc..f35a20cc5c2 100644 --- a/base/server/python/pki/server/deployment/scriptlets/instance_layout.py +++ b/base/server/python/pki/server/deployment/scriptlets/instance_layout.py @@ -51,10 +51,8 @@ def spawn(self, deployer): # Create /var/lib/pki/ instance.makedirs(instance.base_dir, exist_ok=True) - instance_conf_path = deployer.mdict['pki_instance_configuration_path'] - - logger.info('Creating %s', instance_conf_path) - instance.makedirs(instance_conf_path, exist_ok=True) + logger.info('Creating %s', instance.conf_dir) + instance.makedirs(instance.conf_dir, exist_ok=True) # Configuring internal token password @@ -136,7 +134,7 @@ def spawn(self, deployer): # to /usr/share/pki/server/conf/catalina.properties. instance.symlink( os.path.join(shared_conf_path, 'catalina.properties'), - os.path.join(instance_conf_path, 'catalina.properties'), + os.path.join(instance.conf_dir, 'catalina.properties'), exist_ok=True) # Link /etc/pki//context.xml @@ -148,7 +146,7 @@ def spawn(self, deployer): # to /usr/share/pki/server/conf/logging.properties. instance.symlink( os.path.join(shared_conf_path, 'logging.properties'), - os.path.join(instance_conf_path, 'logging.properties'), + os.path.join(instance.conf_dir, 'logging.properties'), exist_ok=True) # Copy /usr/share/pki/server/conf/tomcat.conf @@ -169,7 +167,7 @@ def spawn(self, deployer): # /var/lib/pki//conf/tomcat.conf. deployer.file.copy_with_slot_substitution( os.path.join(shared_conf_path, 'tomcat.conf'), - os.path.join(instance_conf_path, 'tomcat.conf'), + os.path.join(instance.conf_dir, 'tomcat.conf'), overwrite_flag=True) # Link /etc/pki//web.xml @@ -178,7 +176,7 @@ def spawn(self, deployer): instance.symlink(web_xml, instance.web_xml, exist_ok=True) # Create /etc/pki//Catalina - catalina_dir = os.path.join(instance_conf_path, 'Catalina') + catalina_dir = os.path.join(instance.conf_dir, 'Catalina') instance.makedirs(catalina_dir, exist_ok=True) # Create /etc/pki//Catalina/localhost @@ -239,7 +237,7 @@ def spawn(self, deployer): # Link /var/lib/pki//conf to /etc/pki/ conf_link = os.path.join(instance.base_dir, 'conf') deployer.symlink.create( - instance_conf_path, + instance.conf_dir, conf_link) # Link /var/lib/pki//logs to /var/log/pki/ @@ -315,9 +313,9 @@ def destroy(self, deployer): pki.util.rmtree(path=instance.log_dir, force=deployer.force) - logger.info('Removing %s', deployer.mdict['pki_instance_configuration_path']) + logger.info('Removing %s', instance.conf_dir) pki.util.rmtree( - path=deployer.mdict['pki_instance_configuration_path'], + path=instance.conf_dir, force=deployer.force) logger.info('Removing %s', instance.service_conf) diff --git a/base/server/python/pki/server/deployment/scriptlets/security_databases.py b/base/server/python/pki/server/deployment/scriptlets/security_databases.py index 9dfdbb6db84..188581bade6 100644 --- a/base/server/python/pki/server/deployment/scriptlets/security_databases.py +++ b/base/server/python/pki/server/deployment/scriptlets/security_databases.py @@ -66,7 +66,7 @@ def spawn(self, deployer): # which ONLY contains the 'password' for the purposes of # allowing 'certutil' to generate the security databases - pki_shared_pfile = os.path.join(deployer.mdict['pki_instance_configuration_path'], 'pfile') + pki_shared_pfile = os.path.join(instance.conf_dir, 'pfile') logger.info('Creating password file: %s', pki_shared_pfile) deployer.password.create_password_conf( @@ -524,8 +524,7 @@ def update_external_certs_conf(self, external_path, deployer): if len(external_certs) > 0: deployer.load_external_certs( - os.path.join(deployer.mdict['pki_instance_configuration_path'], - 'external_certs.conf') + os.path.join(self.instance.conf_dir, 'external_certs.conf') ) for cert in external_certs: diff --git a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py index 2bf48749a9d..3f7ab9e0700 100644 --- a/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py +++ b/base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py @@ -43,10 +43,10 @@ def destroy(self, deployer): logger.info('Undeploying /%s web application', deployer.mdict['pki_subsystem'].lower()) - # Delete /Catalina/localhost/.xml if exists + # Delete /etc/pki//Catalina/localhost/.xml if exists context_xml = os.path.join( - deployer.mdict['pki_instance_configuration_path'], + self.instance.conf_dir, 'Catalina', 'localhost', deployer.mdict['pki_subsystem'].lower() + '.xml') diff --git a/docs/manuals/man5/pki_default.cfg.5.md b/docs/manuals/man5/pki_default.cfg.5.md index 2ebfc1f1c94..9c0dbdeb4cf 100644 --- a/docs/manuals/man5/pki_default.cfg.5.md +++ b/docs/manuals/man5/pki_default.cfg.5.md @@ -533,7 +533,7 @@ Defaults to False. **pki_cert_chain_path** Required for the second step of a stand-alone PKI process. This is the location of the file containing the external CA signing certificate (as issued by the external CA). -Defaults to '%(pki_instance_configuration_path)s/external_ca.cert'. +Defaults to /etc/pki/*instance_name*/external_ca.cert. **pki_ca_signing_cert_path** Required for the second step of a stand-alone PKI process.