Replace pki_instance_configuration_path with PKIServer.conf_dir

base/server/etc/default.cfg

@@ -206,8 +206,6 @@ pki_client_pkcs12_password_conf=%(pki_client_subsystem_dir)s/pkcs12_password.con
 pki_client_admin_cert=%(pki_client_dir)s/%(pki_subsystem_type)s_admin.cert
 
 pki_instance_path=/var/lib/pki/%(pki_instance_name)s
-pki_instance_configuration_path=/etc/pki/%(pki_instance_name)s
-
 
 ###############################################################################
 ##  Tomcat Configuration:                                                    ##

base/server/python/pki/server/deployment/pkihelper.py

@@ -363,20 +363,20 @@ def collision_detection(self, instance):
                 instance.log_dir)
 
         subsystem_conf_dir = os.path.join(
-            self.mdict['pki_instance_configuration_path'],
+            instance.conf_dir,
             self.mdict['pki_subsystem_type'])
 
-        if os.path.exists(self.mdict['pki_instance_configuration_path']) and\
+        if os.path.exists(instance.conf_dir) and\
            os.path.exists(subsystem_conf_dir):
             # Top-Level PKI configuration path collision
             logger.error(
                 log.PKIHELPER_NAMESPACE_COLLISION_2,
                 self.mdict['pki_instance_name'],
-                self.mdict['pki_instance_configuration_path'])
+                instance.conf_dir)
             raise Exception(
                 log.PKIHELPER_NAMESPACE_COLLISION_2 % (
                     self.mdict['pki_instance_name'],
-                    self.mdict['pki_instance_configuration_path']))
+                    instance.conf_dir))
 
         subsystem_registry_dir = os.path.join(
             instance.registry_dir,
@@ -411,11 +411,11 @@ def collision_detection(self, instance):
             logger.error(
                 log.PKIHELPER_NAMESPACE_RESERVED_NAME_2,
                 self.mdict['pki_instance_name'],
-                self.mdict['pki_instance_configuration_path'])
+                instance.conf_dir)
             raise Exception(
                 log.PKIHELPER_NAMESPACE_RESERVED_NAME_2 % (
                     self.mdict['pki_instance_name'],
-                    self.mdict['pki_instance_configuration_path']))
+                    instance.conf_dir))
 
         # Top-Level Tomcat PKI registry path reserved name collision
         if self.mdict['pki_instance_name'] in\
@@ -2126,7 +2126,7 @@ def execute_using_pki(
 
         tks_url = 'https://%s:%s' % (tkshost, tksport)
         password_conf = os.path.join(
-            self.mdict['pki_instance_configuration_path'],
+            instance.conf_dir,
             'password.conf')
 
         command = ["pki",

base/server/python/pki/server/deployment/scriptlets/instance_layout.py

@@ -51,10 +51,8 @@ def spawn(self, deployer):
         # Create /var/lib/pki/<instance>
         instance.makedirs(instance.base_dir, exist_ok=True)
 
-        instance_conf_path = deployer.mdict['pki_instance_configuration_path']
-
-        logger.info('Creating %s', instance_conf_path)
-        instance.makedirs(instance_conf_path, exist_ok=True)
+        logger.info('Creating %s', instance.conf_dir)
+        instance.makedirs(instance.conf_dir, exist_ok=True)
 
         # Configuring internal token password
 
@@ -136,7 +134,7 @@ def spawn(self, deployer):
         # to /usr/share/pki/server/conf/catalina.properties.
         instance.symlink(
             os.path.join(shared_conf_path, 'catalina.properties'),
-            os.path.join(instance_conf_path, 'catalina.properties'),
+            os.path.join(instance.conf_dir, 'catalina.properties'),
             exist_ok=True)
 
         # Link /etc/pki/<instance>/context.xml
@@ -148,7 +146,7 @@ def spawn(self, deployer):
         # to /usr/share/pki/server/conf/logging.properties.
         instance.symlink(
             os.path.join(shared_conf_path, 'logging.properties'),
-            os.path.join(instance_conf_path, 'logging.properties'),
+            os.path.join(instance.conf_dir, 'logging.properties'),
             exist_ok=True)
 
         # Copy /usr/share/pki/server/conf/tomcat.conf
@@ -169,7 +167,7 @@ def spawn(self, deployer):
         # /var/lib/pki/<instance>/conf/tomcat.conf.
         deployer.file.copy_with_slot_substitution(
             os.path.join(shared_conf_path, 'tomcat.conf'),
-            os.path.join(instance_conf_path, 'tomcat.conf'),
+            os.path.join(instance.conf_dir, 'tomcat.conf'),
             overwrite_flag=True)
 
         # Link /etc/pki/<instance>/web.xml
@@ -178,7 +176,7 @@ def spawn(self, deployer):
         instance.symlink(web_xml, instance.web_xml, exist_ok=True)
 
         # Create /etc/pki/<instance>/Catalina
-        catalina_dir = os.path.join(instance_conf_path, 'Catalina')
+        catalina_dir = os.path.join(instance.conf_dir, 'Catalina')
         instance.makedirs(catalina_dir, exist_ok=True)
 
         # Create /etc/pki/<instance>/Catalina/localhost
@@ -239,7 +237,7 @@ def spawn(self, deployer):
         # Link /var/lib/pki/<instance>/conf to /etc/pki/<instance>
         conf_link = os.path.join(instance.base_dir, 'conf')
         deployer.symlink.create(
-            instance_conf_path,
+            instance.conf_dir,
             conf_link)
 
         # Link /var/lib/pki/<instance>/logs to /var/log/pki/<instance>
@@ -315,9 +313,9 @@ def destroy(self, deployer):
             pki.util.rmtree(path=instance.log_dir,
                             force=deployer.force)
 
-        logger.info('Removing %s', deployer.mdict['pki_instance_configuration_path'])
+        logger.info('Removing %s', instance.conf_dir)
         pki.util.rmtree(
-            path=deployer.mdict['pki_instance_configuration_path'],
+            path=instance.conf_dir,
             force=deployer.force)
 
         logger.info('Removing %s', instance.service_conf)

base/server/python/pki/server/deployment/scriptlets/security_databases.py

@@ -66,7 +66,7 @@ def spawn(self, deployer):
         # which ONLY contains the 'password' for the purposes of
         # allowing 'certutil' to generate the security databases
 
-        pki_shared_pfile = os.path.join(deployer.mdict['pki_instance_configuration_path'], 'pfile')
+        pki_shared_pfile = os.path.join(instance.conf_dir, 'pfile')
 
         logger.info('Creating password file: %s', pki_shared_pfile)
         deployer.password.create_password_conf(
@@ -524,8 +524,7 @@ def update_external_certs_conf(self, external_path, deployer):
 
         if len(external_certs) > 0:
             deployer.load_external_certs(
-                os.path.join(deployer.mdict['pki_instance_configuration_path'],
-                             'external_certs.conf')
+                os.path.join(self.instance.conf_dir, 'external_certs.conf')
             )
 
             for cert in external_certs:

base/server/python/pki/server/deployment/scriptlets/webapp_deployment.py

@@ -43,10 +43,10 @@ def destroy(self, deployer):
 
         logger.info('Undeploying /%s web application', deployer.mdict['pki_subsystem'].lower())
 
-        # Delete <instance>/Catalina/localhost/<subsystem>.xml if exists
+        # Delete /etc/pki/<instance>/Catalina/localhost/<subsystem>.xml if exists
 
         context_xml = os.path.join(
-            deployer.mdict['pki_instance_configuration_path'],
+            self.instance.conf_dir,
             'Catalina',
             'localhost',
             deployer.mdict['pki_subsystem'].lower() + '.xml')

docs/manuals/man5/pki_default.cfg.5.md

@@ -533,7 +533,7 @@ Defaults to False.
 **pki_cert_chain_path**  
 Required for the second step of a stand-alone PKI process.
 This is the location of the file containing the external CA signing certificate (as issued by the external CA).
-Defaults to '%(pki_instance_configuration_path)s/external_ca.cert'.
+Defaults to /etc/pki/*instance_name*/external_ca.cert.
 
 **pki_ca_signing_cert_path**  
 Required for the second step of a stand-alone PKI process.