Make default pki directory configurable

The files in /etc/salt/pki are not configuration files in the sense of the FHS ("local file used to control the operation of a program"). Debian wants to change the default location to /var/lib/salt/pki (to properly follow FHS and to allow setting StateDirectory in the salt master systemd configuration). Therefore introduce a VARIABLE_STATE_DIR syspaths variable which defaults to CONFIG_DIR, but can be individually customized. fixes saltstack#3396 Bug-Debian: https://bugs.debian.org/698898
bdrung · Mar 15, 2018 · d515b38 · d515b38
1 parent 90173b5
commit d515b38
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/salt/config/__init__.py b/salt/config/__init__.py
@@ -1211,7 +1211,7 @@ def _gather_buffer_space():
     'syndic_finger': '',
     'user': salt.utils.user.get_user(),
     'root_dir': salt.syspaths.ROOT_DIR,
-    'pki_dir': os.path.join(salt.syspaths.CONFIG_DIR, 'pki', 'minion'),
+    'pki_dir': os.path.join(salt.syspaths.VARIABLE_STATE_DIR, 'pki', 'minion'),
     'id': '',
     'id_function': {},
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'minion'),
@@ -1502,7 +1502,7 @@ def _gather_buffer_space():
     'keep_jobs': 24,
     'archive_jobs': False,
     'root_dir': salt.syspaths.ROOT_DIR,
-    'pki_dir': os.path.join(salt.syspaths.CONFIG_DIR, 'pki', 'master'),
+    'pki_dir': os.path.join(salt.syspaths.VARIABLE_STATE_DIR, 'pki', 'master'),
     'key_cache': '',
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'master'),
     'file_roots': {
@@ -1848,7 +1848,7 @@ def _gather_buffer_space():
 
     'proxy_keep_alive': True,  # by default will try to keep alive the connection
     'proxy_keep_alive_interval': 1,  # frequency of the proxy keepalive in minutes
-    'pki_dir': os.path.join(salt.syspaths.CONFIG_DIR, 'pki', 'proxy'),
+    'pki_dir': os.path.join(salt.syspaths.VARIABLE_STATE_DIR, 'pki', 'proxy'),
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'proxy'),
     'sock_dir': os.path.join(salt.syspaths.SOCK_DIR, 'proxy'),
 }

diff --git a/salt/syspaths.py b/salt/syspaths.py
@@ -37,7 +37,7 @@
                 'BASE_PILLAR_ROOTS_DIR', 'BASE_THORIUM_ROOTS_DIR',
                 'BASE_MASTER_ROOTS_DIR', 'LOGS_DIR', 'PIDFILE_DIR',
                 'SPM_FORMULA_PATH', 'SPM_PILLAR_PATH', 'SPM_REACTOR_PATH',
-                'SHARE_DIR'):
+                'SHARE_DIR', 'VARIABLE_STATE_DIR'):
         setattr(__generated_syspaths, key, None)
 
 
@@ -100,6 +100,10 @@
 if SRV_ROOT_DIR is None:
     SRV_ROOT_DIR = os.path.join(ROOT_DIR, 'srv')
 
+VARIABLE_STATE_DIR = __generated_syspaths.VARIABLE_STATE_DIR
+if VARIABLE_STATE_DIR is None:
+    VARIABLE_STATE_DIR = CONFIG_DIR
+
 BASE_FILE_ROOTS_DIR = __generated_syspaths.BASE_FILE_ROOTS_DIR
 if BASE_FILE_ROOTS_DIR is None:
     BASE_FILE_ROOTS_DIR = os.path.join(SRV_ROOT_DIR, 'salt')

diff --git a/setup.py b/setup.py
@@ -229,6 +229,7 @@ def run(self):
                 cache_dir=self.distribution.salt_cache_dir,
                 sock_dir=self.distribution.salt_sock_dir,
                 srv_root_dir=self.distribution.salt_srv_root_dir,
+                variable_state_dir=self.distribution.salt_variable_state_dir,
                 base_file_roots_dir=self.distribution.salt_base_file_roots_dir,
                 base_pillar_roots_dir=self.distribution.salt_base_pillar_roots_dir,
                 base_master_roots_dir=self.distribution.salt_base_master_roots_dir,
@@ -705,6 +706,7 @@ def run(self):
 CACHE_DIR = {cache_dir!r}
 SOCK_DIR = {sock_dir!r}
 SRV_ROOT_DIR = {srv_root_dir!r}
+VARIABLE_STATE_DIR = {variable_state_dir!r}
 BASE_FILE_ROOTS_DIR = {base_file_roots_dir!r}
 BASE_PILLAR_ROOTS_DIR = {base_pillar_roots_dir!r}
 BASE_MASTER_ROOTS_DIR = {base_master_roots_dir!r}
@@ -845,6 +847,8 @@ class SaltDistribution(distutils.dist.Distribution):
          'Salt\'s pre-configured socket directory'),
         ('salt-srv-root-dir=', None,
          'Salt\'s pre-configured service directory'),
+        ('salt-state-dir=', None,
+         'Salt\'s pre-configured variable state directory (used for storing pki data)'),
         ('salt-base-file-roots-dir=', None,
          'Salt\'s pre-configured file roots directory'),
         ('salt-base-pillar-roots-dir=', None,
@@ -878,6 +882,7 @@ def __init__(self, attrs=None):
         self.salt_cache_dir = None
         self.salt_sock_dir = None
         self.salt_srv_root_dir = None
+        self.salt_variable_state_dir = None
         self.salt_base_file_roots_dir = None
         self.salt_base_thorium_roots_dir = None
         self.salt_base_pillar_roots_dir = None