Make default pki directory configurable

The files in /etc/salt/pki are not configuration files in the sense of the FHS ("local file used to control the operation of a program"). Debian wants to change the default location to /var/lib/salt/pki (to properly follow FHS and to allow setting StateDirectory in the salt master systemd configuration). Therefore introduce a STATE_DIR syspaths variable which defaults to CONFIG_DIR, but can be individually customized. fixes saltstack#3396 Bug-Debian: https://bugs.debian.org/698898 Forwarded: saltstack#46277
bdrung · Jan 22, 2020 · 6ec2931 · 6ec2931
1 parent 9be16a2
commit 6ec2931
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 4 deletions.
diff --git a/salt/config/__init__.py b/salt/config/__init__.py
@@ -1242,7 +1242,7 @@ def _gather_buffer_space():
     'syndic_finger': '',
     'user': salt.utils.user.get_user(),
     'root_dir': salt.syspaths.ROOT_DIR,
-    'pki_dir': os.path.join(salt.syspaths.CONFIG_DIR, 'pki', 'minion'),
+    'pki_dir': os.path.join(salt.syspaths.STATE_DIR, 'pki', 'minion'),
     'id': '',
     'id_function': {},
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'minion'),
@@ -1543,7 +1543,7 @@ def _gather_buffer_space():
     'keep_jobs': 24,
     'archive_jobs': False,
     'root_dir': salt.syspaths.ROOT_DIR,
-    'pki_dir': os.path.join(salt.syspaths.CONFIG_DIR, 'pki', 'master'),
+    'pki_dir': os.path.join(salt.syspaths.STATE_DIR, 'pki', 'master'),
     'key_cache': '',
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'master'),
     'file_roots': {
@@ -1897,7 +1897,7 @@ def _gather_buffer_space():
 
     'proxy_keep_alive': True,  # by default will try to keep alive the connection
     'proxy_keep_alive_interval': 1,  # frequency of the proxy keepalive in minutes
-    'pki_dir': os.path.join(salt.syspaths.CONFIG_DIR, 'pki', 'proxy'),
+    'pki_dir': os.path.join(salt.syspaths.STATE_DIR, 'pki', 'proxy'),
     'cachedir': os.path.join(salt.syspaths.CACHE_DIR, 'proxy'),
     'sock_dir': os.path.join(salt.syspaths.SOCK_DIR, 'proxy'),
 }

diff --git a/salt/syspaths.py b/salt/syspaths.py
@@ -33,7 +33,7 @@
     import types
     __generated_syspaths = types.ModuleType(str('salt._syspaths'))  # future lint: blacklisted-function
     for key in ('ROOT_DIR', 'CONFIG_DIR', 'CACHE_DIR', 'SOCK_DIR',
-                'SRV_ROOT_DIR', 'BASE_FILE_ROOTS_DIR', 'HOME_DIR',
+                'SRV_ROOT_DIR', 'STATE_DIR', 'BASE_FILE_ROOTS_DIR', 'HOME_DIR',
                 'BASE_PILLAR_ROOTS_DIR', 'BASE_THORIUM_ROOTS_DIR',
                 'BASE_MASTER_ROOTS_DIR', 'LOGS_DIR', 'PIDFILE_DIR',
                 'SPM_PARENT_PATH', 'SPM_FORMULA_PATH',
@@ -100,6 +100,10 @@
 if SRV_ROOT_DIR is None:
     SRV_ROOT_DIR = os.path.join(ROOT_DIR, 'srv')
 
+STATE_DIR = __generated_syspaths.STATE_DIR
+if STATE_DIR is None:
+    STATE_DIR = CONFIG_DIR
+
 BASE_FILE_ROOTS_DIR = __generated_syspaths.BASE_FILE_ROOTS_DIR
 if BASE_FILE_ROOTS_DIR is None:
     BASE_FILE_ROOTS_DIR = os.path.join(SRV_ROOT_DIR, 'salt')

diff --git a/setup.py b/setup.py
@@ -305,6 +305,7 @@ def run(self):
                 cache_dir=self.distribution.salt_cache_dir,
                 sock_dir=self.distribution.salt_sock_dir,
                 srv_root_dir=self.distribution.salt_srv_root_dir,
+                state_dir=self.distribution.salt_state_dir,
                 base_file_roots_dir=self.distribution.salt_base_file_roots_dir,
                 base_pillar_roots_dir=self.distribution.salt_base_pillar_roots_dir,
                 base_master_roots_dir=self.distribution.salt_base_master_roots_dir,
@@ -679,6 +680,7 @@ def run(self):
 CACHE_DIR = {cache_dir!r}
 SOCK_DIR = {sock_dir!r}
 SRV_ROOT_DIR= {srv_root_dir!r}
+STATE_DIR = {state_dir!r}
 BASE_FILE_ROOTS_DIR = {base_file_roots_dir!r}
 BASE_PILLAR_ROOTS_DIR = {base_pillar_roots_dir!r}
 BASE_MASTER_ROOTS_DIR = {base_master_roots_dir!r}
@@ -811,6 +813,8 @@ class SaltDistribution(distutils.dist.Distribution):
          'Salt\'s pre-configured socket directory'),
         ('salt-srv-root-dir=', None,
          'Salt\'s pre-configured service directory'),
+        ('salt-state-dir=', None,
+         'Salt\'s pre-configured variable state directory (used for storing pki data)'),
         ('salt-base-file-roots-dir=', None,
          'Salt\'s pre-configured file roots directory'),
         ('salt-base-pillar-roots-dir=', None,
@@ -844,6 +848,7 @@ def __init__(self, attrs=None):
         self.salt_cache_dir = None
         self.salt_sock_dir = None
         self.salt_srv_root_dir = None
+        self.salt_state_dir = None
         self.salt_base_file_roots_dir = None
         self.salt_base_thorium_roots_dir = None
         self.salt_base_pillar_roots_dir = None