From b08f5477dcb8703e88cdd61dd11fdc334ad89df1 Mon Sep 17 00:00:00 2001
From: Gunnar Beutner <gunnar.beutner@icinga.com>
Date: Wed, 23 Aug 2017 12:18:45 +0200
Subject: [PATCH] Change PKI path from /etc/icinga2/pki to /var/lib/icinga2/pki

refs #5450
---
 etc/icinga2/features-available/api.conf |  6 +++---
 lib/cli/nodesetupcommand.cpp            | 12 ++++++------
 lib/cli/nodewizardcommand.cpp           | 14 +++++++-------
 lib/cli/pkiutility.cpp                  |  2 +-
 4 files changed, 17 insertions(+), 17 deletions(-)

diff --git a/etc/icinga2/features-available/api.conf b/etc/icinga2/features-available/api.conf
index 0136de0b2..588c4c655 100644
--- a/etc/icinga2/features-available/api.conf
+++ b/etc/icinga2/features-available/api.conf
@@ -3,9 +3,9 @@
  */
 
 object ApiListener "api" {
-  cert_path = SysconfDir + "/icinga2/pki/" + NodeName + ".crt"
-  key_path = SysconfDir + "/icinga2/pki/" + NodeName + ".key"
-  ca_path = SysconfDir + "/icinga2/pki/ca.crt"
+  cert_path = LocalStateDir + "/lib/icinga2/pki/" + NodeName + ".crt"
+  key_path = LocalStateDir + "/lib/icinga2/pki/" + NodeName + ".key"
+  ca_path = LocalStateDir + "/lib/icinga2/pki/ca.crt"
 
   ticket_salt = TicketSalt
 }
diff --git a/lib/cli/nodesetupcommand.cpp b/lib/cli/nodesetupcommand.cpp
index 59c343dc0..a80125080 100644
--- a/lib/cli/nodesetupcommand.cpp
+++ b/lib/cli/nodesetupcommand.cpp
@@ -175,9 +175,9 @@ int NodeSetupCommand::SetupMaster(const boost::program_options::variables_map& v
 	    << " * The API listener is used for distributed monitoring setups.\n"
 	    << " */\n"
 	    << "object ApiListener \"api\" {\n"
-	    << "  cert_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".crt\"\n"
-	    << "  key_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".key\"\n"
-	    << "  ca_path = SysconfDir + \"/icinga2/pki/ca.crt\"\n";
+	    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
+	    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
+	    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
 
 	if (vm.count("listen")) {
 		std::vector<String> tokens;
@@ -379,9 +379,9 @@ int NodeSetupCommand::SetupNode(const boost::program_options::variables_map& vm,
 	    << " * The API listener is used for distributed monitoring setups.\n"
 	    << " */\n"
 	    << "object ApiListener \"api\" {\n"
-	    << "  cert_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".crt\"\n"
-	    << "  key_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".key\"\n"
-	    << "  ca_path = SysconfDir + \"/icinga2/pki/ca.crt\"\n";
+	    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
+	    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
+	    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
 
 	if (vm.count("listen")) {
 		std::vector<String> tokens;
diff --git a/lib/cli/nodewizardcommand.cpp b/lib/cli/nodewizardcommand.cpp
index 42bee92f8..37b80f966 100644
--- a/lib/cli/nodewizardcommand.cpp
+++ b/lib/cli/nodewizardcommand.cpp
@@ -91,7 +91,7 @@ int NodeWizardCommand::Run(const boost::program_options::variables_map& vm,
 	 * 5. Local CA
 	 * 6. New self signed certificate
 	 * 7. Request signed certificate from master
-	 * 8. copy key information to /etc/icinga2/pki
+	 * 8. copy key information to /var/lib/icinga2/pki
 	 * 9. enable ApiListener feature
 	 * 10. generate zones.conf with endpoints and zone objects
 	 * 11. set NodeName = cn in constants.conf
@@ -409,9 +409,9 @@ wizard_ticket:
 		    << " * The API listener is used for distributed monitoring setups.\n"
 		    << " */\n"
 		    << "object ApiListener \"api\" {\n"
-		    << "  cert_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".crt\"\n"
-		    << "  key_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".key\"\n"
-		    << "  ca_path = SysconfDir + \"/icinga2/pki/ca.crt\"\n"
+		    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
+		    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
+		    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n"
 		    << "\n"
 		    << "  accept_config = " << accept_config << "\n"
 		    << "  accept_commands = " << accept_commands << "\n";
@@ -531,9 +531,9 @@ wizard_ticket:
 		    << " * The API listener is used for distributed monitoring setups.\n"
 		    << " */\n"
 		    << "object ApiListener \"api\" {\n"
-		    << "  cert_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".crt\"\n"
-		    << "  key_path = SysconfDir + \"/icinga2/pki/\" + NodeName + \".key\"\n"
-		    << "  ca_path = SysconfDir + \"/icinga2/pki/ca.crt\"\n";
+		    << "  cert_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".crt\"\n"
+		    << "  key_path = LocalStateDir + \"/lib/icinga2/pki/\" + NodeName + \".key\"\n"
+		    << "  ca_path = LocalStateDir + \"/lib/icinga2/pki/ca.crt\"\n";
 
 		if (!bind_host.IsEmpty())
 			fp << "  bind_host = \"" << bind_host << "\"\n";
diff --git a/lib/cli/pkiutility.cpp b/lib/cli/pkiutility.cpp
index e43a3af66..aeb385f9f 100644
--- a/lib/cli/pkiutility.cpp
+++ b/lib/cli/pkiutility.cpp
@@ -36,7 +36,7 @@ using namespace icinga;
 
 String PkiUtility::GetPkiPath(void)
 {
-	return Application::GetSysconfDir() + "/icinga2/pki";
+	return Application::GetLocalStateDir() + "/lib/icinga2/pki";
 }
 
 String PkiUtility::GetLocalCaPath(void)