[Pkg-salt-team] Bug#698898: Bug#698898: Bug#698898: certificate file locations

[Joe Healy]

Having thought about it for awhile, I think a feasible design is
coming together:

We change via quilt the default config file location. This will deal
with new installations.

To deal with existing installations, we write a script which does the
following in postinst:

We read the /etc/salt/master or /etc/salt/minion config file respectively.

if the pki_dir variable is unchanged (ie equal to
/etc/salt/pki/{master,minion}) or unset then we modify the variable to
/var/lib/salt/{master,minion}/pki and uncomment it if necessary.

If the pki_dir variable is changed from the default then we exit and do nothing.

If we decided to make changes, then we "move" all the files to
the new location.

obviously all changes must be either made or rolled back.

We don't actually need to change the default location via quilt as the
postinst script will change it. But it is probably more obvious for
newcomers and others to have the patch there. Downside is the work is
done in two places - but, in time we could probably delete the script
once we were confident there were not any very early versions out
there...

The other thing that feels a little odd is running a search and
replace on a users config file, but anything else seems worse.

What are your thoughts? I'm not going to have time to implement
anything till after Monday, but the plan seems to be settling.

Cheers,

Joe