Skip to content

Move default certificate path to /var/lib/foremanctl/certs#476

Open
ehelms wants to merge 1 commit intotheforeman:masterfrom
ehelms:switch-var-lib
Open

Move default certificate path to /var/lib/foremanctl/certs#476
ehelms wants to merge 1 commit intotheforeman:masterfrom
ehelms:switch-var-lib

Conversation

@ehelms
Copy link
Copy Markdown
Member

@ehelms ehelms commented Apr 27, 2026

Why are you introducing these changes? (Problem description, related links)

Certificates that are generated and managed by foremanctl should live in an appropriate location on the file system that indicates to the admin. In foreman-installer, these certificates lived in /root/ssl-build which was always seen as a non-standard location. These certificates should not be touched by the user, and thus /var is the best location to store and indicate this to the user.

What are the changes introduced in this pull request?

  • Moves certificate generation and management from /root/certificates to /var/lib/foremanctl/certs.

How to test this pull request

Steps to reproduce:

  • ./foremanctl deploy
  • Check that certificates are present in /var/lib/foremanctl/certs

Checklist

  • Tests added/updated (if applicable)
  • Documentation updated (if applicable)

@ehelms @claude
Move default certificate path to /var/lib/foremanctl/certs
fde2f33 
Certificates are application-managed state, not user-editable config.
/var/lib/foremanctl/certs follows conventions for persistent data
owned by the application rather than /root/certificates which implied
user ownership.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

Not yet reviewed

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@ehelms