Move default certificate path to /var/lib/foremanctl/certs

docs/user/certificates.md

@@ -71,9 +71,9 @@ foremanctl deploy --certificate-source=installer
 After deployment, certificates are available at:
 
 **Default Source:**
-- CA Certificate: `/root/certificates/certs/ca.crt`
-- Server Certificate: `/root/certificates/certs/<hostname>.crt`
-- Client Certificate: `/root/certificates/certs/<hostname>-client.crt`
+- CA Certificate: `/var/lib/foremanctl/certs/certs/ca.crt`
+- Server Certificate: `/var/lib/foremanctl/certs/certs/<hostname>.crt`
+- Client Certificate: `/var/lib/foremanctl/certs/certs/<hostname>-client.crt`
 
 **Custom Server Source:**
 - CA Certificate: `/root/certificates/certs/ca.crt` (internal CA)
@@ -234,10 +234,10 @@ The `certificate_checks` role uses `foreman-certificate-check` binary to validat
 
 **Directory Structure:**
 ```
-/root/certificates/
-├── certs/           # Public certificates (ca.crt, server-ca.crt, ca-bundle.crt, *.crt)
-├── private/         # Private keys and passwords (ca.key, ca.pwd, *.key)
-└── requests/        # Certificate signing requests (*.csr)
+/var/lib/foremanctl/certs/
+├── certs/           # Public certificates
+├── private/         # Private keys and passwords
+└── requests/        # Certificate signing requests
 ```
 
 **SANs and CNAMEs:**

src/roles/certificates/defaults/main.yml

@@ -1,7 +1,7 @@
 ---
 certificates_source: default
 certificates_ca: true
-certificates_ca_directory: /root/certificates # Change this to /var/lib?
+certificates_ca_directory: /var/lib/foremanctl/certs
 certificates_ca_directory_keys: "{{ certificates_ca_directory }}/private"
 certificates_ca_directory_certs: "{{ certificates_ca_directory }}/certs"
 certificates_ca_directory_requests: "{{ certificates_ca_directory }}/requests"

src/vars/default_certificates.yml

@@ -1,5 +1,5 @@
 ---
-certificates_ca_directory: /root/certificates
+certificates_ca_directory: /var/lib/foremanctl/certs
 ca_key_password: "{{ certificates_ca_directory }}/private/ca.pwd"
 ca_certificate: "{{ certificates_ca_directory }}/certs/ca.crt"
 ca_key: "{{ certificates_ca_directory }}/private/ca.key"

tests/conftest.py

@@ -50,7 +50,8 @@ def client_fqdn(client_hostname):
 def certificates(certificate_source, server_fqdn):
     env = Environment(loader=FileSystemLoader("."), autoescape=select_autoescape())
     template = env.get_template(f"./src/vars/{certificate_source}_certificates.yml")
-    context = {'ansible_facts': {'fqdn': server_fqdn}}
+    context = {'certificates_ca_directory': '/var/lib/foremanctl/certs',
+               'ansible_facts': {'fqdn': server_fqdn}}
     # we have vars that refer to other vars, so load them once and then re-render the template
     context.update(yaml.safe_load(template.render(context)))
     return yaml.safe_load(template.render(context))