Update docs to use standard conf dir

wiki/Auditd.mediawiki

@@ -15,7 +15,7 @@ $ auditctl -l
 == Adding File System Rules ==
 
 <pre>
-$ auditctl -w /etc/pki/pki-tomcat/server.xml -p wa
+$ auditctl -w /var/lib/pki/pki-tomcat/conf/server.xml -p wa
 </pre>
 
 == Adding System Call Rules ==
@@ -29,7 +29,7 @@ $ auditctl -a always,exit -S all -F auid=pkiuser
 == Removing File System Rules ==
 
 <pre>
-$ auditctl -W /etc/pki/pki-tomcat/server.xml -p wa
+$ auditctl -W /var/lib/pki/pki-tomcat/conf/server.xml -p wa
 </pre>
 
 == Removing System Call Rules ==

wiki/CA_Configuration.mediawiki

@@ -1,8 +1,8 @@
 = Overview =
 
 Configuration files:
-* /etc/pki/pki-tomcat/ca/CS.cfg or /var/lib/pki/pki-tomcat/ca/conf/CS.cfg
-* /etc/pki/pki-tomcat/ca/registry.cfg
+* /var/lib/pki/pki-tomcat/conf/ca/CS.cfg
+* /var/lib/pki/pki-tomcat/conf/ca/registry.cfg
 
 CS.cfg is read by CMSStartServlet.
 

wiki/Customizing_PKI_Subsystem.mediawiki

@@ -5,7 +5,7 @@ Each PKI subsystem has a corresponding web application which contains:
 * web.xml which defines servlets, paths, security constraints, etc.
 * links to PKI libraries
 
-The subsystem web applications are deployed using context files located in /etc/pki/<font color="red">pki-tomcat</font>/Catalina/localhost/<font color="red">ca</font>.xml:
+The subsystem web applications are deployed using context files located in /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml:
 
  <Context docBase="/usr/share/pki/<font color="red">ca</font>/webapps/<font color="red">ca</font>" crossContext="true" allowLinking="true">
      ...
@@ -43,7 +43,7 @@ To create a shallow copy of the web application, create a folder in the instance
 
 = Configuring Web Application Context =
 
-To use the customized web application, change the docBase in /etc/pki/<font color="red">pki-tomcat</font>/Catalina/localhost/<font color="red">ca</font>.xml to point to the custom web application folder relative from the webapps folder:
+To use the customized web application, change the docBase in /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml to point to the custom web application folder relative from the webapps folder:
 
  <Context docBase="<font color="red">ca</font>" crossContext="true" allowLinking="true">
      ...

wiki/Customizing_PKI_Theme.mediawiki

@@ -10,7 +10,7 @@ The subsystem web applications in the same instance share the same theme.
 
 = Deployment =
 
-The theme is deployed in Tomcat by creating /etc/pki/<font color="red">pki-tomcat</font>/Catalina/localhost/pki.xml:
+The theme is deployed in Tomcat by creating /var/lib/pki/pki-tomcat/conf/Catalina/localhost/pki.xml:
 
 <pre>
 <Context docBase="/usr/share/pki/common-ui" crossContext="true" allowLinking="true">

wiki/Design_for_Migrating_a_Dogtag_9_Instance_to_a_Dogtag_10_Instance.mediawiki

@@ -355,7 +355,7 @@ Cloned CA:
 < cmsgateway._007=##   (3) Edit '/var/lib/pki-ca/conf/CS.cfg'
 ---
 > cmsgateway._006=##   (2) Type:  'service pki-tomcat stop'
-> cmsgateway._007=##   (3) Edit '/etc/pki/pki-tomcat/ca/CS.cfg'
+> cmsgateway._007=##   (3) Edit '/var/lib/pki/pki-tomcat/conf/ca/CS.cfg'
 693c694
 < cmsgateway._013=##   (4) Type:  'service pki-ca start'
 ---

wiki/Enabling_Password_Authentication.mediawiki

@@ -8,7 +8,7 @@ Under certain circumstances (e.g. [https://pagure.io/dogtagpki/issue/1752 ticket
 
 The default list of allowed authentication methods is stored in /usr/share/pki/<font color="red">ca</font>/conf/auth-method.properties. To customize the list for a particular instance, copy the file into the appropriate subsystem configuration folder, for example:
 
- $ cp /usr/share/pki/<font color="red">ca</font>/conf/auth-method.properties /etc/pki/pki-tomcat/<font color="red">ca</font>/
+ $ cp /usr/share/pki/<font color="red">ca</font>/conf/auth-method.properties /var/lib/pki/pki-tomcat/conf/ca/
 
 Edit the copied file, add passwdUserDBAuthMgr to the REST operations as needed:
 

wiki/PKI_10.3_Subsystem_Debug_Log.mediawiki

@@ -10,7 +10,7 @@ PKI server logging can be configured using the following logging frameworks:
 
 Tomcat uses JUL as the default logging framework. The configuration is described in [http://tomcat.apache.org/tomcat-7.0-doc/logging.html Tomcat 7 Logging Configuration] and [http://tomcat.apache.org/tomcat-8.0-doc/logging.html Tomcat 8 Logging Configuration].
 
-The default configuration is located at /usr/share/pki/server/conf/logging.properties. During server deployment a link will be created at /etc/pki/<font color="red">pki-tomcat</font>/logging.properties.
+The default configuration is located at /usr/share/pki/server/conf/logging.properties. During server deployment a link will be created at /var/lib/pki/pki-tomcat/conf/logging.properties.
 
 By default only log messages with level WARNING or higher will be logged on the console (i.e. systemd journal).
 
@@ -27,9 +27,9 @@ The systemd journal can be viewed with the following command:
 
 To customize JUL configuration, replace the link with a copy of the default configuration:
 
- $ rm -f /etc/pki/<font color="red">pki-tomcat</font>/logging.properties
- $ cp /usr/share/pki/server/conf/logging.properties /etc/pki/<font color="red">pki-tomcat</font>
- $ chown pkiuser.pkiuser /etc/pki/<font color="red">pki-tomcat</font>/logging.properties
+ $ rm -f /var/lib/pki/pki-tomcat/conf/logging.properties
+ $ cp /usr/share/pki/server/conf/logging.properties /var/lib/pki/pki-tomcat/conf
+ $ chown pkiuser.pkiuser /var/lib/pki/pki-tomcat/conf/logging.properties
 
 Then edit the file as needed. For example, to troubleshoot PKI issues add the following lines:
 
@@ -88,7 +88,7 @@ For more information see the following documents:
 
 Each PKI subsystem uses an internal logging framework for debugging purposes.
 
-The logging configuration is stored in /etc/pki/<font color="red">instance</font>/<font color="red">subsystem</font>/CS.cfg:
+The logging configuration is stored in /var/lib/pki/instance/conf/subsystem/CS.cfg:
 
  debug.enabled=true
  debug.level=0

wiki/PKI_10.5_Server_Configuration.mediawiki

@@ -1,7 +1,7 @@
 = Server Configuration =
 
 <pre>
-$ ls -la /etc/pki/pki-tomcat
+$ ls -la /var/lib/pki/pki-tomcat/conf
 total 260
 drwxrwx---.  5 pkiuser pkiuser   4096 Mar 13 17:37 .
 drwxr-xr-x. 17 root    root       285 Mar 13 17:36 ..
@@ -29,7 +29,7 @@ lrwxrwxrwx.  1 pkiuser pkiuser     45 Mar 13 17:36 logging.properties -> /usr/sh
 = Web Application Contexts =
 
 <pre>
-$ ls -la /etc/pki/pki-tomcat/Catalina/localhost
+$ ls -la /var/lib/pki/pki-tomcat/conf/Catalina/localhost
 total 12
 drwxrwx---. 2 pkiuser pkiuser   51 Mar 13 17:36 .
 drwxrwx---. 3 pkiuser pkiuser   23 Feb 22 06:51 ..

wiki/PKI_10.5_Server_Logging.mediawiki

@@ -16,7 +16,7 @@ See [https://github.com/dogtagpki/pki/wiki/Configuring-Server-Access-Log PKI Con
 
 == Subsystem Access Log ==
 
-The log configuration is defined in /etc/pki/<font color="red">pki-tomcat</font>/<font color="red">ca</font>/CS.cfg:
+The log configuration is defined in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg:
 
 <pre>
 log.impl.file.class=com.netscape.cms.logging.RollingLogFile

wiki/PKI_10.6_Server_Configuration.mediawiki

@@ -1,8 +1,8 @@
 = Server Configuration Files =
 
-The main server configuration is located in /etc/pki/<font color="red">pki-tomcat</font>:
+The main server configuration is located in /var/lib/pki/pki-tomcat/conf:
 
- $ ls -la /etc/pki/<font color="red">pki-tomcat</font>
+ $ ls -la /var/lib/pki/pki-tomcat/conf
  total 120
  drwxrwx---. 5 pkiuser pkiuser  4096 Mar 13 15:42 .
  drwxr-xr-x. 9 root    root     4096 Mar 13 15:41 ..
@@ -41,7 +41,7 @@ The PKI Tomcat configuration is located at [https://github.com/dogtagpki/pki/blo
 NSS_DEFAULT_DB_TYPE="sql"
 </pre>
 
-The instance Tomcat configuration is located at [https://github.com/dogtagpki/pki/blob/master/base/server/share/conf/tomcat.conf /etc/pki/<instance>/tomcat.conf]:
+The instance Tomcat configuration is located at [https://github.com/dogtagpki/pki/blob/master/base/server/share/conf/tomcat.conf /var/lib/pki/<instance>/conf/tomcat.conf]:
 
 <pre>
 # --- BEGIN COPYRIGHT BLOCK ---
@@ -115,9 +115,9 @@ USE_NUXWDOG="false"
 
 = Web Application Contexts =
 
-The web application context files are stored in /etc/pki/<font color="red">pki-tomcat</font>/Catalina/localhost:
+The web application context files are stored in /var/lib/pki/pki-tomcat/conf/Catalina/localhost:
 
- $ ls -la /etc/pki/<font color="red">pki-tomcat</font>/Catalina/localhost
+ $ ls -la /var/lib/pki/pki-tomcat/conf/Catalina/localhost
  total 20
  drwxrwx---. 2 pkiuser pkiuser 4096 Mar 12 23:43 .
  drwxrwx---. 3 pkiuser pkiuser 4096 Mar 12 23:41 ..

wiki/PKI_10.6_Server_Logging.mediawiki

@@ -20,7 +20,7 @@ See [https://github.com/dogtagpki/pki/wiki/Configuring-Server-Access-Log PKI Con
 
 == Subsystem Access Log ==
 
-The log configuration is defined in /etc/pki/<font color="red">pki-tomcat</font>/<font color="red">ca</font>/CS.cfg:
+The log configuration is defined in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg:
 
 <pre>
 log.impl.file.class=com.netscape.cms.logging.RollingLogFile

wiki/PKI_10_Server_Logging.mediawiki

@@ -16,7 +16,7 @@ See [https://github.com/dogtagpki/pki/wiki/Configuring-Server-Access-Log Configu
 
 == Subsystem Access Log ==
 
-The log configuration is defined in /etc/pki/<font color="red">pki-tomcat</font>/<font color="red">ca</font>/CS.cfg:
+The log configuration is defined in /var/lib/pki/pki-tomcat/conf/ca/CS.cfg:
 
 <pre>
 log.impl.file.class=com.netscape.cms.logging.RollingLogFile

wiki/PKI_Server_Authentication.mediawiki

@@ -75,7 +75,7 @@ The default configuration files are located in the following locations:
 
 To customize the authentication methods, copy the default configuration file into the subsystem configuration folder, for example:
 
- $ cp /usr/share/pki/<font color="red">ca</font>/conf/auth-method.properties /etc/pki/pki-tomcat/<font color="red">ca</font>/
+ $ cp /usr/share/pki/<font color="red">ca</font>/conf/auth-method.properties /var/lib/pki/pki-tomcat/conf/ca/
 
 Edit it as needed, then restart the server.
 

wiki/PKI_Upgrade_Framework.mediawiki

@@ -111,8 +111,8 @@ The upgrade process will be done one scriptlet at a time. In each scriptlet all
 
 The upgrade process will be tracked using some properties stored in the following files:
 * system: /etc/pki/pki.version
-* instance: /etc/pki/<instance>/tomcat.conf
-* subsystem: /etc/pki/<instance>/<subsystem>/CS.cfg
+* instance: /var/lib/pki/<instance>/conf/tomcat.conf
+* subsystem: /var/lib/pki/<instance>/conf/<subsystem>/CS.cfg
 
 System tracker uses the following properties:
 * version: Configuration-Version

wiki/PKI_Version_Number.mediawiki

@@ -90,7 +90,7 @@ Configuration-Version: %{version}"
 
 = PKI Version Number in Server Configuration =
 
-In /etc/pki/<instance>/tomcat.conf:
+In /var/lib/pki/<instance>/conf/tomcat.conf:
 
 <pre>
 PKI_VERSION=[APPLICATION_VERSION]

wiki/Recovery.mediawiki

@@ -48,8 +48,8 @@ See [[System Certificate Cache]].
 Some parameters in CS.cfg contain private key IDs. The IDs can be retrieved from the NSS database with the following commands:
 
 <pre>
-$ cat /etc/pki/pki-tomcat/password.conf | grep internal= | awk -F '=' '{print $2}' > /etc/pki/pki-tomcat/alias/password.txt
-$ certutil -K -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/alias/password.txt
+$ cat /var/lib/pki/pki-tomcat/conf/password.conf | grep internal= | awk -F '=' '{print $2}' > /var/lib/pki/pki-tomcat/conf/alias/password.txt
+$ certutil -K -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/alias/password.txt
 </pre>
 
 In the CS.cfg the IDs are stored as signed hexadecimal numbers. In the NSS database the IDs are stored as unsigned hexadecimal numbers, so they need to be converted with the following program.
@@ -89,25 +89,25 @@ $ java -cp . KeyIDConverter <unsigned hexadecimal private key ID>
 === cloning.audit_signing.privkey.id ===
 
 <pre>
-$ certutil -K -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/alias/password.txt -n "auditSigningCert cert-pki-ca"
+$ certutil -K -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/alias/password.txt -n "auditSigningCert cert-pki-ca"
 </pre>
 
 === cloning.ocsp_signing.privkey.id ===
 
 <pre>
-$ certutil -K -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/alias/password.txt -n "ocspSigningCert cert-pki-ca"
+$ certutil -K -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/alias/password.txt -n "ocspSigningCert cert-pki-ca"
 </pre>
 
 === cloning.signing.privkey.id ===
 
 <pre>
-$ certutil -K -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/alias/password.txt -n "caSigningCert cert-pki-ca"
+$ certutil -K -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/alias/password.txt -n "caSigningCert cert-pki-ca"
 </pre>
 
 === cloning.subsystem.privkey.id ===
 
 <pre>
-$ certutil -K -d /etc/pki/pki-tomcat/alias -f /etc/pki/pki-tomcat/alias/password.txt -n "subsystemCert cert-pki-ca"
+$ certutil -K -d /var/lib/pki/pki-tomcat/conf/alias -f /var/lib/pki/pki-tomcat/conf/alias/password.txt -n "subsystemCert cert-pki-ca"
 </pre>
 
 == Restore public key moduli and exponents ==

wiki/TPS_Roles.mediawiki

@@ -27,7 +27,7 @@ By default a TPS administrator is allowed to access the following TPS components
 * Profiles
 * Profile_Mappings
 
-This can be configured in the following property in /etc/pki/<font color="red">pki-tomcat</font>/tps/CS.cfg:
+This can be configured in the following property in /var/lib/pki/pki-tomcat/conf/tps/CS.cfg:
 
  target.configure.list=<font color="red">Authentication_Sources,Subsystem_Connections,Profiles,Profile_Mappings</font>
 

wiki/Tomcat_SSL_Configuration_with_JSS.mediawiki

@@ -43,8 +43,8 @@ To export an existing SSL server certificate and key from a PKI server into a PK
  $ pki-server cert-export \
      sslserver \
      --instance "pki-tomcat" \
-     --pkcs12-file "/etc/pki/pki-tomcat/keystore.p12" \
-     --pkcs12-password-file "/etc/pki/pki-tomcat/keystore.pwd" \
+     --pkcs12-file "/var/lib/pki/pki-tomcat/conf/keystore.p12" \
+     --pkcs12-password-file "/var/lib/pki/pki-tomcat/conf/keystore.pwd" \
      --friendly-name "sslserver" \
      --cert-encryption "PBE/SHA1/RC2-40" \
      --key-encryption "PBE/SHA1/DES3/CBC"

wiki/Upgrading_Custom_PKI_Subsystem.mediawiki

@@ -20,7 +20,7 @@ Here are the existing webapps:
 * https://github.com/dogtagpki/pki/tree/master/base/tks/shared/webapps/tks
 * https://github.com/dogtagpki/pki/tree/master/base/tps/shared/webapps/tps
 
-The webapp is deployed in Tomcat by creating a deployment descriptor in /etc/pki/<font color="red">pki-tomcat</font>/Catalina/localhost/<font color="red">ca</font>.xml.
+The webapp is deployed in Tomcat by creating a deployment descriptor in /var/lib/pki/pki-tomcat/conf/Catalina/localhost/ca.xml.
 The deployment descriptor contains a '''docBase''' parameter which points to a directory that contains the webapp files.
 
 Currently by default the PKI installer will set the '''docBase''' to point to the default webapp in /usr/share/pki/<font color="red">ca</font>/webapps/<font color="red">ca</font>, which is a directory owned by a PKI package.

wiki/VisualVM.mediawiki

@@ -24,7 +24,7 @@ $ semanage port -a -t http_port_t -p tcp 8010
 
 Define the following Java system properties in Tomcat configuration.
 For [https://github.com/dogtagpki/pki/wiki/PKI-Systemd-Service PKI Systemd Service], the Tomcat configuration is in /etc/sysconfig/pki-tomcat.
-For standalone PKI server, the Tomcat configuration is in /etc/pki/pki-tomcat/tomcat.conf.
+For standalone PKI server, the Tomcat configuration is in /var/lib/pki/pki-tomcat/conf/tomcat.conf.
 
 <pre>
 JAVA_OPTS="-Dcom.sun.management.jmxremote.port=8010 -Dcom.sun.management.jmxremote.ssl=false -Dcom.sun.management.jmxremote.authenticate=false"