Generate tmpfiles config at install time

We do not want to generate runtime directories just because the packages
are installed, but only if the server is actually setup and run. Also this
will be needed later because we will create a user at install time and some
tmpfiles will need to be owned by this user.
As we are changing this code also rationalize the directory structure and
move it from the http rundir to the ipa specific rundir.

https://fedorahosted.org/freeipa/ticket/5959

Signed-off-by: Simo Sorce <simo@redhat.com>
Reviewed-By: Jan Cholasta <jcholast@redhat.com>

3 files changed, 4 insertions, 1 deletions

diff --git a/install/conf/ipa.conf b/install/conf/ipa.conf
index 6ae416353..ce2ea74a1 100644
--- a/install/conf/ipa.conf
+++ b/install/conf/ipa.conf
@@ -71,7 +71,7 @@ WSGIScriptReloading Off
 
   GssapiCredStore keytab:/etc/httpd/conf/ipa.keytab
   GssapiCredStore client_keytab:/etc/httpd/conf/ipa.keytab
-  GssapiDelegCcacheDir /var/run/httpd/ipa/clientcaches
+  GssapiDelegCcacheDir /var/run/ipa/ccaches
   GssapiUseS4U2Proxy on
   GssapiAllowedMech krb5
   Require valid-user
diff --git a/install/share/Makefile.am b/install/share/Makefile.am
index 6f35a329e..72f474a47 100644
--- a/install/share/Makefile.am
+++ b/install/share/Makefile.am
@@ -88,6 +88,7 @@ dist_app_DATA =				\
 	kdcproxy-disable.uldif		\
 	ipa-httpd.conf.template		\
 	gssapi.login			\
+	ipa.conf.tmpfiles		\
 	$(NULL)
 
 kdcproxyconfdir = $(IPA_SYSCONF_DIR)/kdcproxy
diff --git a/install/share/ipa.conf.tmpfiles b/install/share/ipa.conf.tmpfiles
new file mode 100644
index 000000000..3037787da
--- /dev/null
+++ b/install/share/ipa.conf.tmpfiles
@@ -0,0 +1,2 @@
+d /var/run/ipa 0700 root root
+d /var/run/ipa/ccaches 0700 apache apache