mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 05:35:25 +00:00
Make pki_check.sh into an installed & supported tool
* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add in POD man page documentation * tools/.gitignore: Ignore generated virt-pki-validate file * tools/Makefile.am: Install & build virt-pki-validate and virt-pki-validate.1 * docs/remote.html, docs/remote.html.in: Refer to new tool name virt-pki-validate * libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate and virt-pki-validate.1 to files list
This commit is contained in:
parent
f991a00653
commit
3decd4f9f1
@ -582,7 +582,7 @@ client is connecting. The verbose log messages should
|
||||
tell you enough to diagnose the problem.
|
||||
</p>
|
||||
</dd></dl>
|
||||
<p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
|
||||
<p> You can use the virt-pki-validate shell script
|
||||
to analyze the setup on the client or server machines, preferably as root.
|
||||
It will try to point out the possible problems and provide solutions to
|
||||
fix the set up up to a point where you have secure remote access.</p>
|
||||
|
@ -622,7 +622,7 @@ tell you enough to diagnose the problem.
|
||||
</p>
|
||||
</dd>
|
||||
</dl>
|
||||
<p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
|
||||
<p> You can use the virt-pki-validate shell script
|
||||
to analyze the setup on the client or server machines, preferably as root.
|
||||
It will try to point out the possible problems and provide solutions to
|
||||
fix the set up up to a point where you have secure remote access.</p>
|
||||
|
@ -704,8 +704,10 @@ fi
|
||||
|
||||
%{_mandir}/man1/virsh.1*
|
||||
%{_mandir}/man1/virt-xml-validate.1*
|
||||
%{_mandir}/man1/virt-pki-validate.1*
|
||||
%{_bindir}/virsh
|
||||
%{_bindir}/virt-xml-validate
|
||||
%{_bindir}/virt-pki-validate
|
||||
%{_libdir}/lib*.so.*
|
||||
|
||||
%dir %{_datadir}/libvirt/
|
||||
|
@ -80,6 +80,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
%{_mingw32_bindir}/libvirt-0.dll
|
||||
%{_mingw32_bindir}/virsh.exe
|
||||
%{_mingw32_bindir}/virt-xml-validate
|
||||
%{_mingw32_bindir}/virt-pki-validate
|
||||
|
||||
%{_mingw32_libdir}/libvirt.dll.a
|
||||
%{_mingw32_libdir}/libvirt.la
|
||||
@ -105,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
|
||||
|
||||
%{_mingw32_mandir}/man1/virsh.1*
|
||||
%{_mingw32_mandir}/man1/virt-xml-validate.1*
|
||||
%{_mingw32_mandir}/man1/virt-pki-validate.1*
|
||||
|
||||
|
||||
%changelog
|
||||
|
1
tools/.gitignore
vendored
1
tools/.gitignore
vendored
@ -1,4 +1,5 @@
|
||||
virt-xml-validate
|
||||
virt-pki-validate
|
||||
*.1
|
||||
Makefile
|
||||
Makefile.in
|
||||
|
@ -8,12 +8,12 @@ ICON_FILES = \
|
||||
libvirt_win_icon_64x64.ico \
|
||||
virsh_win_icon.rc
|
||||
|
||||
EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virsh.pod
|
||||
EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virt-pki-validate.in virsh.pod
|
||||
|
||||
bin_SCRIPTS = virt-xml-validate
|
||||
bin_SCRIPTS = virt-xml-validate virt-pki-validate
|
||||
bin_PROGRAMS = virsh
|
||||
|
||||
man1_MANS = virt-xml-validate.1 virsh.1
|
||||
man1_MANS = virt-xml-validate.1 virt-pki-validate.1 virsh.1
|
||||
|
||||
|
||||
virt-xml-validate: virt-xml-validate.in Makefile
|
||||
@ -23,7 +23,12 @@ virt-xml-validate: virt-xml-validate.in Makefile
|
||||
virt-xml-validate.1: virt-xml-validate
|
||||
$(POD2MAN) $< $@
|
||||
|
||||
virt-pki-validate: virt-pki-validate.in Makefile
|
||||
sed -e 's,@SYSCONFDIR@,$(sysconfdir),' < $< > $@ || (rm $@ && exit 1)
|
||||
chmod +x $@
|
||||
|
||||
virt-pki-validate.1: virt-pki-validate
|
||||
$(POD2MAN) $< $@
|
||||
|
||||
virsh_SOURCES = \
|
||||
console.c console.h \
|
||||
|
@ -25,7 +25,7 @@ echo Found $CERTOOL
|
||||
#
|
||||
# Check the directory structure
|
||||
#
|
||||
PKI="/etc/pki"
|
||||
PKI="$(SYSCONFDIR)/pki"
|
||||
if [ ! -d $PKI ]
|
||||
then
|
||||
echo the $PKI directory is missing, it is usually
|
||||
@ -240,21 +240,74 @@ fi
|
||||
|
||||
if [ "$SERVER" = "1" ]
|
||||
then
|
||||
if [ -r /etc/sysconfig/libvirtd ]
|
||||
if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
|
||||
then
|
||||
if [ "`grep '^LIBVIRTD_ARGS' /etc/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
|
||||
if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
|
||||
then
|
||||
echo Make sure /etc/sysconfig/libvirtd is setup to listen to
|
||||
echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to
|
||||
echo TCP/IP connections and restart the libvirtd service
|
||||
fi
|
||||
fi
|
||||
if [ -r /etc/sysconfig/iptables ]
|
||||
if [ -r $(SYSCONFDIR)/sysconfig/iptables ]
|
||||
then
|
||||
if [ "`grep $PORT /etc/sysconfig/iptables`" = "" ]
|
||||
if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ]
|
||||
then
|
||||
echo Make sure /etc/sysconfig/iptables is setup to allow
|
||||
echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow
|
||||
echo incoming TCP/IP connections on port $PORT and
|
||||
echo restart the iptables service
|
||||
fi
|
||||
fi
|
||||
fi
|
||||
|
||||
|
||||
exit 0
|
||||
|
||||
: <<=cut
|
||||
=pod
|
||||
|
||||
=head1 NAME
|
||||
|
||||
virt-pki-validate - validate libvirt PKI files are configured correctly
|
||||
|
||||
=head1 SYNOPSIS
|
||||
|
||||
virt-pki-validate
|
||||
|
||||
=head1 DESCRIPTION
|
||||
|
||||
This tool validates that the neccessary PKI files are configured for
|
||||
a secure libvirt server or client using the TLS encryption protocol.
|
||||
It will report any missing certificate or key files on the host. It
|
||||
should be run as root to ensure it can read all the neccessary files
|
||||
|
||||
=head1 EXIT STATUS
|
||||
|
||||
Upon successful validation, an exit status of 0 will be set. Upon
|
||||
failure a non-zero status will be set.
|
||||
|
||||
=head1 AUTHOR
|
||||
|
||||
Richard Jones
|
||||
|
||||
=head1 BUGS
|
||||
|
||||
Report any bugs discovered to the libvirt community via the
|
||||
mailing list C<http://libvirt.org/contact.html> or bug tracker C<http://libvirt.org/bugs.html>.
|
||||
Alternatively report bugs to your software distributor / vendor.
|
||||
|
||||
=head1 COPYRIGHT
|
||||
|
||||
Copyright 2006-2009 by Red Hat, Inc
|
||||
|
||||
=head1 LICENSE
|
||||
|
||||
virt-pki-validate is distributed under the terms of the GNU GPL v2+.
|
||||
This is free software; see the source for copying conditions. There
|
||||
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||
PURPOSE
|
||||
|
||||
=head1 SEE ALSO
|
||||
|
||||
C<virsh(1)>, online PKI setup instructions C<http://libvirt.org/remote.html>
|
||||
|
||||
=cut
|
Loading…
Reference in New Issue
Block a user