Make pki_check.sh into an installed & supported tool

* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add
  in POD man page documentation
* tools/.gitignore: Ignore generated virt-pki-validate file
* tools/Makefile.am: Install & build virt-pki-validate and
  virt-pki-validate.1
* docs/remote.html, docs/remote.html.in: Refer to new tool
  name virt-pki-validate
* libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate
  and virt-pki-validate.1 to files list
This commit is contained in:
Daniel P. Berrange 2009-09-16 14:42:57 +01:00
parent f991a00653
commit 3decd4f9f1
7 changed files with 75 additions and 12 deletions

View File

@ -582,7 +582,7 @@ client is connecting. The verbose log messages should
tell you enough to diagnose the problem.
</p>
</dd></dl>
<p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
<p> You can use the virt-pki-validate shell script
to analyze the setup on the client or server machines, preferably as root.
It will try to point out the possible problems and provide solutions to
fix the set up up to a point where you have secure remote access.</p>

View File

@ -622,7 +622,7 @@ tell you enough to diagnose the problem.
</p>
</dd>
</dl>
<p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
<p> You can use the virt-pki-validate shell script
to analyze the setup on the client or server machines, preferably as root.
It will try to point out the possible problems and provide solutions to
fix the set up up to a point where you have secure remote access.</p>

View File

@ -704,8 +704,10 @@ fi
%{_mandir}/man1/virsh.1*
%{_mandir}/man1/virt-xml-validate.1*
%{_mandir}/man1/virt-pki-validate.1*
%{_bindir}/virsh
%{_bindir}/virt-xml-validate
%{_bindir}/virt-pki-validate
%{_libdir}/lib*.so.*
%dir %{_datadir}/libvirt/

View File

@ -80,6 +80,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mingw32_bindir}/libvirt-0.dll
%{_mingw32_bindir}/virsh.exe
%{_mingw32_bindir}/virt-xml-validate
%{_mingw32_bindir}/virt-pki-validate
%{_mingw32_libdir}/libvirt.dll.a
%{_mingw32_libdir}/libvirt.la
@ -105,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
%{_mingw32_mandir}/man1/virsh.1*
%{_mingw32_mandir}/man1/virt-xml-validate.1*
%{_mingw32_mandir}/man1/virt-pki-validate.1*
%changelog

1
tools/.gitignore vendored
View File

@ -1,4 +1,5 @@
virt-xml-validate
virt-pki-validate
*.1
Makefile
Makefile.in

View File

@ -8,12 +8,12 @@ ICON_FILES = \
libvirt_win_icon_64x64.ico \
virsh_win_icon.rc
EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virsh.pod
EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virt-pki-validate.in virsh.pod
bin_SCRIPTS = virt-xml-validate
bin_SCRIPTS = virt-xml-validate virt-pki-validate
bin_PROGRAMS = virsh
man1_MANS = virt-xml-validate.1 virsh.1
man1_MANS = virt-xml-validate.1 virt-pki-validate.1 virsh.1
virt-xml-validate: virt-xml-validate.in Makefile
@ -23,7 +23,12 @@ virt-xml-validate: virt-xml-validate.in Makefile
virt-xml-validate.1: virt-xml-validate
$(POD2MAN) $< $@
virt-pki-validate: virt-pki-validate.in Makefile
sed -e 's,@SYSCONFDIR@,$(sysconfdir),' < $< > $@ || (rm $@ && exit 1)
chmod +x $@
virt-pki-validate.1: virt-pki-validate
$(POD2MAN) $< $@
virsh_SOURCES = \
console.c console.h \

View File

@ -25,7 +25,7 @@ echo Found $CERTOOL
#
# Check the directory structure
#
PKI="/etc/pki"
PKI="$(SYSCONFDIR)/pki"
if [ ! -d $PKI ]
then
echo the $PKI directory is missing, it is usually
@ -240,21 +240,74 @@ fi
if [ "$SERVER" = "1" ]
then
if [ -r /etc/sysconfig/libvirtd ]
if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
then
if [ "`grep '^LIBVIRTD_ARGS' /etc/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
then
echo Make sure /etc/sysconfig/libvirtd is setup to listen to
echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to
echo TCP/IP connections and restart the libvirtd service
fi
fi
if [ -r /etc/sysconfig/iptables ]
if [ -r $(SYSCONFDIR)/sysconfig/iptables ]
then
if [ "`grep $PORT /etc/sysconfig/iptables`" = "" ]
if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ]
then
echo Make sure /etc/sysconfig/iptables is setup to allow
echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow
echo incoming TCP/IP connections on port $PORT and
echo restart the iptables service
fi
fi
fi
exit 0
: <<=cut
=pod
=head1 NAME
virt-pki-validate - validate libvirt PKI files are configured correctly
=head1 SYNOPSIS
virt-pki-validate
=head1 DESCRIPTION
This tool validates that the neccessary PKI files are configured for
a secure libvirt server or client using the TLS encryption protocol.
It will report any missing certificate or key files on the host. It
should be run as root to ensure it can read all the neccessary files
=head1 EXIT STATUS
Upon successful validation, an exit status of 0 will be set. Upon
failure a non-zero status will be set.
=head1 AUTHOR
Richard Jones
=head1 BUGS
Report any bugs discovered to the libvirt community via the
mailing list C<http://libvirt.org/contact.html> or bug tracker C<http://libvirt.org/bugs.html>.
Alternatively report bugs to your software distributor / vendor.
=head1 COPYRIGHT
Copyright 2006-2009 by Red Hat, Inc
=head1 LICENSE
virt-pki-validate is distributed under the terms of the GNU GPL v2+.
This is free software; see the source for copying conditions. There
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
PURPOSE
=head1 SEE ALSO
C<virsh(1)>, online PKI setup instructions C<http://libvirt.org/remote.html>
=cut