tools: stop checking init scripts & iptables config

The /etc/sysconfig/libvirtd file is a Fedora/RHEL specific concept.
Since those distros switched to systemd socket activation, the
existance of --listen parameter in /etc/sysconfig/libvirtd is no
longer a reliable check. This was further degraded with the switch
to modular daemons where virtproxyd takes over the role.

The /etc/sysconfig/iptables file is a Fedora/RHEL specific concept.
Since those distros switched to firewalld, this file is no longer
a reliable check.

Rather than complicating these checks, just remove them, so that
the virt-pki-validate tool focuses exclusively on TLS configuration
validation.

Reviewed-by: Michal Privoznik <mprivozn@redhat.com>
Signed-off-by: Daniel P. Berrangé <berrange@redhat.com>
This commit is contained in:
Daniel P. Berrangé 2024-06-07 10:58:12 +01:00
parent 1d7ce1c071
commit 3faa78d98d

View File

@ -73,7 +73,6 @@ echo Found "$CERTOOL"
# #
SYSCONFDIR="@sysconfdir@" SYSCONFDIR="@sysconfdir@"
PKI="$SYSCONFDIR/pki" PKI="$SYSCONFDIR/pki"
INITCONFDIR="@initconfdir@"
if [ ! -d "$PKI" ] if [ ! -d "$PKI" ]
then then
echo the $PKI directory is missing, it is usually echo the $PKI directory is missing, it is usually
@ -293,31 +292,4 @@ else
SERVER=0 SERVER=0
fi fi
if [ "$SERVER" = "1" ]
then
if [ -r "$INITCONFDIR"/libvirtd ]
then
if grep "^LIBVIRTD_ARGS.*--listen" "$INITCONFDIR"/libvirtd \
>/dev/null 2>&1
then
:
else
echo Make sure "$INITCONFDIR"/libvirtd is setup to listen to
echo TCP/IP connections and restart the libvirtd service
fi
fi
if [ -r "$INITCONFDIR"/iptables ]
then
if grep "$PORT" "$INITCONFDIR"/iptables >/dev/null 2>&1
then
:
else
echo Make sure "$INITCONFDIR"/iptables is setup to allow
echo incoming TCP/IP connections on port $PORT and
echo restart the iptables service
fi
fi
fi
exit 0 exit 0