mirror of
https://gitlab.com/libvirt/libvirt.git
synced 2024-12-22 17:34:18 +03:00
Make pki_check.sh into an installed & supported tool
* docs/pki_check.sh: Move to tool/virt-pki-validate.in and add in POD man page documentation * tools/.gitignore: Ignore generated virt-pki-validate file * tools/Makefile.am: Install & build virt-pki-validate and virt-pki-validate.1 * docs/remote.html, docs/remote.html.in: Refer to new tool name virt-pki-validate * libvirt.spec.in, mingw32-libvirt.spec.in: Add virt-pki-validate and virt-pki-validate.1 to files list
This commit is contained in:
parent
f991a00653
commit
3decd4f9f1
@ -582,7 +582,7 @@ client is connecting. The verbose log messages should
|
|||||||
tell you enough to diagnose the problem.
|
tell you enough to diagnose the problem.
|
||||||
</p>
|
</p>
|
||||||
</dd></dl>
|
</dd></dl>
|
||||||
<p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
|
<p> You can use the virt-pki-validate shell script
|
||||||
to analyze the setup on the client or server machines, preferably as root.
|
to analyze the setup on the client or server machines, preferably as root.
|
||||||
It will try to point out the possible problems and provide solutions to
|
It will try to point out the possible problems and provide solutions to
|
||||||
fix the set up up to a point where you have secure remote access.</p>
|
fix the set up up to a point where you have secure remote access.</p>
|
||||||
|
@ -622,7 +622,7 @@ tell you enough to diagnose the problem.
|
|||||||
</p>
|
</p>
|
||||||
</dd>
|
</dd>
|
||||||
</dl>
|
</dl>
|
||||||
<p> You can use the <a href="pki_check.sh">pki_check.sh</a> shell script
|
<p> You can use the virt-pki-validate shell script
|
||||||
to analyze the setup on the client or server machines, preferably as root.
|
to analyze the setup on the client or server machines, preferably as root.
|
||||||
It will try to point out the possible problems and provide solutions to
|
It will try to point out the possible problems and provide solutions to
|
||||||
fix the set up up to a point where you have secure remote access.</p>
|
fix the set up up to a point where you have secure remote access.</p>
|
||||||
|
@ -704,8 +704,10 @@ fi
|
|||||||
|
|
||||||
%{_mandir}/man1/virsh.1*
|
%{_mandir}/man1/virsh.1*
|
||||||
%{_mandir}/man1/virt-xml-validate.1*
|
%{_mandir}/man1/virt-xml-validate.1*
|
||||||
|
%{_mandir}/man1/virt-pki-validate.1*
|
||||||
%{_bindir}/virsh
|
%{_bindir}/virsh
|
||||||
%{_bindir}/virt-xml-validate
|
%{_bindir}/virt-xml-validate
|
||||||
|
%{_bindir}/virt-pki-validate
|
||||||
%{_libdir}/lib*.so.*
|
%{_libdir}/lib*.so.*
|
||||||
|
|
||||||
%dir %{_datadir}/libvirt/
|
%dir %{_datadir}/libvirt/
|
||||||
|
@ -80,6 +80,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
%{_mingw32_bindir}/libvirt-0.dll
|
%{_mingw32_bindir}/libvirt-0.dll
|
||||||
%{_mingw32_bindir}/virsh.exe
|
%{_mingw32_bindir}/virsh.exe
|
||||||
%{_mingw32_bindir}/virt-xml-validate
|
%{_mingw32_bindir}/virt-xml-validate
|
||||||
|
%{_mingw32_bindir}/virt-pki-validate
|
||||||
|
|
||||||
%{_mingw32_libdir}/libvirt.dll.a
|
%{_mingw32_libdir}/libvirt.dll.a
|
||||||
%{_mingw32_libdir}/libvirt.la
|
%{_mingw32_libdir}/libvirt.la
|
||||||
@ -105,6 +106,7 @@ rm -rf $RPM_BUILD_ROOT
|
|||||||
|
|
||||||
%{_mingw32_mandir}/man1/virsh.1*
|
%{_mingw32_mandir}/man1/virsh.1*
|
||||||
%{_mingw32_mandir}/man1/virt-xml-validate.1*
|
%{_mingw32_mandir}/man1/virt-xml-validate.1*
|
||||||
|
%{_mingw32_mandir}/man1/virt-pki-validate.1*
|
||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
1
tools/.gitignore
vendored
1
tools/.gitignore
vendored
@ -1,4 +1,5 @@
|
|||||||
virt-xml-validate
|
virt-xml-validate
|
||||||
|
virt-pki-validate
|
||||||
*.1
|
*.1
|
||||||
Makefile
|
Makefile
|
||||||
Makefile.in
|
Makefile.in
|
||||||
|
@ -8,12 +8,12 @@ ICON_FILES = \
|
|||||||
libvirt_win_icon_64x64.ico \
|
libvirt_win_icon_64x64.ico \
|
||||||
virsh_win_icon.rc
|
virsh_win_icon.rc
|
||||||
|
|
||||||
EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virsh.pod
|
EXTRA_DIST = $(ICON_FILES) virt-xml-validate.in virt-pki-validate.in virsh.pod
|
||||||
|
|
||||||
bin_SCRIPTS = virt-xml-validate
|
bin_SCRIPTS = virt-xml-validate virt-pki-validate
|
||||||
bin_PROGRAMS = virsh
|
bin_PROGRAMS = virsh
|
||||||
|
|
||||||
man1_MANS = virt-xml-validate.1 virsh.1
|
man1_MANS = virt-xml-validate.1 virt-pki-validate.1 virsh.1
|
||||||
|
|
||||||
|
|
||||||
virt-xml-validate: virt-xml-validate.in Makefile
|
virt-xml-validate: virt-xml-validate.in Makefile
|
||||||
@ -23,7 +23,12 @@ virt-xml-validate: virt-xml-validate.in Makefile
|
|||||||
virt-xml-validate.1: virt-xml-validate
|
virt-xml-validate.1: virt-xml-validate
|
||||||
$(POD2MAN) $< $@
|
$(POD2MAN) $< $@
|
||||||
|
|
||||||
|
virt-pki-validate: virt-pki-validate.in Makefile
|
||||||
|
sed -e 's,@SYSCONFDIR@,$(sysconfdir),' < $< > $@ || (rm $@ && exit 1)
|
||||||
|
chmod +x $@
|
||||||
|
|
||||||
|
virt-pki-validate.1: virt-pki-validate
|
||||||
|
$(POD2MAN) $< $@
|
||||||
|
|
||||||
virsh_SOURCES = \
|
virsh_SOURCES = \
|
||||||
console.c console.h \
|
console.c console.h \
|
||||||
|
@ -25,7 +25,7 @@ echo Found $CERTOOL
|
|||||||
#
|
#
|
||||||
# Check the directory structure
|
# Check the directory structure
|
||||||
#
|
#
|
||||||
PKI="/etc/pki"
|
PKI="$(SYSCONFDIR)/pki"
|
||||||
if [ ! -d $PKI ]
|
if [ ! -d $PKI ]
|
||||||
then
|
then
|
||||||
echo the $PKI directory is missing, it is usually
|
echo the $PKI directory is missing, it is usually
|
||||||
@ -240,21 +240,74 @@ fi
|
|||||||
|
|
||||||
if [ "$SERVER" = "1" ]
|
if [ "$SERVER" = "1" ]
|
||||||
then
|
then
|
||||||
if [ -r /etc/sysconfig/libvirtd ]
|
if [ -r $(SYSCONFDIR)/sysconfig/libvirtd ]
|
||||||
then
|
then
|
||||||
if [ "`grep '^LIBVIRTD_ARGS' /etc/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
|
if [ "`grep '^LIBVIRTD_ARGS' $(SYSCONFDIR)/sysconfig/libvirtd | grep -- '--listen'`" = "" ]
|
||||||
then
|
then
|
||||||
echo Make sure /etc/sysconfig/libvirtd is setup to listen to
|
echo Make sure $(SYSCONFDIR)/sysconfig/libvirtd is setup to listen to
|
||||||
echo TCP/IP connections and restart the libvirtd service
|
echo TCP/IP connections and restart the libvirtd service
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
if [ -r /etc/sysconfig/iptables ]
|
if [ -r $(SYSCONFDIR)/sysconfig/iptables ]
|
||||||
then
|
then
|
||||||
if [ "`grep $PORT /etc/sysconfig/iptables`" = "" ]
|
if [ "`grep $PORT $(SYSCONFDIR)/sysconfig/iptables`" = "" ]
|
||||||
then
|
then
|
||||||
echo Make sure /etc/sysconfig/iptables is setup to allow
|
echo Make sure $(SYSCONFDIR)/sysconfig/iptables is setup to allow
|
||||||
echo incoming TCP/IP connections on port $PORT and
|
echo incoming TCP/IP connections on port $PORT and
|
||||||
echo restart the iptables service
|
echo restart the iptables service
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
|
exit 0
|
||||||
|
|
||||||
|
: <<=cut
|
||||||
|
=pod
|
||||||
|
|
||||||
|
=head1 NAME
|
||||||
|
|
||||||
|
virt-pki-validate - validate libvirt PKI files are configured correctly
|
||||||
|
|
||||||
|
=head1 SYNOPSIS
|
||||||
|
|
||||||
|
virt-pki-validate
|
||||||
|
|
||||||
|
=head1 DESCRIPTION
|
||||||
|
|
||||||
|
This tool validates that the neccessary PKI files are configured for
|
||||||
|
a secure libvirt server or client using the TLS encryption protocol.
|
||||||
|
It will report any missing certificate or key files on the host. It
|
||||||
|
should be run as root to ensure it can read all the neccessary files
|
||||||
|
|
||||||
|
=head1 EXIT STATUS
|
||||||
|
|
||||||
|
Upon successful validation, an exit status of 0 will be set. Upon
|
||||||
|
failure a non-zero status will be set.
|
||||||
|
|
||||||
|
=head1 AUTHOR
|
||||||
|
|
||||||
|
Richard Jones
|
||||||
|
|
||||||
|
=head1 BUGS
|
||||||
|
|
||||||
|
Report any bugs discovered to the libvirt community via the
|
||||||
|
mailing list C<http://libvirt.org/contact.html> or bug tracker C<http://libvirt.org/bugs.html>.
|
||||||
|
Alternatively report bugs to your software distributor / vendor.
|
||||||
|
|
||||||
|
=head1 COPYRIGHT
|
||||||
|
|
||||||
|
Copyright 2006-2009 by Red Hat, Inc
|
||||||
|
|
||||||
|
=head1 LICENSE
|
||||||
|
|
||||||
|
virt-pki-validate is distributed under the terms of the GNU GPL v2+.
|
||||||
|
This is free software; see the source for copying conditions. There
|
||||||
|
is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR
|
||||||
|
PURPOSE
|
||||||
|
|
||||||
|
=head1 SEE ALSO
|
||||||
|
|
||||||
|
C<virsh(1)>, online PKI setup instructions C<http://libvirt.org/remote.html>
|
||||||
|
|
||||||
|
=cut
|
Loading…
Reference in New Issue
Block a user