The /etc/sysconfig/libvirtd file is a Fedora/RHEL specific concept.
Since those distros switched to systemd socket activation, the
existance of --listen parameter in /etc/sysconfig/libvirtd is no
longer a reliable check. This was further degraded with the switch
to modular daemons where virtproxyd takes over the role.
The /etc/sysconfig/iptables file is a Fedora/RHEL specific concept.
Since those distros switched to firewalld, this file is no longer
a reliable check.
Rather than complicating these checks, just remove them, so that
the virt-pki-validate tool focuses exclusively on TLS configuration
validation.
Signed-off-by: Daniel P. Berrangé <berrange@xxxxxxxxxx>
---
tools/virt-pki-validate.in | 28 ----------------------------
1 file changed, 28 deletions(-)
diff --git a/tools/virt-pki-validate.in b/tools/virt-pki-validate.in
index c91f247ba5..c77daa9862 100644
--- a/tools/virt-pki-validate.in
+++ b/tools/virt-pki-validate.in
@@ -73,7 +73,6 @@ echo Found "$CERTOOL"
#
SYSCONFDIR="@sysconfdir@"
PKI="$SYSCONFDIR/pki"
-INITCONFDIR="@initconfdir@"
if [ ! -d "$PKI" ]
then
echo the $PKI directory is missing, it is usually
@@ -293,31 +292,4 @@ else
SERVER=0
fi
-if [ "$SERVER" = "1" ]
-then
- if [ -r "$INITCONFDIR"/libvirtd ]
- then
- if grep "^LIBVIRTD_ARGS.*--listen" "$INITCONFDIR"/libvirtd \
- >/dev/null 2>&1
- then
- :
- else
- echo Make sure "$INITCONFDIR"/libvirtd is setup to listen to
- echo TCP/IP connections and restart the libvirtd service
- fi
- fi
- if [ -r "$INITCONFDIR"/iptables ]
- then
- if grep "$PORT" "$INITCONFDIR"/iptables >/dev/null 2>&1
- then
- :
- else
- echo Make sure "$INITCONFDIR"/iptables is setup to allow
- echo incoming TCP/IP connections on port $PORT and
- echo restart the iptables service
- fi
- fi
-fi
-
-
exit 0
--
2.43.0
