On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein <joc...@jochen.org> wrote:
> I'm using https://github.com/peterpakos/checkipaconsistency to monitor > my replicas. > Yeah, but I'm not exactly reassured by choosing on of the many plugins out there- or running them all. It would be great to push for an official check. I'm might be willing to help, but I'd need documentation about what (and how) to check, but that's basically 90% of the work. I would propose assimilating the best-looking plugin out there and expanding it every time sometime reports some broken thing that needs proactive fixing. Any way we can help this happen? Right now we had some problems with certificates not/halfway renewing, > so some tool to check LDAP against the different cert-stores might be > helpful. > $ ipa cert-find --validnotafter-to=$(date --date="3 years" +"%Y-%m-%d") Actually changing "3 years" to something inferior to the margin FreeIPA starts renewing certificates should warn you that something is amiss. -- ___ {~._.~} ( Y ) ()~*~() mail: alex at corcoles dot net (_)-(_) http://alex.corcoles.net/
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
