On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein <joc...@jochen.org> wrote:

> I'm using https://github.com/peterpakos/checkipaconsistency to monitor
> my replicas.

Yeah, but I'm not exactly reassured by choosing on of the many plugins out
there- or running them all. It would be great to push for an official check.

I'm might be willing to help, but I'd need documentation about what (and
how) to check, but that's basically 90% of the work. I would propose
assimilating the best-looking plugin out there and expanding it every time
sometime reports some broken thing that needs proactive fixing.

Any way we can help this happen?

Right now we had some problems with certificates not/halfway renewing,
> so some tool to check LDAP against the different cert-stores might be
> helpful.

$ ipa cert-find --validnotafter-to=$(date --date="3 years" +"%Y-%m-%d")

Actually changing "3 years" to something inferior to the margin FreeIPA
starts renewing certificates should warn you that something is amiss.
  ( Y )
 ()~*~()  mail: alex at corcoles dot net
 (_)-(_)  http://alex.corcoles.net/
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to