Thanks Rob Here are my findings, mainly as an FYI.
On the CA master it reports the following (which I have to investigate) [ { "source": "ipahealthcheck.ipa.certs", "kw": { "msg": "Unknown certmonger id 20190412141828", "key": "20190412141828" }, "uuid": "f3d6ccb9-fb82-49ac-aa02-f485d08826c3", "duration": "0.980984", "when": "20191106095349Z", "check": "IPACertTracking", "result": "WARNING" } ] One replica reports no problems. Another replica reports the following. This replica is installed and running in a LXC container (Ubuntu host). Healthcheck reports: [ { "source": "ipahealthcheck.system.filesystemspace", "kw": { "exception": "[Errno 2] No such file or directory: '/var/log/audit/'" }, "uuid": "087b9370-7d5a-4814-8a0b-956bdeed5ae7", "duration": "0.000464", "when": "20191106094813Z", "check": "FileSystemSpaceCheck", "result": "CRITICAL" } ] Strangely enough the package audit wasn't installed, only audit-libs and audit-libs-python. It seems to function alright though. -- Kees On 05-11-19 16:34, Rob Crittenden via FreeIPA-users wrote: > *** EXTERNAL E-MAIL *** > > > Over the summer we announced the freeipa-healthcheck project which is > designed to look at an IdM cluster and look for common problems so you > can have some level of assurance that the system is running as it should. > > It was built against the IPA 4.8.x branch and originally released only > for Fedora 29+. It is also included in the newly released RHEL 8.1.0. > > My curious nature led me to see if it would also work in in the IPA > 4.6.x branch. It was a bit of a challenge backing down to Python 2 but I > was able to get something working. I tested primarily on Fedora 27 but > it should also work in RHEL/CentOS 7 (I smoke tested 7.8). > > I made an EPEL 7 build in COPR, > https://copr.fedorainfracloud.org/coprs/rcritten/ipa-healthcheck/ > > Enable the repo and do: yum install freeipa-healthcheck > > Then run: ipa-healthcheck --failures-only > > Ideally there will be no output but an empty list []. Otherwise the > output is JSON and hopefully has enough information to point you in the > right direction. Feel free to ask if need help. > > False positives are always a possibility and many of the checks run > independently so it's possible to get multiple issues from a single root > problem. It's hard to predict all possible installations so some > fine-tuning may be required. > > I'd recommend running it every now and then at least, like prior to > updating IPA packages, creating a new master, etc, if not daily. It > will, for example, warn of impending cert expiration. > > The more feedback I get on it the better and more useful I can make it. > > This is my own personal backport and is not officially supported by > anyone but me. It's preferred to report issues on this mailing list. > I'll see them and others may be able to chime in as well. > > rob > _______________________________________________ > FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org > To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org