Thanks Rob Here are my findings, mainly as an FYI.
On the CA master it reports the following (which I have to investigate)
[
{
"source": "ipahealthcheck.ipa.certs",
"kw": {
"msg": "Unknown certmonger id 20190412141828",
"key": "20190412141828"
},
"uuid": "f3d6ccb9-fb82-49ac-aa02-f485d08826c3",
"duration": "0.980984",
"when": "20191106095349Z",
"check": "IPACertTracking",
"result": "WARNING"
}
]
One replica reports no problems. Another replica reports the following.
This replica is installed and running in a LXC container (Ubuntu host).
Healthcheck reports:
[
{
"source": "ipahealthcheck.system.filesystemspace",
"kw": {
"exception": "[Errno 2] No such file or directory: '/var/log/audit/'"
},
"uuid": "087b9370-7d5a-4814-8a0b-956bdeed5ae7",
"duration": "0.000464",
"when": "20191106094813Z",
"check": "FileSystemSpaceCheck",
"result": "CRITICAL"
}
]
Strangely enough the package audit wasn't installed, only audit-libs and
audit-libs-python.
It seems to function alright though.
-- Kees
On 05-11-19 16:34, Rob Crittenden via FreeIPA-users wrote:
> *** EXTERNAL E-MAIL ***
>
>
> Over the summer we announced the freeipa-healthcheck project which is
> designed to look at an IdM cluster and look for common problems so you
> can have some level of assurance that the system is running as it should.
>
> It was built against the IPA 4.8.x branch and originally released only
> for Fedora 29+. It is also included in the newly released RHEL 8.1.0.
>
> My curious nature led me to see if it would also work in in the IPA
> 4.6.x branch. It was a bit of a challenge backing down to Python 2 but I
> was able to get something working. I tested primarily on Fedora 27 but
> it should also work in RHEL/CentOS 7 (I smoke tested 7.8).
>
> I made an EPEL 7 build in COPR,
> https://copr.fedorainfracloud.org/coprs/rcritten/ipa-healthcheck/
>
> Enable the repo and do: yum install freeipa-healthcheck
>
> Then run: ipa-healthcheck --failures-only
>
> Ideally there will be no output but an empty list []. Otherwise the
> output is JSON and hopefully has enough information to point you in the
> right direction. Feel free to ask if need help.
>
> False positives are always a possibility and many of the checks run
> independently so it's possible to get multiple issues from a single root
> problem. It's hard to predict all possible installations so some
> fine-tuning may be required.
>
> I'd recommend running it every now and then at least, like prior to
> updating IPA packages, creating a new master, etc, if not daily. It
> will, for example, warn of impending cert expiration.
>
> The more feedback I get on it the better and more useful I can make it.
>
> This is my own personal backport and is not officially supported by
> anyone but me. It's preferred to report issues on this mailing list.
> I'll see them and others may be able to chime in as well.
>
> rob
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
pEpkey.asc
Description: application/pgp-keys
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
