Hi Rob, On Tue, Nov 5, 2019 at 4:35 PM Rob Crittenden via FreeIPA-users < [email protected]> wrote:
> I made an EPEL 7 build in COPR, > https://copr.fedorainfracloud.org/coprs/rcritten/ipa-healthcheck/ > > The more feedback I get on it the better and more useful I can make it. > Awesome work, thanks. I tried it running in my personal IPA instance. I get the following: WARNING "No DNA range defined. If no masters define a range then users and groups cannot be created." This is on my replica and was already reported by someone else. Fixed it by adding and removing a user on the web ui of the replica, as you described. CRITICAL "[Errno 2] No such file or directory: '/var/log/audit/'" This also has been reported; my replica is running as an LXC container under Proxmox. Hacked it by creating the directory. WARNING "Unexpected SRV entry in DNS" "_ntp._udp.<my_domain>.:<replica hostname>." I think this is correct because I'm not running ntpd on the replica. I've removed the entry. WARNING "Got 1 ipa-ca A records, expected 2" WARNING "Expected SRV record missing" "_<service>._(tcp|udp).<my domain>.:<replica hostname>." Those are problematic for me, I guess because I'm running a probably unsupported configuration: * My first master is public on the Internet * My second master is not public on the Internet * Public DNS contains entries for the first master * The DNS server which servers in the second master's network use contains entries for both masters * My first public master uses another DNS server* which does not have specific IPA entries and thus uses the public Internet DNS's entries, which do not contain the second master (* actually the DNS server for the first master is running on the same host, using dnsmasq) I "fixed" this by putting all the DNS entries in all my internal DNS servers, but then healthcheck won't be verifying the public Internet's DNS records. This is not ideal, but I think it's fine. ... I now have clean runs in all my masters, so I'll work to add it on my monitoring agent ( https://github.com/alexpdp7/ragent ). I'm running my agent every minute, and ipa-healthcheck seems to be quite expensive to run, so I'll probably run it in cron every hour or so and then have the agent gather the results. Cheers, Álex -- ___ {~._.~} ( Y ) ()~*~() mail: alex at corcoles dot net (_)-(_) http://alex.corcoles.net/
_______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
