[Freeipa-users] Replication health check

Wed, 16 Aug 2017 06:47:55 -0700 

Hello All,

I was wondering if anyone has written a health check script for FreeIPA?

How do you all check replication (and IPA server health)?

I did some digging and know that I can run this command to check
replication:

ldapsearch -D "cn=directory manager" -W -b "o=ipaca"
"(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))"
nscpentrywsi

But the output didn't show an error:

ns01:

nscpentrywsi: nsDS5ReplicaId: 96
nscpentrywsi: nsds50ruv: {replica 96 ldap://ns01.dev.example.net:389} 5711
 528b000000600000 599444dd000000600000
nscpentrywsi: nsds50ruv: {replica 97 ldap://ns02.dev.example.net:389} 5711
 529d000000610000 58deae97000500610000

ns02:

nscpentrywsi: nsDS5ReplicaId: 97
nscpentrywsi: nsds50ruv: {replica 97 ldap://ns02.dev.example.net:389} 5711
 529d000000610000 58deae97000500610000
nscpentrywsi: nsds50ruv: {replica 96 ldap://ns01.dev.example.net:389} 5711
 528b000000600000 595a8aff000100600000

But running this showed a difference:

[root@ns02 ~]# ipa user-find example
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------

[root@ns01 ~]# ipa user-find example
--------------
1 user matched
--------------
  User login: example
... extra lines removed ...
----------------------------
Number of entries returned 1
----------------------------

(running "ipa-replica-manage -v re-initialize --from ns01.dev.example.net"
and then "ipa-csreplica-manage -v re-initialize --from ns01.dev.example.net"
did fix the error, but I wasn't certain "why" it worked)

Which log files on my two hosts should I be looking at to find out if
there's an error in IPA?

Normally I'd run a script and then, depending on the exit code, I'd use
"zabbix_sender" to push a status code to my monitoring system.  Does anyone
else do something like that?

Sorry if this is a FAQ, I have a lot of freeipa-users in my gmail account
and searched for a bunch of terms, but I could have missed something.

Thanks for any help on this, I'm very puzzled both on the health monitoring
and the replication issue.

-Anthony

_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org

Reply via email to