I know this is an old thread, but there are no changes to FreeIPA that cnmonitor might conflict with are there?
On Thursday, February 1, 2018 1:34 PM, Rob Crittenden via FreeIPA-users <freeipa-users@lists.fedorahosted.org> wrote: Alex Corcoles via FreeIPA-users wrote: > On Thu, Feb 1, 2018 at 5:25 PM, Jochen Hein <joc...@jochen.org > <mailto:joc...@jochen.org>> wrote: > > I'm using https://github.com/peterpakos/checkipaconsistency > <https://github.com/peterpakos/checkipaconsistency> to monitor > my replicas. > > > Yeah, but I'm not exactly reassured by choosing on of the many plugins > out there- or running them all. It would be great to push for an > official check. There are not that many plugins doing this that I know of. I'm pretty sure there is a nagios script that looks at the agreement in LDAP, or the output of ipa-replica-manage list -v `hostname` to look for replication issues. For a more full-blown view there is http://cnmonitor.sourceforge.net/ 389-ds instructions for this are at http://directory.fedoraproject.org/docs/389ds/howto/howto-cn-equals-monitor-ldap-monitoring.html The team has talked about a monitoring script but for now Peter's script is filling the void. > > I'm might be willing to help, but I'd need documentation about what (and > how) to check, but that's basically 90% of the work. I would propose > assimilating the best-looking plugin out there and expanding it every > time sometime reports some broken thing that needs proactive fixing. > > Any way we can help this happen? > > Right now we had some problems with certificates not/halfway renewing, > so some tool to check LDAP against the different cert-stores might be > helpful. > > > $ ipa cert-find --validnotafter-to=$(date --date="3 years" +"%Y-%m-%d") > > Actually changing "3 years" to something inferior to the margin FreeIPA > starts renewing certificates should warn you that something is amiss. Server certs in IPA are good for 2 years. We have in mind a tool to troubleshoot cert issues but haven't yet started work on it. rob _______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
_______________________________________________ FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/message/UIEJ5BBTMILSUB67A6GJWD2HR5PRESLL/