On Mon, Oct 01, 2018 at 10:10:52PM -0400, Rob Crittenden via FreeIPA-devel wrote:
As part of a larger IPA "health" checker and driven largely
by necessity
I have the beginning of a certificate checking tool available at
https://github.com/rcritten/checkcerts
It works for me in IPA 4.5.4, IPA 4.6.0 and IPA master (basically 4.7+
patches) mostly with just a single-master install. YMMV.
I think the guts are somewhat solid but there is no real, usable
framework wrapped around it so there are no options (like no --debug
option), no control over logging, etc. It just spits output to stdout.
I did this because I expect it to be rolled up into some larger tool at
some point and don't want to have to throw away a ton of code.
It needs to be run on an IPA master and checks the things I thought of
to check. I've only done limited testing so I'd appreciate feedback.
Don't freak out of it spits out errors as it could just be bugs on my
part :-)
It is read-only so it shouldn't blow up anything.
So if you want to run it against your system and send me the any output
I can try to figure out if it is my tool that is the issue or your
system (it is supposed to help pro-actively diagnose issues after all).
rob
Thanks Rob. This tool covers a lot of the checks and we will
undoubtedly copy some of your code to implement the low-level checks
once we have a health check system that can report the results.
And work is about to begin on that :)
Cheers,
Fraser