Hello All,
I was wondering if anyone has written a health check script for FreeIPA?
How do you all check replication (and IPA server health)?
I did some digging and know that I can run this command to check replication:
ldapsearch -D "cn=directory manager" -W -b "o=ipaca" "(&(objectclass=nstombstone)(nsUniqueId=ffffffff-ffffffff-ffffffff-ffffffff))" nscpentrywsi
But the output didn't show an error:
ns01:
nscpentrywsi: nsDS5ReplicaId: 96
528b000000600000 599444dd000000600000
529d000000610000 58deae97000500610000
ns02:
nscpentrywsi: nsDS5ReplicaId: 97
529d000000610000 58deae97000500610000
528b000000600000 595a8aff000100600000
But running this showed a difference:
[root@ns02 ~]# ipa user-find example
---------------
0 users matched
---------------
----------------------------
Number of entries returned 0
----------------------------
[root@ns01 ~]# ipa user-find example
--------------
1 user matched
--------------
User login: example
... extra lines removed ...
----------------------------
Number of entries returned 1
----------------------------
(running "ipa-replica-manage -v re-initialize --from
ns01.dev.example.net" and then "ipa-csreplica-manage -v re-initialize --from
ns01.dev.example.net" did fix the error, but I wasn't certain "why" it worked)
Which log files on my two hosts should I be looking at to find out if there's an error in IPA?
Normally I'd run a script and then, depending on the exit code, I'd use "zabbix_sender" to push a status code to my monitoring system. Does anyone else do something like that?
Sorry if this is a FAQ, I have a lot of freeipa-users in my gmail account and searched for a bunch of terms, but I could have missed something.
Thanks for any help on this, I'm very puzzled both on the health monitoring and the replication issue.
-Anthony