Bug 1872467
Summary: | RFE: Add CLI options to healthcheck configuration file | |||
---|---|---|---|---|
Product: | Red Hat Enterprise Linux 8 | Reporter: | Maria <mescanfe> | |
Component: | ipa-healthcheck | Assignee: | Rob Crittenden <rcritten> | |
Status: | CLOSED ERRATA | QA Contact: | ipa-qe <ipa-qe> | |
Severity: | unspecified | Docs Contact: | ||
Priority: | medium | |||
Version: | 8.3 | CC: | fcami, frenaud, kechoi, mpolovka, pcech, rcritten, rjeffman, ssidhaye | |
Target Milestone: | rc | Keywords: | FutureFeature, Reopened, Triaged | |
Target Release: | 8.0 | |||
Hardware: | Unspecified | |||
OS: | Unspecified | |||
Whiteboard: | ||||
Fixed In Version: | ipa-healthcheck-0.7-14.module+el8.7.0+15352+88b578e5 | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | ||
Clone Of: | ||||
: | 2070981 (view as bug list) | Environment: | ||
Last Closed: | 2022-11-08 09:35:45 UTC | Type: | Bug | |
Regression: | --- | Mount Type: | --- | |
Documentation: | --- | CRM: | ||
Verified Versions: | Category: | --- | ||
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
Cloudforms Team: | --- | Target Upstream Version: | ||
Embargoed: |
Comment 4
Rob Crittenden
2020-08-25 20:45:08 UTC
Also I could not find any information about message size limit in Splunk. This might be configurable. Maria, could you please ask for log extract from their Splunk instance showing the error, or, at worst, a screenshot? The buffer size for messages currently set in their Splunk instance is 10,000 bytes. Below is a log snippet from their Splunk instance which sets off the error: [ { "source": "ipahealthcheck.meta.services", "check": "certmonger", "result": "SUCCESS", "uuid": "808847c7-8c63-4697-8638-ef7e13a6c0a2", "when": "20200811080012Z", "duration": "0.057503", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "dirsrv", "result": "SUCCESS", "uuid": "87f43d7f-08cd-415c-b886-c0e1a3699e31", "when": "20200811080012Z", "duration": "0.050647", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "gssproxy", "result": "SUCCESS", "uuid": "7138c8bb-30d2-452e-81be-cd33a4382716", "when": "20200811080012Z", "duration": "0.065382", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "httpd", "result": "SUCCESS", "uuid": "9948c70d-e198-4908-a3b2-3cc01d77008d", "when": "20200811080012Z", "duration": "0.055854", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "ipa_custodia", "result": "SUCCESS", "uuid": "b46d0d0f-b5bc-4e31-9825-768333efaa1f", "when": "20200811080012Z", "duration": "0.055081", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "ipa_dnskeysyncd", "result": "SUCCESS", "uuid": "72969f85-c79b-4370-b1c8-f14b20069b57", "when": "20200811080012Z", "duration": "0.057359", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "ipa_otpd", "result": "SUCCESS", "uuid": "8fb8e682-96e4-498a-823c-b5db7069ee16", "when": "20200811080012Z", "duration": "0.056083", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "kadmin", "result": "SUCCESS", "uuid": "020d1324-2f96-4d25-92df-6b678573b250", "when": "20200811080012Z", "duration": "0.054109", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "krb5kdc", "result": "SUCCESS", "uuid": "ab5bbd3e-f549-4d9f-8f24-b91597ad1b0d", "when": "20200811080013Z", "duration": "0.051166", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "named", "result": "SUCCESS", "uuid": "71acdf35-11d0-4cf6-9127-843d289301e6", "when": "20200811080013Z", "duration": "0.056491", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "pki_tomcatd", "result": "SUCCESS", "uuid": "5ddf6f45-a0b6-451e-ba3c-75559d270cd4", "when": "20200811080013Z", "duration": "0.013998", "kw": { "status": true } }, { "source": "ipahealthcheck.meta.services", "check": "sssd", "result": "SUCCESS", "uuid": "4b45b8f3-b33b-4134-a5b6-df58269c03a3", "when": "20200811080013Z", "duration": "0.053400", "kw": { "status": true } }, { "source": "pki.server.healthcheck.meta.csconfig", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "dd02c96b-df2e-4167-af69-5d528f1b526b", "when": "20200811080013Z", "duration": "0.076596", "kw": { "key": "sslserver", "configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg" } }, { "source": "pki.server.healthcheck.meta.csconfig", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "f0139673-e376-4c0d-bf0f-1bfd893b32c1", "when": "20200811080013Z", "duration": "0.151675", "kw": { "key": "subsystem", "configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg" } }, { "source": "pki.server.healthcheck.meta.csconfig", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "60b4eb42-2b17-456f-8a22-ae14cbdcb909", "when": "20200811080013Z", "duration": "0.225505", "kw": { "key": "ca_audit_signing", "configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg" } }, { "source": "pki.server.healthcheck.meta.csconfig", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "5b109349-0003-45ad-80d3-9e03c8ab1ffe", "when": "20200811080013Z", "duration": "0.299617", "kw": { "key": "ca_ocsp_signing", "configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg" } }, { "source": "pki.server.healthcheck.meta.csconfig", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "57169965-fffe-4e05-b87a-f55ff1f23309", "when": "20200811080013Z", "duration": "0.369494", "kw": { "key": "ca_signing", "configfile": "/var/lib/pki/pki-tomcat/ca/conf/CS.cfg" } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "99035778-0125-4982-9612-d2a4fdc355bd", "when": "20200811080013Z", "duration": "0.156399", "kw": { "key": "caSigningCert cert-pki-ca", "configfile": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg" } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "24b766b6-93a3-4bc9-aa8a-f4c698cb236c", "when": "20200811080013Z", "duration": "0.236284", "kw": { "key": "ocspSigningCert cert-pki-ca", "configfile": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg" } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "7cf60963-ab91-4de5-8942-5a1035e12fdc", "when": "20200811080013Z", "duration": "0.316763", "kw": { "key": "subsystemCert cert-pki-ca", "configfile": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg" } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "e2ce8b88-0781-4a17-b59f-57f315303968", "when": "20200811080013Z", "duration": "0.393553", "kw": { "key": "auditSigningCert cert-pki-ca", "configfile": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg" } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConfigCheck", "result": "SUCCESS", "uuid": "63cff479-8f6a-44b7-957e-4a8963f80c86", "when": "20200811080014Z", "duration": "0.474251", "kw": { "key": "Server-Cert cert-pki-ca", "configfile": "/var/lib/pki/pki-tomcat/conf/ca/CS.cfg" } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConnectivityCheck", "result": "SUCCESS", "uuid": "592dc73e-bea4-451c-b174-eafc350e7301", "when": "20200811080014Z", "duration": "0.122952", "kw": {} }, { "source": "ipahealthcheck.ds.replication", "check": "ReplicationConflictCheck", "result": "SUCCESS", "uuid": "bdf78e07-4543-40e3-a8aa-61c6ee8272d9", "when": "20200811080014Z", "duration": "0.001645", "kw": {} }, { "source": "ipahealthcheck.ds.ruv", "check": "RUVCheck", "result": "SUCCESS", "uuid": "d6a24103-2665-4f08-9c52-94ca287c73fe", "when": "20200811080014Z", "duration": "0.002163", "kw": { "key": "dc=idma,dc=dom,dc=com", "ruv": "4" } }, { "source": "ipahealthcheck.ds.ruv", "check": "RUVCheck", "result": "SUCCESS", "uuid": "8aa32d67-4289-4530-8bf8-14f5e905c159", "when": "20200811080014Z", "duration": "0.002203", "kw": { "key": "o=ipaca", "ruv": "6" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "SUCCESS", "uuid": "13d00783-2bcd-47db-8d3f-0a3634cd1b27", "when": "20200811080014Z", "duration": "0.008097", "kw": { "key": "20200413143028" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "ERROR", "uuid": "2847bfe3-84a8-4924-9e7c-1edb91df17be", "when": "20200811080014Z", "duration": "0.012133", "kw": { "key": "20200615135338", "expiration_date": "19700101000000Z", "msg": "Request id 20200615135338 expired on 19700101000000Z" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "ERROR", "uuid": "34bd013f-753c-4363-859f-8953e94798a9", "when": "20200811080014Z", "duration": "0.016190", "kw": { "key": "20200615135339", "expiration_date": "19700101000000Z", "msg": "Request id 20200615135339 expired on 19700101000000Z" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "ERROR", "uuid": "a5aaf454-7785-4ca0-a4bb-48eb9348f38f", "when": "20200811080014Z", "duration": "0.020215", "kw": { "key": "20200615135340", "expiration_date": "19700101000000Z", "msg": "Request id 20200615135340 expired on 19700101000000Z" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "ERROR", "uuid": "748b0453-8343-4e06-a88d-82a64d2075f3", "when": "20200811080014Z", "duration": "0.024719", "kw": { "key": "20200615135341", "expiration_date": "19700101000000Z", "msg": "Request id 20200615135341 expired on 19700101000000Z" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "SUCCESS", "uuid": "ff5de4c0-3eb8-4349-a19b-a1307ec1869b", "when": "20200811080014Z", "duration": "0.028975", "kw": { "key": "20200615135342" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "SUCCESS", "uuid": "cab048ff-2973-48a6-be66-0733ba346972", "when": "20200811080014Z", "duration": "0.033207", "kw": { "key": "20200615135343" } }, { "source": "ipahea This size of this message is 10,381 bytes. The customer is looking for a resolution using the command line options and the config file. Is this possible? The request was to combine --failures-only and --output-type human into a single option. There is no reason they can't pass both. The RFE is to have command-line option equivalents in the tool configuration file so the options are honored during execution via systemd timer without having to modify the rpm-provided script. Hi, To clarify, can Failures-only and output-type be set via the configuration file? The ask is to be able to have these options set in the /etc/ipahealthcheck/ipa-healthcheck.conf so it can utilize the timer (see below) and trigger based on the specified interval failures only and human-readable output: # cat /usr/lib/systemd/system/ipa-healthcheck.timer [Unit] Description=Execute IPA Healthcheck every day at 4AM [Timer] OnCalendar=*-*-* 04:00:00 Unit=ipa-healthcheck.service [Install] WantedBy=multi-user.target (In reply to Mike Murphy from comment #14) > To clarify, can Failures-only and output-type be set via the configuration > file? No those options are not currently available in the configuration file. Do we have plans on implementing this functionality ? Customer is requesting this RFE. Like all RFEs this will be evaluated along with the others during release planning based on complexity and capacity. Upstream PR https://github.com/freeipa/freeipa-healthcheck/pull/227 Most CLI options, are available in the config file in the default section. The first one wins so if an option is in the config then there is no overriding it on the command-line. An additional option, --config, was added to provide a separate configuration file so one can override the default one. Merged upstream master: 839000ba40f075343548a69890cfa465f1366a66 This was a pretty invasive change. A backport to 0.7 could be difficult. @rcritten set devel_ack & DTM and ask for qa_ack & ITM Looks like a backport from 0.10 won't be too bad. Pre-verified using automation from tests/test_options.py::test_options_merge with the package ipa-healthcheck-0.7-14.module+el8.7.0+15352+88b578e5.noarch on RHEL8.7 machine # python3 -m pytest tests/test_options.py -vvv ========================================================================== test session starts ========================================================================== platform linux -- Python 3.6.8, pytest-3.4.2, py-1.5.3, pluggy-0.6.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /root/freeipa-healthcheck, inifile: collected 3 items tests/test_options.py::test_options_merge PASSED [ 33%] tests/test_options.py::test_cfg_file_debug_option PASSED [ 66%] tests/test_options.py::test_incorrect_output_type_cfg_file PASSED [100%] ======================================================================= 3 passed in 2.09 seconds ======================================================================== Therefore marking as pre-verified: tested. Verified using automation from tests/test_options.py::test_options_merge with the package ipa-healthcheck-0.7-14.module+el8.7.0+15352+88b578e5.noarch on RHEL8.7 machine # python3 -m pytest tests/test_options.py -vvv ==================================================================================== test session starts ===================================================================================== platform linux -- Python 3.6.8, pytest-3.4.2, py-1.5.3, pluggy-0.6.0 -- /usr/bin/python3 cachedir: .pytest_cache rootdir: /mnt/testarea/test/freeipa-healthcheck, inifile: collected 4 items tests/test_options.py::test_options_merge PASSED [ 25%] tests/test_options.py::test_cfg_file_debug_option PASSED [ 50%] tests/test_options.py::test_incorrect_output_type_cfg_file PASSED [ 75%] tests/test_options.py::test_incorrect_delimiter_cfg_file PASSED [100%] ================================================================================== 4 passed in 2.54 seconds ================================================================================== Therefore marking as verified. Test added upstream master: https://pagure.io/freeipa/c/e9d0208cac86d0b132f288ef6bbce62a5a8b1ef1 The new test is test_integration/test_ipahealthcheck.py::TestIpaHealthCheck::test_ipa_healthcheck_no_errors_with_overrides Test added upstream: ipa-4-9: https://pagure.io/freeipa/c/0e8350e0dd8219fd8245f57e0ebc9a096e9be84f Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (idm:client and idm:DL1 bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7540 |