Bug 2150498
| Summary: | RHDS healthcheck tool could provide more information in offline mode. | ||
|---|---|---|---|
| Product: | Red Hat Directory Server | Reporter: | Têko Mihinto <tmihinto> |
| Component: | 389-ds-base | Assignee: | LDAP Maintainers <idm-ds-dev-bugs> |
| Status: | NEW --- | QA Contact: | LDAP QA Team <idm-ds-qe-bugs> |
| Severity: | medium | Docs Contact: | Evgenia Martynyuk <emartyny> |
| Priority: | unspecified | ||
| Version: | 11.6 | CC: | idm-ds-dev-bugs, mreynolds, musoni, vashirov |
| Target Milestone: | --- | Keywords: | Triaged |
| Target Release: | dirsrv-12.3 | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | sync-to-jira | ||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Description of problem: When RHDS is down or is unresponsive, the only information provided by the healthcheck tool is that the connection is refused: $ dsctl <INSTANCE> healthcheck Error: Failed to connect to Directory Server instance: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'} $ It would be useful to get more information about things that could be checked even when the server is not responding. That includes: * configuration parameters that can be read from the dse.ldif files * configuration parameters that are not present in the dse.ldif ( thus having their default values ) * TLS certificates ... Version-Release number of selected component (if applicable): $ cat /etc/redhat-release Red Hat Enterprise Linux release 8.7 (Ootpa) $ $ rpm -qa | grep 389-ds 389-ds-base-libs-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 cockpit-389-ds-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch 389-ds-base-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64 ... $ How reproducible: Always. Steps to Reproduce: 1. Launch the healthcheck tool when the LDAP server is running: $ dsctl <INSTANCE> healthcheck ... [13] DS Lint Error: DSCERTLE0002 -------------------------------------------------------------------------------- Severity: HIGH Check: tls:certificate_expiration Affects: -- Expired Certificate Details: ----------- The certificate (Server-Cert) has expired Resolution: ----------- Renew or remove the certificate. $ 2. Stop the server 3. Run the tool. It only reports the fact the server is not responding: $ dsctl <INSTANCE> healthcheck Error: Failed to connect to Directory Server instance: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'} $ Actual results: No additional data when the server is unresponsive. Expected results: Provide information about checks that could be performed even when the server is down. Additional info: Customers would typically try to run the healthcheck tool when the server is having issues ( hang, ... ).