Bug 2150498 - RHDS healthcheck tool could provide more information in offline mode.
Summary: RHDS healthcheck tool could provide more information in offline mode.
Keywords:
Status: NEW
Alias: None
Product: Red Hat Directory Server
Classification: Red Hat
Component: 389-ds-base
Version: 11.6
Hardware: x86_64
OS: Linux
unspecified
medium
Target Milestone: ---
: dirsrv-12.3
Assignee: LDAP Maintainers
QA Contact: LDAP QA Team
Evgenia Martynyuk
URL:
Whiteboard: sync-to-jira
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2022-12-03 13:28 UTC by Têko Mihinto
Modified: 2023-07-28 08:28 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker IDMDS-3493 0 None None None 2023-07-28 08:28:10 UTC

Description Têko Mihinto 2022-12-03 13:28:05 UTC
Description of problem:
When RHDS is down or is unresponsive, the only information provided by the healthcheck tool
is that the connection is refused:

$ dsctl <INSTANCE> healthcheck
Error: Failed to connect to Directory Server instance: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}
$

It would be useful to get more information about things that could be checked even when the server is not responding.
That includes:
* configuration parameters that can be read from the dse.ldif files
* configuration parameters that are not present in the dse.ldif ( thus having their default values )
* TLS certificates
...


Version-Release number of selected component (if applicable):

$ cat /etc/redhat-release 
Red Hat Enterprise Linux release 8.7 (Ootpa)
$

$ rpm -qa | grep 389-ds
389-ds-base-libs-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64
cockpit-389-ds-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch
389-ds-base-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64
...
$

How reproducible:
Always.

Steps to Reproduce:

1. Launch the healthcheck tool when the LDAP server is running:
$ dsctl <INSTANCE> healthcheck
...
[13] DS Lint Error: DSCERTLE0002
--------------------------------------------------------------------------------
Severity: HIGH
Check: tls:certificate_expiration
Affects:
 -- Expired Certificate

Details:
-----------
The certificate (Server-Cert) has expired

Resolution:
-----------
Renew or remove the certificate.

$

2. Stop the server

3. Run the tool. It only reports the fact the server is not responding:
$ dsctl <INSTANCE> healthcheck
Error: Failed to connect to Directory Server instance: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}
$


Actual results:
No additional data when the server is unresponsive.

Expected results:
Provide information about checks that could be performed even when the server is down.

Additional info:
Customers would typically try to run the healthcheck tool when the server is having issues
( hang, ... ).


Note You need to log in before you can comment on or make changes to this bug.