2150498 – RHDS healthcheck tool could provide more information in offline mode.

Bug 2150498 - RHDS healthcheck tool could provide more information in offline mode.

Summary: RHDS healthcheck tool could provide more information in offline mode.

Keywords:
Status:	NEW
Alias:	None
Product:	Red Hat Directory Server
Classification:	Red Hat
Component:	389-ds-base
Sub Component:
Version:	11.6
Hardware:	x86_64
OS:	Linux
Priority:	unspecified
Severity:	medium
Target Milestone:	---
Target Release:	dirsrv-12.3
Assignee:	LDAP Maintainers
QA Contact:	LDAP QA Team
Docs Contact:	Evgenia Martynyuk
URL:
Whiteboard:	sync-to-jira
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2022-12-03 13:28 UTC by Têko Mihinto
Modified:	2023-07-28 08:28 UTC (History)
CC List:	4 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Issue Tracker	IDMDS-3493	0	None	None	None	2023-07-28 08:28:10 UTC

Description Têko Mihinto 2022-12-03 13:28:05 UTC

Description of problem:
When RHDS is down or is unresponsive, the only information provided by the healthcheck tool
is that the connection is refused:

$ dsctl <INSTANCE> healthcheck
Error: Failed to connect to Directory Server instance: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}
$

It would be useful to get more information about things that could be checked even when the server is not responding.
That includes:
* configuration parameters that can be read from the dse.ldif files
* configuration parameters that are not present in the dse.ldif ( thus having their default values )
* TLS certificates
...

Version-Release number of selected component (if applicable):

$ cat /etc/redhat-release
Red Hat Enterprise Linux release 8.7 (Ootpa)
$

$ rpm -qa | grep 389-ds
389-ds-base-libs-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64
cockpit-389-ds-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.noarch
389-ds-base-1.4.3.31-6.module+el8dsrv+16980+c4b9cd33.x86_64
...
$

How reproducible:
Always.

Steps to Reproduce:

1. Launch the healthcheck tool when the LDAP server is running:
$ dsctl <INSTANCE> healthcheck
...
[13] DS Lint Error: DSCERTLE0002
--------------------------------------------------------------------------------
Severity: HIGH
Check: tls:certificate_expiration
Affects:
-- Expired Certificate

Details:
-----------
The certificate (Server-Cert) has expired

Resolution:
-----------
Renew or remove the certificate.

2. Stop the server

3. Run the tool. It only reports the fact the server is not responding:
$ dsctl <INSTANCE> healthcheck
Error: Failed to connect to Directory Server instance: {'result': -1, 'desc': "Can't contact LDAP server", 'errno': 111, 'ctrls': [], 'info': 'Connection refused'}
$

Actual results:
No additional data when the server is unresponsive.

Expected results:
Provide information about checks that could be performed even when the server is down.

Additional info:
Customers would typically try to run the healthcheck tool when the server is having issues
( hang, ... ).

Note You need to log in before you can comment on or make changes to this bug.