Open yrro opened 2 years ago
Hi,
Today I updated my ipa-server and all went fine except that ipa-healthcheck is now spamming me with certmonger errors, and not just a few.
I've been googling for an hour now and still have to find the first clue as to how to fix them.
This is not the first time I'm hours into trying to figure out how a particular error thrown by ipa-healthcheck is to be fixed.
I would seriously appreciate documentation where to start looking to solve these errors that get thrown by ipa-healthcheck, and even better would be a link to a document that would assist in analyzing the error and how to solve it.
I think this should be done for ALL errors, especially the high risk ones. I've seen enough examples of 'this worked for me' that went sideways which could have been prevented by proper analysis.
Rob
The problem is there are very little cookie cutter answers for many of the problems. healthcheck was more designed to report issues than to provide specific remedies. It is a much smaller bite of the apple to do so.
It is the "going sideways" that we want to prevent by not providing potentially half-baked answers.
I just found that one of my IPA servers was missing two certmonger tracking requests (for httpd and dirsrv). This was picked up by
ipa-healthcheck
. The fix in this case is quite simple: runipa-server-upgrade
which restores the missing tracking requests.I wonder if the output of
ipa-healthcheck
could include an additional field in this case, something likeresolution
:Create the missing certificate tracking request by running ipa-server-upgrade
.Not for all detected problems, rather just those where the fix is known to be low-risk.