freeipa / freeipa-healthcheck

Check the health of a freeIPA installation
GNU General Public License v3.0
50 stars 28 forks source link

RFE: provide guidance on how to resolve detected issues #280

Open yrro opened 2 years ago

yrro commented 2 years ago

I just found that one of my IPA servers was missing two certmonger tracking requests (for httpd and dirsrv). This was picked up by ipa-healthcheck. The fix in this case is quite simple: run ipa-server-upgrade which restores the missing tracking requests.

I wonder if the output of ipa-healthcheck could include an additional field in this case, something like resolution: Create the missing certificate tracking request by running ipa-server-upgrade.

Not for all detected problems, rather just those where the fix is known to be low-risk.

RobVerduijn commented 2 years ago

Hi,

Today I updated my ipa-server and all went fine except that ipa-healthcheck is now spamming me with certmonger errors, and not just a few.

I've been googling for an hour now and still have to find the first clue as to how to fix them.

This is not the first time I'm hours into trying to figure out how a particular error thrown by ipa-healthcheck is to be fixed.

I would seriously appreciate documentation where to start looking to solve these errors that get thrown by ipa-healthcheck, and even better would be a link to a document that would assist in analyzing the error and how to solve it.

I think this should be done for ALL errors, especially the high risk ones. I've seen enough examples of 'this worked for me' that went sideways which could have been prevented by proper analysis.

Rob

rcritten commented 2 years ago

The problem is there are very little cookie cutter answers for many of the problems. healthcheck was more designed to report issues than to provide specific remedies. It is a much smaller bite of the apple to do so.

It is the "going sideways" that we want to prevent by not providing potentially half-baked answers.