search

pki-bot / pki-issues-final

0 stars 0 forks source link

pki-healthcheck generates errors when dogtag is not deployed #2748

Open pki-bot opened 3 years ago

pki-bot commented 3 years ago

This issue was migrated from Pagure Issue #3199. Originally filed by rcritten (@rcritten) on 2020-08-03 15:59:52:

IPA can be installed in a CA-less configuration with the user providing the certificates required for operation. Running ipa-healthcheck with this will generate quite a few pki-healthcheck errors because it is not configured:

  {
    "source": "pki.server.healthcheck.certs.expiration",
    "check": "CASystemCertExpiryCheck",
    "result": "CRITICAL",
    "uuid": "89bbc048-bfce-4ba7-af30-024caea33285",
    "when": "20200803195641Z",
    "duration": "0.000106",
    "kw": {
      "msg": "Invalid PKI instance: pki-tomcat"
    }

The checks should be skipped if a PKI subsystem is not deployed.

pki-bot commented 3 years ago

Comment from rcritten (@rcritten) at 2020-08-03 16:01:18

pki-server-10.9.0-0.4.fc31.noarch