Open laclaro opened 4 years ago
There ist already a similar issue privacyidea/privacyidea#1896. The question is, if it is the task of privacyIDEA to monitor user stores. With the unix philosophy it would be not. Do one thing and to it right. I think it is not the task of privacyidea to monitor other components in the network.
We also already have a script for nagios or icinga, that checks the complete authentication process: https://github.com/privacyidea/check_privacyidea
Basically all information is already available via REST API. E.g. GET /user
will tell you, if the resolvers are available.
So to not clutter the core code we could add further scripts like this here: https://github.com/privacyidea/check_privacyidea which can be easily used with OTRS or icinga or used as a template for other systems.
For the scripts we would need an administrative service account. I think besides the complete authentication, probably the most important part would be to have
privacyIDEA is basically available: call GET /system
this will simply check if the database is available. No other communication to external systems.
userstores are available: call GET /users/
with one or more defined users, from which it is known in which resolver they are located.
The scripts would get a configuration for the service account, endpoint and additional information lik users.
@laclaro I would like to move this as an issue to https://github.com/privacyidea/check_privacyidea. What do you think?
Yes, let's move it.
We could facilitate the check of the system health by providing information to an authenticated admin at a special endpoint. Many monitoring platforms can issue simple http requests and process the result.
Check the time of the last (successful) validate/check requestBest regards,
Henning