Chapter 6. Verifying the optimal number of KDC worker processes using IdM Healthcheck

Prerequisites

• You are using RHEL 9.1 or later.
• You have root privileges.

Procedure

• Enter:

  # ipa-healthcheck --source ipahealthcheck.ipa.kdc

  • The --source ipahealthcheck.ipa.kdc option ensures that IdM Healthcheck only performs the KDCWorkersCheck test.

    If the number of KDC worker processes matches the number of CPU cores, the test returns SUCCESS as a result:

    {
    	"source": "ipahealthcheck.ipa.kdc",
    	"check": "KDCWorkersCheck",
    	"result": "SUCCESS",
    	"uuid": "68f6e20a-0aa9-427d-8fdc-fbb8196d56cd",
    	"when": "20230105162211Z",
    	"duration": "0.000157",
    	"kw": {
      	"key": "workers"
    	}
    }

    The test returns a WARNING if the number of worker processes does not match the number of CPU cores. In the following example, a host with 2 cores is configured to have only one KDC worker process:

    {
        "source": "ipahealthcheck.ipa.kdc",
        "check": "KDCWorkersCheck",
        "result": "WARNING",
        "uuid": "972b7782-1616-48e0-bd5c-49a80c257895",
        "when": "20230105122236Z",
        "duration": "0.203049",
        "kw": {
          "key": ‘workers’,
          "cpus": 2,
          "workers": 1,
          "expected": "The number of CPUs {cpus} does not match the number of workers {workers} in {sysconfig}"
        }
    }

    The test also outputs a WARNING if there are no configured workers. In the following example, the KRB5KDC_ARGS variable is missing from the /etc/sysconfig/krb5kdc configuration file:

    {
      "source": "ipahealthcheck.ipa.kdc",
      "check": "KDCWorkersCheck",
      "result": "WARNING",
      "uuid": "5d63ea86-67b9-4638-a41e-b71f4
  56efed7",
      "when": "20230105162526Z",
      "duration": "0.000135",
      "kw": {
        "key": "workers",
        "sysconfig": "/etc/sysconfig/krb5kdc",
        "msg": "KRB5KDC_ARGS is not set in {sysconfig}"
      }
    }