Red Hat SummitEste conteúdo não está disponível no idioma selecionado.
Chapter 1. Installing and running the IdM Healthcheck tool
Install and run the IdM Healthcheck tool to help find issues that can impact the performance of your IdM environment.
1.1. Healthcheck in IdM
The Healthcheck command line tool in Identity Management (IdM) helps find issues that can impact the performance of your IdM environment. Using Healthcheck, you can identify an issue in advance so that you can correct it before it becomes critical.
You can use Healthcheck without obtaining a Kerberos ticket.
Modules are independent
Healthcheck consists of independent modules which check for:
- Replication issues
- Certificate validity
- Certificate authority infrastructure issues
- IdM and Active Directory trust issues
- Correct file permissions and ownership settings
Output formats and destination
You can set the following types of output for Healthcheck to generate by using the output-type option:
-
json: Machine-readable output in JSON format (default) -
human: Human-readable output
You can specify a file to store the output by using the --output-file option.
Results
Each Healthcheck module returns one of the following results:
- SUCCESS
- The system is configured as expected.
- WARNING
- It is advisable to monitor or evaluate the configuration.
- ERROR
- The system is not configured as expected.
- CRITICAL
- The configuration is not as expected, with a significant potential to impact the functioning of your IdM deployment.
1.2. Installing IdM Healthcheck
You can install the IdM Healthcheck tool to help find issues that can impact the performance of your IdM environment.
Prerequisites
-
You are logged in as
root.
Procedure
Install the
ipa-healthcheckpackage:# dnf install ipa-healthcheck
Verification
Perform a basic Healthcheck test:
# ipa-healthcheck[]The empty square brackets
[]indicate a fully-functioning IdM installation.
1.3. Running IdM Healthcheck manually
You can execute Healthcheck tests either manually on the CLI or automatically by using a timer. You can manually run IdM Healthcheck tests from the command line to diagnose and monitor the health of your environment.
Prerequisites
- The Healthcheck tool is installed. See Installing IdM Healthcheck.
Procedure
Optional: To display a list of all available Healthcheck tests, enter:
# ipa-healthcheck --list-sourcesTo run the Healthcheck utility, enter:
# ipa-healthcheck
1.4. Running IdM Healthcheck on a schedule
You can configure IdM Healthcheck to run on a schedule. This includes configuring the systemd timer to run the Healthcheck tool periodically and generate the logs and the crond service to ensure log rotation.
The default log name is healthcheck.log and the rotated logs use the healthcheck.log-YYYYMMDD format.
The Healthcheck timer tool is not a real-time tool. It is only meant to be run a few times an hour. If you require real-time monitoring of, for example, services or disk space, use a different tool.
Prerequisites
-
You have
rootprivileges.
Procedure
Enable a
systemdtimer:# systemctl enable ipa-healthcheck.timerCreated symlink /etc/systemd/system/multi-user.target.wants/ipa-healthcheck.timer -> /usr/lib/systemd/system/ipa-healthcheck.timer.Start the
systemdtimer:# systemctl start ipa-healthcheck.timerOpen the
/etc/logrotate.d/ipahealthcheckfile to configure the number of logs you want to be saved:[...] rotate 30 }By default, logs are stored for 30 days before they are overwritten by newer logs.
In the same file, configure the path to the file storing the logs.
/var/log/ipa/healthcheck/healthcheck.log { [...]By default, logs are saved in the
/var/log/ipa/healthcheck/directory.- Save the file.
Ensure that the
crondservice is enabled and running:# systemctl enable crond# systemctl start crondTo start generating logs, start the IdM healthcheck service:
# systemctl start ipa-healthcheck
Verification
-
Navigate to the
/var/log/ipa/healthcheck/directory. - View the contents of the log file to check if it was created correctly.
1.5. Log rotation
Log rotation creates a new log file every day and the files are organized by date. The date is included in the filename.
By using log rotation, you can configure the maximum number of log files to store. If this number is exceeded, the newest file replaces the oldest one. For example, if the maximum rotation number is thirty, the thirty-first log file replaces the first, that is the oldest one.
Log rotation reduces voluminous log files and organizes them. This helps you analyze the logs.
1.6. IdM Healthcheck configuration modifications
You can change Identity Management (IdM) Healthcheck settings by adding the desired command line options to the /etc/ipahealthcheck/ipahealthcheck.conf file. This can be useful when, for example, you configured log rotation previously and now want to ensure the logs are in a format suitable for automatic analysis, but do not want to set up a new timer.
After you change the settings, all Healthcheck logs will use them, even when you run Healthcheck manually.
When running Healthcheck manually, the settings in the configuration file take precedence over the options specified in the command line. For example, if output_type is set to human in the configuration file, specifying json on the command line has no effect. Any command line options you use that are not specified in the configuration file are applied normally.
1.7. Configuring Healthcheck to change the output logs format
You can configure Healthcheck with a timer already configured. In this example, you re-configure Healthcheck to start producing logs in a human-readable format and to also include successful results instead of only errors.
Prerequisites
-
You have
rootprivileges. - You have previously configured Healthcheck to run on a schedule.
Procedure
-
Open the
/etc/ipahealthcheck/ipahealthcheck.conffile in a text editor. -
Add options
output_type=humanandall=Trueto the[default]section. - Save and close the file.
Verification
Run Healthcheck manually:
# ipa-healthcheck-
Go to
/var/log/ipa/healthcheck/and check that the logs are in the correct format.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}