Este conteúdo não está disponível no idioma selecionado.
Chapter 7. Checking IdM replication using Healthcheck
You can test Identity Management (IdM) replication using the Healthcheck tool.
Prerequisites
- You are using RHEL version 8.1 or newer.
7.1. Replication healthcheck tests
The Healthcheck tool tests the Identity Management (IdM) topology configuration and searches for replication conflict issues.
To list all tests, run the ipa-healthcheck
with the --list-sources
option:
# ipa-healthcheck --list-sources
The topology tests are placed under the ipahealthcheck.ipa.topology
and ipahealthcheck.ds.replication
sources:
- IPATopologyDomainCheck
This test verifies:
- That no single server is disconnected from the topology.
- That servers do not have more than the recommended number of replication agreements.
If the test succeeds, the test returns the configured domains. Otherwise, specific connection errors are reported.
NoteThe test runs the
ipa topologysuffix-verify
command for thedomain
suffix. It also runs the command for theca
suffix if the IdM Certificate Authority server role is configured on this server.- ReplicationConflictCheck
-
The test searches for entries in LDAP matching
(&(!(objectclass=nstombstone))(nsds5ReplConflict=*))
.
Run these tests on all IdM servers when trying to check for issues.
Additional resources
7.2. Screening replication using Healthcheck
Follow this procedure to run a standalone manual test of an Identity Management (IdM) replication topology and configuration using the Healthcheck tool.
The Healthcheck tool includes many tests. Therefore, you can shorten the results with:
-
Replication conflict test:
--source=ipahealthcheck.ds.replication
-
Correct topology test:
--source=ipahealthcheck.ipa.topology
Prerequisites
-
You are logged in as the
root
user.
Procedure
To run Healthcheck replication conflict and topology checks, enter:
# ipa-healthcheck --source=ipahealthcheck.ds.replication --source=ipahealthcheck.ipa.topology
Four different results are possible:
SUCCESS — the test passed successfully.
{ "source": "ipahealthcheck.ipa.topology", "check": "IPATopologyDomainCheck", "result": "SUCCESS", "kw": { "suffix": "domain" } }
- WARNING — the test passed but there might be a problem.
ERROR — the test failed.
{ "source": "ipahealthcheck.ipa.topology", "check": "IPATopologyDomainCheck", "result": "ERROR", "uuid": d6ce3332-92da-423d-9818-e79f49ed321f "when": 20191007115449Z "duration": 0.005943 "kw": { "msg": "topologysuffix-verify domain failed, server2 is not connected (server2_139664377356472 in MainThread)" } }
- CRITICAL — the test failed and it affects the IdM server functionality.
Additional resources
-
man ipa-healthcheck