第 6 章 使用 IdM Healthcheck 验证 KDC worker 进程的最佳数量

先决条件

• 您使用 RHEL 9.1 或更高版本。
• 您有 root 特权。

流程

• 输入：

  # ipa-healthcheck --source ipahealthcheck.ipa.kdc

  Copy to Clipboard Toggle word wrap

  • --source ipahealthcheck.ipa.kdc 选项可确保 IdM Healthcheck 仅执行 KDCWorkersCheck 测试。

    如果 KDC worker 进程的数量与 CPU 核数匹配，则测试会返回 SUCCESS ：

    {
    	"source": "ipahealthcheck.ipa.kdc",
    	"check": "KDCWorkersCheck",
    	"result": "SUCCESS",
    	"uuid": "68f6e20a-0aa9-427d-8fdc-fbb8196d56cd",
    	"when": "20230105162211Z",
    	"duration": "0.000157",
    	"kw": {
      	"key": "workers"
    	}
    }

    Copy to Clipboard Toggle word wrap

    如果 worker 进程数量与 CPU 核数不匹配，则测试会返回 WARNING。在以下示例中，带有 2 个核的主机被配置为只有一个 KDC worker 进程：

    {
        "source": "ipahealthcheck.ipa.kdc",
        "check": "KDCWorkersCheck",
        "result": "WARNING",
        "uuid": "972b7782-1616-48e0-bd5c-49a80c257895",
        "when": "20230105122236Z",
        "duration": "0.203049",
        "kw": {
          "key": ‘workers’,
          "cpus": 2,
          "workers": 1,
          "expected": "The number of CPUs {cpus} does not match the number of workers {workers} in {sysconfig}"
        }
    }

    Copy to Clipboard Toggle word wrap

    如果没有配置的 worker，则测试也会输出 WARNING。在以下示例中，/etc/sysconfig/krb5kdc 配置文件中缺少 KRB5KDC_ARGS 变量：

    {
      "source": "ipahealthcheck.ipa.kdc",
      "check": "KDCWorkersCheck",
      "result": "WARNING",
      "uuid": "5d63ea86-67b9-4638-a41e-b71f4
  56efed7",
      "when": "20230105162526Z",
      "duration": "0.000135",
      "kw": {
        "key": "workers",
        "sysconfig": "/etc/sysconfig/krb5kdc",
        "msg": "KRB5KDC_ARGS is not set in {sysconfig}"
      }
    }

  Copy to Clipboard Toggle word wrap