[Pkg-freeipa-devel] [Git][freeipa-team/freeipa-healthcheck][master] 37 commits: Remove testing of Fedora 29, it is EOL

Timo Aaltonen gitlab at salsa.debian.org
Fri Aug 14 08:51:51 BST 2020

Timo Aaltonen pushed to branch master at FreeIPA packaging / freeipa-healthcheck

9a01c168 by Rob Crittenden at 2020-01-14T14:08:55-05:00
Remove testing of Fedora 29, it is EOL

It was tested originally because it tested against the IPA 4.7.x

- - - - -
b622e0d4 by Dinesh Prasanth M K at 2020-01-16T16:45:46-05:00
Move ipa-healthcheck man category to 8

The ipa-healthcheck command needs to be executed as a superuser since it
requires special privileges. Category 1 man pages are used for regular
user-commands while Category 8 is used for superuser commands. Hence,
moving the ipa-healthcheck to the right category.

Ref: https://linux.die.net/man/8/intro

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
1c968893 by Rob Crittenden at 2020-01-31T12:35:03+01:00
Don't consider a missing configuration file to be fatal

If no config file then log a warning and use all the built-in


- - - - -
f0a85ca3 by Rob Crittenden at 2020-02-04T09:39:01-05:00
Initial attempt at using healthcheck framework for cluster analysis

I think there is room for a lot more abstraction in the core
processing, and options almost certainly need to be passed into
the registry and plugins somehow.

- - - - -
2d06ab43 by Rob Crittenden at 2020-02-04T09:39:01-05:00
Read in all files, parse as JSON, skip invalid files

Read in all files from the provided directory, verify that they
are valid JSON, determine which host they are from and store the
data for each host in a list stored in the registry (for now).

There may be no complelling reasons to have multiple registries
for cluster analysis, we'll see.

- - - - -
af77cc14 by Rob Crittenden at 2020-02-04T09:39:01-05:00
Check that there is exactly one CRL Manager defined in the cluster

Loop through all the hosts, identify those who are configured as
CRL manager, and report:

- if 0 then error
- if 1 the things are fine
- if > 1 then error

- - - - -
cc1d96b8 by Rob Crittenden at 2020-02-04T09:39:01-05:00
Add some abstraction to opts parser and output handling

This is primarly for cluster integration. It doesn't need the
json or human output types and providing them will just confuse

It also doesn't need the severity, failures-only and input-file
options, so let those be optional.

This should be backwards compatible with ipa-healthcheck and
any other user of RunChecks since this should default to the
original behavior.

- - - - -
d247c615 by Rob Crittenden at 2020-02-04T09:39:01-05:00
Use new abstracted opts and add Ansible output plugin

This adds a new optional argument to registry: options

The options may be necessary when initializing a registry of

Checks will need to return "name" and "value" in the kw results
and these are translated into those names when output.

For example:

yield Result(self, constants.SUCCESS, name='foo', value='bar')

will result in the output:


- - - - -
0431fc97 by Mark Reynolds at 2020-02-06T09:56:27-05:00
Add Directory Server Healthchecks from lib389

Add all the current DS healthchecks fom lib389 into IDM healthcheck.
Also removed the current conflict check as this is now covered by
the lib389 Replica checks.

- - - - -
fa0fb394 by Mark Reynolds at 2020-02-06T09:56:27-05:00
Fix flake8 errors

- - - - -
a1e661f6 by Mark Reynolds at 2020-02-06T09:56:27-05:00
Add Rob's condensing patch

- - - - -
5b1259ca by Rob Crittenden at 2020-02-07T15:31:28+01:00
Collect the entire list of masters in the meta plugin

This is so the total known masters is known when doing cluster
evaluation. A master may not have provided its healthcheck log
so it will be unknonw to the cluster.

- - - - -
201c1a1d by Rob Crittenden at 2020-02-25T12:23:20+01:00
Report all known RUVs on each master

This is so one can compare the expected RUVs (based on nsds5ReplicaId)
and the actual RUVs stored in cn=mapping tree.

- - - - -
f1900b4d by Rob Crittenden at 2020-02-25T12:23:20+01:00
Rename and extend find_check to find multiple check outputs

There are many checks that can return multiple values. All
of those will be necessary for cluster checking, return them all.

- - - - -
3ef3e555 by Rob Crittenden at 2020-02-25T12:23:20+01:00
Determine if there are any dangling RUVs

This code is based heavily on the ipa-replica-manage function
clean_dangling_ruvs. The main difference is the source of
the information for the calculation.

- - - - -
b6d346b8 by Rob Crittenden at 2020-02-25T12:23:20+01:00
Create IPA Meta check to report all known masters

This is useful for cluster checking so the checker will know
whether the logs for all masters have been collected.

It is up to the consumer to see if the list is the same between
all masters.

- - - - -
d4f5e890 by Rob Crittenden at 2020-02-25T12:23:20+01:00
Return the known list of masters or raise an exception

This is the ful list of masters within any one healthcheck log.
It is up to the cluster to verify that all the masters have the
same view of what the total list should be.

- - - - -
a24c52f2 by Rob Crittenden at 2020-02-25T12:23:20+01:00
Use get_masters, tidy up exception handling and output

The method to retrieve all known masters was moved out.

A number of extra checks to avoid and handle exceptions was added.

Ensure that two results are always yielded, one for IPA and one
for CA RUVs.

- - - - -
d1640be4 by Rob Crittenden at 2020-02-25T12:23:20+01:00
Add test for cluster RUV

The test data in a python file like this may not scale but it
avoids the hassle of figuring out what directory to read the
data from.

- - - - -
4defcc17 by Alexander Bokovoy at 2020-03-03T08:14:26-05:00
Fix man page to be consistent

- --output-type description didn't specify possible types
- examples used non-existing option --output-format
- use .nf/.fi for pre-formatted text
- use default healthcheck log location in the examples

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1809215

- - - - -
49ff934f by Timo Aaltonen at 2020-03-28T09:47:04+02:00
copyright: License is just GPL-3.

- - - - -
3864113f by Timo Aaltonen at 2020-03-28T09:47:14+02:00
releasing package freeipa-healthcheck version 0.5-2

- - - - -
32e95e70 by Dinesh Prasanth M K at 2020-06-03T14:17:40-04:00
Change default logging to display WARNING level

This patch sets the default logging to WARNING and
adds a new CLI option --verbose to print
INFO level information.

This avoids printing of verbose data from pki-healthcheck

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
25d27974 by Dinesh Prasanth M K at 2020-06-03T14:17:40-04:00
Fix flake8 errors

Signed-off-by: Dinesh Prasanth M K <dmoluguw at redhat.com>

- - - - -
51e701d3 by Fraser Tweedale at 2020-06-09T15:06:48-04:00
enhance --source to specify source namespace

As a FreeIPA developer I want ipa-healthcheck to be able to execute
all sources in a given namespace, excluding others, so that
addition/removal of checks by other projects (e.g. Dogtag) does not
affect test results.

Enhance the --source option such that its argument is treated as a

- - - - -
44f8c1a1 by Rob Crittenden at 2020-06-10T11:33:59-04:00
If certificate not-valid-after date == 0 assume it wasn't issued

If a certmonger request failed for some reason, for example
no write permissions in the target directory, the tracking request
will report a not-valid-after value of 0.

Don't report a bogus expired message:

Request id 20190527133249 expired on 19700101000000Z

- - - - -
1188d5be by Rob Crittenden at 2020-06-10T11:33:59-04:00
Expand certificate tracking error messages, use variable substitution

Include more information in msg on what a failure means.

Drop the inline string with one that uses variable substution.
This will make it possible to translate the strings in the future.

- - - - -
b7faf4fa by Rob Crittenden at 2020-06-23T14:28:53-04:00
Don't completely fail if a registry fails to initialize

Log the error if registry initialization fails. This will
suppress a bad plugin from preventing healthcheck from
executing at all.

Currently this will only be reported on stdout so it won't
be immediately obvious that an entire registry is skipped.

- - - - -
85efb3ba by Rob Crittenden at 2020-06-23T14:29:08-04:00
Default to failures-only when stdin is a tty

It is annoying and confusing to have to provide --failures-only
every time ipa-healthcheck is run on a console. Most users just
want to see what is wrong. So if stdin is a tty (this allows
pipes and redirects) and a new --all option is not set and no
--output-file is set then default to failures-only.

This still allows all combinations of output options but gives
more control and expected output to a user trying to see if their
install is good, after an upgrade for example.

- - - - -
74a3f66c by Rob Crittenden at 2020-07-01T13:43:40-04:00
Support the older registry initialization API for another release

Initially this would be caught and the external plugin just ignored.
Add a deprecation message instead so they have a chance to catch
up and fix their initialization.

- - - - -
d32f834b by Rob Crittenden at 2020-07-01T13:51:08-04:00
Fix recursion in the Config object

The data dictionary was incorrectly recursive, ala

Signed-off-by: Rob Crittenden <rcritten at redhat.com>

- - - - -
5d998b66 by Rob Crittenden at 2020-07-01T13:58:29-04:00
Become 0.6

- - - - -
0602e30e by Timo Aaltonen at 2020-08-14T10:17:20+03:00
Merge branch 'upstream'

- - - - -
8ce42796 by Timo Aaltonen at 2020-08-14T10:19:21+03:00
bump the version

- - - - -
171ebba7 by Timo Aaltonen at 2020-08-14T10:49:04+03:00
install: Add clustercheck files.

- - - - -
9fe3712c by Timo Aaltonen at 2020-08-14T10:49:15+03:00
rules: Fix manpage section.

- - - - -
2e6ab234 by Timo Aaltonen at 2020-08-14T10:51:11+03:00
releasing package freeipa-healthcheck version 0.6-1

- - - - -

30 changed files:

- .travis.yml
- debian/changelog
- debian/copyright
- debian/freeipa-healthcheck.install
- debian/python3-ipahealthcheck-core.install
- debian/rules
- man/man5/ipahealthcheck.conf.5
- man/man1/ipa-healthcheck.1 → man/man8/ipa-healthcheck.8
- setup.py
- + src/ipaclustercheck/__init__.py
- + src/ipaclustercheck/core/__init__.py
- + src/ipaclustercheck/core/main.py
- + src/ipaclustercheck/core/output.py
- + src/ipaclustercheck/ipa/__init__.py
- + src/ipaclustercheck/ipa/crlmanager.py
- + src/ipaclustercheck/ipa/plugin.py
- + src/ipaclustercheck/ipa/ruv.py
- src/ipahealthcheck/core/config.py
- src/ipahealthcheck/core/core.py
- src/ipahealthcheck/core/main.py
- src/ipahealthcheck/core/output.py
- src/ipahealthcheck/core/plugin.py
- src/ipahealthcheck/dogtag/plugin.py
- + src/ipahealthcheck/ds/backends.py
- + src/ipahealthcheck/ds/config.py
- + src/ipahealthcheck/ds/disk_space.py
- + src/ipahealthcheck/ds/ds_plugins.py
- + src/ipahealthcheck/ds/dse.py
- + src/ipahealthcheck/ds/encryption.py

The diff was not included because it is too large.

View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/compare/18a93a7b0868a4052ba687dc4b210dc71a388e27...2e6ab234caa7416e72c90d99e2906e172745c9d4

View it on GitLab: https://salsa.debian.org/freeipa-team/freeipa-healthcheck/-/compare/18a93a7b0868a4052ba687dc4b210dc71a388e27...2e6ab234caa7416e72c90d99e2906e172745c9d4
You're receiving this email because of your account on salsa.debian.org.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/pkg-freeipa-devel/attachments/20200814/47b09909/attachment-0001.html>

More information about the Pkg-freeipa-devel mailing list