Wow! It's really important question.
I'm joining with it. It's good to be able to know what happening with
IPA-infra.
Espesially - ssh/sudo working (in general at least, with out concearning
about HBAC+Policy groups).
2018-01-31 22:04 GMT+03:00 Alex Corcoles via FreeIPA-users <
freeipa-users(a)lists.fedorahosted.org>:
Hi all,
Is there any official literature about how to monitor FreeIPA?
The upstream guide mentions:
1) Testing clients using id
https://access.redhat.com/documentation/en-us/red_hat_
enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_
guide/client-test
2) Adding a user on a replica and verifying it appears on another server
https://access.redhat.com/documentation/en-us/red_hat_
enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_
guide/replica-verify
There's also some troubleshooting appendices which look interesting.
I see also ipactl, "ipa ping", there seems to be:
https://www.freeipa.org/page/V4/Tool_to_Check_Status_of_All_Replicas
(but it seems dead)
https://www.freeipa.org/page/V4/Monitor_Replication_Topology
, and also some indepedent initiatives all over the web.
Is there any plan to provide an official way to monitor FreeIPA? My
foremost concern would be to ensure that all clients are correctly enrolled
and sudo/ssh work, so I am not locked out of my systems. Ensuring that
replication works seems good and popular. Of course I can check that all
services are running and ports respond.
What are the most common ways for FreeIPA to break?
Thoughts?
Álex
--
___
{~._.~}
( Y )
()~*~() mail: alex at corcoles dot net
(_)-(_)
http://alex.corcoles.net/
_______________________________________________
FreeIPA-users mailing list -- freeipa-users(a)lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-leave(a)lists.fedorahosted.org