Hi all,

Is there any official literature about how to monitor FreeIPA?

The upstream guide mentions:

1) Testing clients using id

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/client-test

2) Adding a user on a replica and verifying it appears on another server

https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/linux_domain_identity_authentication_and_policy_guide/replica-verify

There's also some troubleshooting appendices which look interesting.

I see also ipactl, "ipa ping", there seems to be:

https://www.freeipa.org/page/V4/Tool_to_Check_Status_of_All_Replicas
(but it seems dead)

https://www.freeipa.org/page/V4/Monitor_Replication_Topology

, and also some indepedent initiatives all over the web.

Is there any plan to provide an official way to monitor FreeIPA? My foremost concern would be to ensure that all clients are correctly enrolled and sudo/ssh work, so I am not locked out of my systems. Ensuring that replication works seems good and popular. Of course I can check that all services are running and ports respond.

What are the most common ways for FreeIPA to break?

Thoughts?

Álex

--
   ___
 {~._.~}
  ( Y )
 ()~*~()  mail: alex at corcoles dot net