[Freeipa-users] Advice sought on monitoring freeipa status
Roderick Johnstone
rmj at ast.cam.ac.uk
Wed May 18 10:08:49 UTC 2016
Hi
I'm trying to set up some monitoring of our freeipa installation. To
start with, I'd like to know eg:
1) If replication stopped
2) Whether the ldap datatbases on replicas are inconsistent with each other.
We have RHEL7 freeipa servers and RHEL6 and RHEL7 clients, all with
latest distribution packages.
I see a number of pages at www.ipa.org about monitoring freeipa in
various ways, but I'm not sure any were actually implemented yet.
Then I found this: https://github.com/peterpakos/ipa_check_consistency
which looks useful but seems to require a plain text password for a
privileged ldap account to be embedded in a file, which is less than ideal.
So, I was wondering, as a stop gap, whether its possible to control the
server that the ipa commands talk to at the command line?
One could then run a cron job to iterate through the servers and compare
various outputs from ipa commands. However, the ipa man page suggests
the ipa command will go for either the server explicitly set in
/etc/ipa/default.conf or if unavailable use those set in the DNS _SRV_
records.
Maybe there is a better way to do this that I missed altogether?
Roderick Johnstone
More information about the Freeipa-users
mailing list