#2251 [tracker] healthcheck tool
Closed: migrated a year ago by dmoluguw. Opened 5 years ago by vakwetu.

There have been several cases where IPA customers have had to handle expired system or RA certificates by manually moving the system time back and attempting to renew using certmonger. Sometimes it seems that system users and agents do not have their certs updated.

It would be nice to have a tool (pki-server healthcheck) that determines whether the :
-- system certs are valid
-- system users exist
-- system users have the right certificates
-- agents have the right unexpired certificates

This maybe could/should be an IPA ticket (in that certmonger would need to be updated), but there are some aspects here which would need to be done by dogtag tools (ie. pki-server)

This would a tremendous help to customers and the community.


Per discussions with alee: 10.4

The following additional functionality specified in PKI TRAC TIcket #1712 - Running SystemCertsVerification from CLIshould be merged into this tool:

Currently the SystemCertsVerification can only be executed by starting up
the server. To simplify troubleshooting issues with system certificates
(e.g. ticket #1697) it would be nice to refactor the code such that the
selftest can also be executed as a standalone program, for example:


    $ pki-server ca-selftest-run


The CLI will be easier to connect to a debugger and the scope of the
investigation will be much smaller.

Per Offline Triage of 11/30/2016-12/01/2016: 10.4 - critical

Metadata Update from @vakwetu:
- Issue set to the milestone: 10.4

4 years ago

Per PKI Bug Council of 04/05/2017: 10.5

Metadata Update from @mharmsen:
- Custom field feature adjusted to ''
- Custom field proposedmilestone adjusted to ''
- Custom field proposedpriority adjusted to ''
- Custom field reviewer adjusted to ''
- Custom field version adjusted to ''
- Issue close_status updated to: None
- Issue set to the milestone: 10.5 (was: 10.4)

4 years ago

Metadata Update from @mharmsen:
- Issue priority set to: major (was: critical)
- Issue set to the milestone: FUTURE (was: 10.5)

4 years ago

Closing this ticket as a duplicate.

We have addressed many of these issues in a health check tool on the IPA side, and in the offline renewal tool on the Dogtag side.

Metadata Update from @vakwetu:
- Issue close_status updated to: duplicate
- Issue status updated to: Closed (was: Open)

4 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5.2 (was: FUTURE)

4 years ago

Reopening this (because no duplicate BZ could be found for this ticket's corresponding BZ).

We will now treat this as a tracker ticket. Please reference any related/subordinate tickets in the blockedby field.

Metadata Update from @ftweedal:
- Issue status updated to: Open (was: Closed)

4 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.5 (was: 10.5.2)

4 years ago

Metadata Update from @mharmsen:
- Issue assigned to vakwetu

4 years ago

Metadata Update from @mharmsen:
- Issue set to the milestone: 10.6 (was: 10.5)

3 years ago

Per 10.5.x/10.6 Triage: 10.6

Metadata Update from @mharmsen:
- Issue assigned to dmoluguw (was: vakwetu)

3 years ago

An initial framework has been designed and implemented via PR: https://github.com/dogtagpki/pki/pull/301

More healthchecks will be added as part of separte PR. I'll keep this ticket open at least until the healthchecks described in the description are addressed.

Dogtag PKI is moving from Pagure issues to GitHub issues. This means that existing or new
issues will be reported and tracked through Dogtag PKI's GitHub Issue tracker.

This issue has been cloned to GitHub and is available here:
https://github.com/dogtagpki/pki/issues/2371

If you want to receive further updates on the issue, please navigate to the
GitHub issue and click on Subscribe button.

Thank you for understanding, and we apologize for any inconvenience.

Metadata Update from @dmoluguw:
- Issue close_status updated to: migrated
- Issue status updated to: Closed (was: Open)

a year ago

Login to comment on this ticket.

Metadata