Mostly from nirik in matrix:
restarting ipa on ipa01... noticed pki-tomcatd wasn't running.
I'm not sure why it was not showing as running... it actually was running, but not working.
I noticed it because the ipa auth tab tries to load all the certs issued and instead had an error.
a nagios/zabbix check for it would be good.
Metadata Update from @james: - Issue priority set to: Waiting on Assignee (was: Needs Review) - Issue tagged with: low-gain, medium-trouble
If possible, let's use zabbix since that's where we're headed.
Worth noting that: 'ipactl status' showed it as down 'systemctl status' showed it as running.
What about pki-tomcatd logs ?? is there anything with error state ??
Yeah, I don't see anything in there off hand. ;(
Hello world :wave: We can imagine have nagios check for systemd pki-tomcatd ?? or we should be more explicit ? Something like https://pagure.io/fedora-infra/ansible/blob/main/f/roles/nagios_client/files/scripts/check_systemd_units
I can send PR if that makes sense
Hi @kevin Is it something you have in mind for that purpose ? Can you leave any feedback please ?
Yeah, meant to reply here, but it got lost in my mailbox or something. ;(
My thought is that we don't want to add anything more to nagios at this point. nagios is going away. However, we do want to still add something to check this moving forward, but we want to add it to zabbix. ;)
There may be some kind of module/native zabbix monitoring for ipa?
If not, perhaps 'dsctl' will work?
% dsctl STG-FEDORAPROJECT-ORG status Instance "STG-FEDORAPROJECT-ORG" is running
or ipactl status?
Directory Service: RUNNING krb5kdc Service: RUNNING kadmin Service: RUNNING httpd Service: RUNNING ipa-custodia Service: RUNNING pki-tomcatd Service: RUNNING ipa-otpd Service: RUNNING ipa: INFO: The ipactl command was successful
or, there is also a 'ipa-healthcheck'... it looks like it has a number of warnings for us now tho, so if we do that we should clean up those warnings:
[root@ipa01 ~][STG]# ipa-healthcheck [ { "source": "ipahealthcheck.ds.backends", "check": "BackendsCheck", "result": "CRITICAL", "uuid": "9c757af9-f124-47c8-8375-6cdac3344ecc", "when": "20251121214817Z", "duration": "0.293055", "kw": { "key": "DSVIRTLE0001", "items": [ "Virtual Attributes", "dc=stg,dc=fedoraproject,dc=org", "Class Of Service (COS)", "cosAttribute: nsaccountlock" ], "msg": "You should not index virtual attributes, and as this will break searches that use the attribute in a filter." } ...then a ton of warnings...
Log in to comment on this ticket.