Warning should be displayed when ipa-healtcheck tool is run as normal linux user.
Currently when a normal linux user runs healthcheck tool it gives error, instead we should display warning message such as only root user can run the tool.
[testuser@master]$ ipa-healthcheck /usr/lib/python3.7/site-packages/ipahealthcheck/core/core.py:269: DeprecationWarning: Trying deprecated initialization API: initialize() takes 3 positional arguments but 4 were given DeprecationWarning) Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message /usr/lib/python3.7/site-packages/ipahealthcheck/ipa/host.py:41: DeprecationWarning: Use 'ipapython.ipautil.remove_file' installutils.remove_file(ccache_name) [ { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConfigCheck", "result": "CRITICAL", "uuid": "dffa0f74-ea29-4c4e-8a80-d65fcd708a79", "when": "20200811122952Z", "duration": "0.002170", "kw": { "exception": "NSSDB '/etc/pki/pki-tomcat/alias' not initialized." } }, { "source": "ipahealthcheck.dogtag.ca", "check": "DogtagCertsConnectivityCheck", "result": "ERROR", "uuid": "9c445db9-d3f3-4a34-a5ab-4b3cbe1700af", "when": "20200811122952Z", "duration": "0.006043", "kw": { "msg": "Request for certificate failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ds.backends", "check": "BackendsCheck", "result": "CRITICAL", "uuid": "ff3512e6-4483-4762-8b71-01c45973e250", "when": "20200811122952Z", "duration": "0.000178", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.config", "check": "ConfigCheck", "result": "CRITICAL", "uuid": "2ac2daf7-1fd0-4152-899b-4a326d271724", "when": "20200811122952Z", "duration": "0.000049", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.disk_space", "check": "DiskSpaceCheck", "result": "CRITICAL", "uuid": "fff62a91-64a8-4222-9a53-b7371889a485", "when": "20200811122952Z", "duration": "0.000043", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.dse", "check": "DSECheck", "result": "CRITICAL", "uuid": "7857f9e0-d28d-4ff3-97d3-a69370a9bf37", "when": "20200811122952Z", "duration": "0.000036", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.encryption", "check": "EncryptionCheck", "result": "CRITICAL", "uuid": "5b8844f3-32bf-4d47-8088-2553332c726f", "when": "20200811122952Z", "duration": "0.000037", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.fs_checks", "check": "FSCheck", "result": "CRITICAL", "uuid": "92660ed2-c347-4536-ba05-b8cd9ada6bfb", "when": "20200811122952Z", "duration": "0.000035", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.nss_ssl", "check": "NssCheck", "result": "CRITICAL", "uuid": "2af26c5e-ee3f-4029-b826-dbe3d4d379f9", "when": "20200811122952Z", "duration": "0.000036", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.ds_plugins", "check": "RIPluginCheck", "result": "CRITICAL", "uuid": "7511dea6-4a7d-4a1f-af76-e8db56e926bb", "when": "20200811122952Z", "duration": "0.000035", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.replication", "check": "ReplicationCheck", "result": "CRITICAL", "uuid": "3f2a78db-010a-4d36-8afb-253f665e55a0", "when": "20200811122952Z", "duration": "0.000035", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.replication", "check": "ReplicationChangelogCheck", "result": "CRITICAL", "uuid": "f8ea58dc-cb48-40f3-b518-68eaf61d4b9a", "when": "20200811122952Z", "duration": "0.000036", "kw": { "exception": "Could not find configuration for instance: FEDORA31-TEST" } }, { "source": "ipahealthcheck.ds.ruv", "check": "KnownRUVCheck", "result": "CRITICAL", "uuid": "104d84f5-7521-45f5-990e-7b6a4bcbe624", "when": "20200811122952Z", "duration": "0.000067", "kw": { "exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerExpirationCheck", "result": "CRITICAL", "uuid": "01562f4b-6214-4c99-be56-7970a3ba8352", "when": "20200811122952Z", "duration": "0.002226", "kw": { "exception": "org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertfileExpirationCheck", "result": "CRITICAL", "uuid": "f542d774-f793-440b-ac11-4deef9a6adfa", "when": "20200811122952Z", "duration": "0.000665", "kw": { "exception": "org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertTracking", "result": "CRITICAL", "uuid": "31a685f0-5478-406b-9437-59fedff928df", "when": "20200811122952Z", "duration": "0.000233", "kw": { "exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertNSSTrust", "result": "CRITICAL", "uuid": "b423c91f-e51c-4e65-8993-c5649e1c0277", "when": "20200811122952Z", "duration": "0.001737", "kw": { "exception": "NSSDB '/etc/pki/pki-tomcat/alias' not initialized." } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPANSSChainValidation", "result": "ERROR", "uuid": "61ffa894-3f3f-4ca8-970b-8eab9295c97b", "when": "20200811122952Z", "duration": "0.000050", "kw": { "error": "[Errno 13] Permission denied: '/etc/pki/pki-tomcat/password.conf'", "msg": "Unable to read CA NSSDB token password: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPAOpenSSLChainValidation", "result": "ERROR", "uuid": "5278f3df-01c5-4bad-8605-b5f930a17250", "when": "20200811122952Z", "duration": "0.006056", "kw": { "key": "/var/lib/ipa/certs/httpd.crt", "reason": "Can't open /var/lib/ipa/certs/httpd.crt for reading, Permission denied\n139998803199808:error:0200100D:system library:fopen:Permission denied:crypto/bio/bss_file.c:69:fopen('/var/lib/ipa/certs/httpd.crt','r')\n139998803199808:error:2006D002:BIO routines:BIO_new_file:system lib:crypto/bio/bss_file.c:78:\nunable to load certificate\n", "msg": "Certificate validation for {key} failed: {reason}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPAOpenSSLChainValidation", "result": "ERROR", "uuid": "91df5d1c-4817-4b4d-b0f2-4feac78a88cd", "when": "20200811122952Z", "duration": "0.011576", "kw": { "key": "/var/lib/ipa/ra-agent.pem", "reason": "Can't open /var/lib/ipa/ra-agent.pem for reading, Permission denied\n140321520256832:error:0200100D:system library:fopen:Permission denied:crypto/bio/bss_file.c:69:fopen('/var/lib/ipa/ra-agent.pem','r')\n140321520256832:error:2006D002:BIO routines:BIO_new_file:system lib:crypto/bio/bss_file.c:78:\nunable to load certificate\n", "msg": "Certificate validation for {key} failed: {reason}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPARAAgent", "result": "ERROR", "uuid": "ffadb282-4520-4516-9a45-e48f0fc51b01", "when": "20200811122952Z", "duration": "0.000092", "kw": { "error": "[Errno 13] Permission denied: '/var/lib/ipa/ra-agent.pem'", "msg": "Unable to load RA cert: {error}" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertRevocation", "result": "CRITICAL", "uuid": "d978c572-4d1b-4be0-9301-27f4e5992b4b", "when": "20200811122952Z", "duration": "0.000665", "kw": { "exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerCA", "result": "ERROR", "uuid": "30a0804c-1ad8-4734-b4c9-09aea18b3737", "when": "20200811122952Z", "duration": "0.001302", "kw": { "key": "IPA", "msg": "Certmonger CA '{key}' missing" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerCA", "result": "ERROR", "uuid": "904e7629-883d-4512-abbe-e7eb8ee7d5a8", "when": "20200811122952Z", "duration": "0.001954", "kw": { "key": "dogtag-ipa-ca-renew-agent", "msg": "Certmonger CA '{key}' missing" } }, { "source": "ipahealthcheck.ipa.certs", "check": "IPACertmongerCA", "result": "ERROR", "uuid": "5ce472c2-1ae2-4679-8ead-289bbddfbe6b", "when": "20200811122952Z", "duration": "0.002615", "kw": { "key": "dogtag-ipa-ca-renew-agent-reuse", "msg": "Certmonger CA '{key}' missing" } }, { "source": "ipahealthcheck.ipa.dna", "check": "IPADNARangeCheck", "result": "CRITICAL", "uuid": "dc743b54-f164-4a62-84a3-e7dbb2037b4c", "when": "20200811122952Z", "duration": "0.014965", "kw": { "exception": "Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: KCM:))" } }, { "source": "ipahealthcheck.ipa.idns", "check": "IPADNSSystemRecordsCheck", "result": "CRITICAL", "uuid": "ea64a45e-0d14-46d8-aae8-55e5c64b3100", "when": "20200811122952Z", "duration": "0.001169", "kw": { "exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.files", "check": "IPAFileNSSDBCheck", "result": "CRITICAL", "uuid": "1ea819ba-b101-4414-8061-4df7f9bf58e6", "when": "20200811122952Z", "duration": "0.000122", "kw": { "exception": "[Errno 13] Permission denied: '/etc/dirsrv/slapd-FEDORA31-TEST/cert9.db'" } }, { "source": "ipahealthcheck.ipa.files", "check": "IPAFileCheck", "result": "CRITICAL", "uuid": "2d947544-4dae-43ab-abd8-ede4c070d4b9", "when": "20200811122952Z", "duration": "0.001194", "kw": { "exception": "org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message" } }, { "source": "ipahealthcheck.ipa.files", "check": "TomcatFileCheck", "result": "CRITICAL", "uuid": "75d9f367-28e0-47f8-bdd6-dfa7b89766ce", "when": "20200811122952Z", "duration": "0.000063", "kw": { "exception": "[Errno 13] Permission denied: '/etc/pki/pki-tomcat/password.conf'" } }, { "source": "ipahealthcheck.ipa.host", "check": "IPAHostKeytab", "result": "ERROR", "uuid": "fd81312e-0be6-4c1e-9571-d3d4eec2dbef", "when": "20200811122952Z", "duration": "0.001709", "kw": { "msg": "Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639107): No credentials cache found" } }, { "source": "ipahealthcheck.ipa.meta", "check": "IPAMetaCheck", "result": "ERROR", "uuid": "83450123-2278-4868-9694-d45f280011f3", "when": "20200811122952Z", "duration": "0.000999", "kw": { "msg": "server-show failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.roles", "check": "IPACRLManagerCheck", "result": "CRITICAL", "uuid": "869719af-d244-45ff-ac49-327e4878e8f5", "when": "20200811122952Z", "duration": "0.000062", "kw": { "exception": "Unable to read /var/lib/pki/pki-tomcat/conf/ca/CS.cfg" } }, { "source": "ipahealthcheck.ipa.roles", "check": "IPARenewalMasterCheck", "result": "ERROR", "uuid": "ae2bc7bb-622b-40cf-84bd-b9c1b1c560bd", "when": "20200811122952Z", "duration": "0.000328", "kw": { "key": "renewal_master", "msg": "Request for configuration failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.topology", "check": "IPATopologyDomainCheck", "result": "ERROR", "uuid": "6415d7b5-4370-4a86-8bfe-4db746f0a350", "when": "20200811122952Z", "duration": "0.000351", "kw": { "msg": "topologysuffix-verify domain failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.topology", "check": "IPATopologyDomainCheck", "result": "CRITICAL", "uuid": "3a02df11-291b-47fc-a71a-6bb0f1b3c8de", "when": "20200811122952Z", "duration": "0.000524", "kw": { "exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)" } }, { "source": "ipahealthcheck.ipa.trust", "check": "IPADomainCheck", "result": "CRITICAL", "uuid": "ee32eeb7-1405-46f5-a27d-2028ecef838c", "when": "20200811122952Z", "duration": "0.006040", "kw": { "error": "[Errno 13] Permission denied: '/etc/sssd/sssd.conf'", "key": "domain-check", "msg": "Unable to parse sssd.conf: {error}" } } ]
Warning should be displayed on the console rather than allowing the tool to run as normal user.
$ rpm -q freeipa-server freeipa-client ipa-server ipa-client 389-ds-base pki-ca krb5-server
Can you close this ticket and re-open in the upstream freeipa-healthcheck tracker at https://github.com/freeipa/freeipa-healthcheck/issues ?
Metadata Update from @sumenon: - Issue close_status updated to: invalid - Issue status updated to: Closed (was: Open)
Login to comment on this ticket.