An IPA installation is a complex system and identifying real or potential issues can be difficult and require a lot of analysis. This tool aims to reduce the burden of that and attempts to identify issues in advance so they can be corrected, ideally before the issue is critical.
These areas of the system to check can be logically grouped together. This grouping is called a source. A source consists of one or more checks.
A check is as atomic as possible to limit the scope and complexity and provide a yes/no answer on whether that particular configuration is correct.
Each check will return a result, either a result of WARNING, ERROR or CRITICAL or SUCCESS. Returning SUCCESS tells you that the check was done and was deemed correct. This should help track when the last time something was examined.
Upon failure the output will include the source and check that detected the failure along with a message and name/value pairs indicating the problem. It may very well be that the check can't make a final determination and generally defaults to WARNING if it can't be sure so that it can be examined.
There is no need for users to authenticate and get a ticket in advance for ipa-healthcheck to work. Existing tickets will not be used as ipa-healthcheck will leverage the host keytab and use a temporary credential cache.
Display a list of the available sources and the checks associated with those sources.
Execute checks within the named source, or all sources in the given namespace.
Execute this particular check within a source. The exact source must also be specified via --source.
Set the output type. Supported variants are human and json. The default is json.
Exclude SUCCESS results on output. If stdin is a tty then this will default to True. In all other cases it defaults to False.
Report all results.
Only report errors in the requested severity of SUCCESS, WARNING, ERROR or CRITICAL. This can be provided multiple times to search on multiple levels.
Generate verbose output.
Generate additional debugging output.
The results are displayed as a list of result messages for each check executed in JSON format. This could be input for a monitoring system.
Write the output to this filename rather than stdout.
Read the results of a previous run and re-display them.
Pretty-print the JSON with this indention level. This can make the output more human-readable.
The results are displayed in a more human-readable format.
Take as input a JSON results output and convert it to a more human-readable form.
Execute healthcheck with the default JSON output:
Execute healthcheck with a prettier JSON output:
# ipa-healthcheck --indent 2
Execute healthcheck and only display errors:
# ipa-healthcheck --failures-only
Display in human-readable output a previous report:
# ipa-healthcheck --output-type human --input-file \ /var/log/ipa/healthcheck/healthcheck.log
0 if all checks were successful
1 if any one check failed or the command failed to execute properly
Main website: https://www.freeipa.org/
Git repository for ipa-healthcheck: https://www.github.com/freeipa/freeipa-healthcheck/
The ipa-healthcheck distribution includes a documentation file named README.md which contains detailed explanations on executed checks.