Chapter 20. Installing and running the IdM Healthcheck tool

This chapter describes the IdM Healthcheck tool and how to install and run it.

Prerequisites

  • The Healthcheck tool is only available on RHEL 8.1 or later.

20.1. Healthcheck in IdM

The Healthcheck tool in Identity Management (IdM) helps find issues that may impact the health of your IdM environment.

Note

The Healthcheck tool is a command line tool that can be used without Kerberos authentication.

20.1.1. Modules are Independent

Healthcheck consists of independent modules which test for:

  • Replication issues
  • Certificate validity
  • Certificate Authority infrastructure issues
  • IdM and Active Directory trust issues
  • Correct file permissions and ownership settings

20.1.2. Two output formats

Healthcheck generates the following outputs:

  • Human-readable output
  • Machine-readable output in JSON format

The output destination for both human and JSON is standard output by default. You can specify a different destination with the --output-file option.

20.1.3. Results

Each Healthcheck module returns one of the following results:

SUCCESS
configured as expected
WARNING
not an error, but worth keeping an eye on or evaluating
ERROR
not configured as expected
CRITICAL
not configured as expected, with a high possibility for impact

20.2. Installing IdM Healthcheck

This section describes how to install the IdM Healthcheck tool.

Procedure

  • Install the ipa-healthcheck package:

    [root@master ~]# dnf install ipa-healthcheck
    Note

    On RHEL 8.1 and 8.2 systems, use the dnf install /usr/bin/ipa-healthcheck command instead.

Verification steps

  • Use the --failures-only option to have ipa-healthcheck only report errors. A fully-functioning IdM installation returns an empty result of [].

    [root@master ~]# ipa-healthcheck --failures-only
    []

Additional resources

  • Use ipa-healthcheck --help to see all supported arguments.

20.3. Running IdM Healthcheck

Healthcheck can be run manually or automatically using log rotation.

Prerequisites

Procedure

  • To run healthcheck manually, enter the ipa-healthcheck command.

    [root@master ~]# ipa-healthcheck

Additional resources

For all options, see the man page: man ipa-healthcheck.

20.4. Additional resources

See the following sections of Configuring and managing Identity Management for examples of using IdM Healthcheck.