rpms
/
ipa-healthcheck
20
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

import ipa-healthcheck-0.16-6.el10

Browse Source
c10-beta imports/c10-beta/ipa-healthcheck-0.16-6.el10
MSVSphere Packaging Team 3 months ago
commit d4973ef90e
Signed by: sys_gitsync
GPG Key ID: B2B0B9F29E528FE8
13 changed files with 1551 additions and 0 deletions
Show Stats Download Patch File Download Diff File

1
.gitignore vendored
Unescape View File

@ -0,0 +1 @@
SOURCES/0.16.tar.gz

1
.ipa-healthcheck.metadata
Unescape View File

@ -0,0 +1 @@
b6edbda881bceb9e0266169e06eb35984b1a7a77 SOURCES/0.16.tar.gz

639
SOURCES/0001-Remove-ipaclustercheck.patch
Unescape View File

@ -0,0 +1,639 @@
From 378e0a353e670a6b498d454558a9139a859890d4 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 9 Nov 2023 10:49:05 -0500
Subject: [PATCH] Remove ipaclustercheck
---
setup.py | 12 +-
src/ipaclustercheck/__init__.py | 5 -
src/ipaclustercheck/core/__init__.py | 0
src/ipaclustercheck/core/main.py | 32 ------
src/ipaclustercheck/core/output.py | 68 -----------
src/ipaclustercheck/ipa/__init__.py | 0
src/ipaclustercheck/ipa/crlmanager.py | 36 ------
src/ipaclustercheck/ipa/plugin.py | 117 -------------------
src/ipaclustercheck/ipa/ruv.py | 155 --------------------------
tests/test_cluster_ruv.py | 106 ------------------
10 files changed, 1 insertion(+), 530 deletions(-)
delete mode 100644 src/ipaclustercheck/__init__.py
delete mode 100644 src/ipaclustercheck/core/__init__.py
delete mode 100644 src/ipaclustercheck/core/main.py
delete mode 100644 src/ipaclustercheck/core/output.py
delete mode 100644 src/ipaclustercheck/ipa/__init__.py
delete mode 100644 src/ipaclustercheck/ipa/crlmanager.py
delete mode 100644 src/ipaclustercheck/ipa/plugin.py
delete mode 100644 src/ipaclustercheck/ipa/ruv.py
delete mode 100644 tests/test_cluster_ruv.py
diff --git a/setup.py b/setup.py
index d926302..cb6265a 100644
--- a/setup.py
+++ b/setup.py
@@ -4,7 +4,7 @@ from setuptools import find_packages, setup
setup(
name='ipahealthcheck',
version='0.16',
- namespace_packages=['ipahealthcheck', 'ipaclustercheck'],
+ namespace_packages=['ipahealthcheck'],
package_dir={'': 'src'},
# packages=find_packages(where='src'),
packages=[
@@ -14,14 +14,11 @@ setup(
'ipahealthcheck.ipa',
'ipahealthcheck.meta',
'ipahealthcheck.system',
- 'ipaclustercheck.core',
- 'ipaclustercheck.ipa',
],
entry_points={
# creates bin/ipahealthcheck
'console_scripts': [
'ipa-healthcheck = ipahealthcheck.core.main:main',
- 'ipa-clustercheck = ipaclustercheck.core.main:main',
],
# subsystem registries
'ipahealthcheck.registry': [
@@ -72,13 +69,6 @@ setup(
'ipahealthcheck.system': [
'filesystemspace = ipahealthcheck.system.filesystemspace',
],
- 'ipaclustercheck.registry': [
- 'ipaclustercheck.ipa = ipaclustercheck.ipa.plugin:registry',
- ],
- 'ipaclustercheck.ipa': [
- 'crl = ipaclustercheck.ipa.crlmanager',
- 'ruv = ipaclustercheck.ipa.ruv',
- ],
},
classifiers=[
'Programming Language :: Python :: 3.6',
diff --git a/src/ipaclustercheck/__init__.py b/src/ipaclustercheck/__init__.py
deleted file mode 100644
index 6c91ef7..0000000
--- a/src/ipaclustercheck/__init__.py
+++ /dev/null
@@ -1,5 +0,0 @@
-#
-# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
-#
-
-__import__('pkg_resources').declare_namespace(__name__)
diff --git a/src/ipaclustercheck/core/__init__.py b/src/ipaclustercheck/core/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/src/ipaclustercheck/core/main.py b/src/ipaclustercheck/core/main.py
deleted file mode 100644
index f475832..0000000
--- a/src/ipaclustercheck/core/main.py
+++ /dev/null
@@ -1,32 +0,0 @@
-#
-# Copyright (C) 2020 FreeIPA Contributors see COPYING for license
-#
-
-import sys
-
-from ipaclustercheck.core.output import output_registry
-from ipahealthcheck.core.core import RunChecks
-
-
-class ClusterChecks(RunChecks):
-
- def add_options(self):
- parser = self.parser
- parser.add_argument('--directory', dest='dir',
- help='Directory holding healthcheck logs')
-
- def validate_options(self):
- super().validate_options()
-
- if self.options.dir is None:
- print("--directory containing logs to check is required")
- return 1
-
- return None
-
-
-def main():
- clusterchecks = ClusterChecks(['ipaclustercheck.registry'],
- '/etc/ipa/clustercheck.conf',
- output_registry, 'ansible')
- sys.exit(clusterchecks.run_healthcheck())
diff --git a/src/ipaclustercheck/core/output.py b/src/ipaclustercheck/core/output.py
deleted file mode 100644
index 909eac4..0000000
--- a/src/ipaclustercheck/core/output.py
+++ /dev/null
@@ -1,68 +0,0 @@
-#
-# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
-#
-
-import json
-from ipahealthcheck.core.output import OutputRegistry, Output
-
-
-output_registry = OutputRegistry()
-
-class ClusterOutput(Output):
- """Base class for writing/display output of cluster results
-
- severity doesn't apply in this case so exclude those.
- """
- def __init__(self, options):
- self.filename = options.output_file
-
- def strip_output(self, results):
- """Nothing to strip out"""
- return list(results.output())
-
- def generate(self, data):
- raise NotImplementedError
-
-
-@output_registry
-class Ansible(ClusterOutput):
- """Output information JSON format for consumption by Ansible
-
- Required keywords in a Result:
- name - unique identifier for the return value
-
- One of these is required:
- value - the return value. Type? I dunno yet
- error - if an error was returned
- """
-
- options = (
- ('--indent', dict(dest='indent', type=int, default=2,
- help='Indention level of JSON output')),
- )
-
- def __init__(self, options):
- super().__init__(options)
- self.indent = options.indent
-
- def generate(self, data):
- output = []
- for line in data:
- kw = line.get('kw')
- name = kw.get('name')
- value = kw.get('value')
- error = kw.get('error')
-
- if value and error:
- value = '%s: %s' % (error, value)
- elif error:
- value = error
-
- rval = {'%s' % name: value}
- output.append(rval)
-
- output = json.dumps(output, indent=self.indent)
- if self.filename is None:
- output += '\n'
-
- return output
diff --git a/src/ipaclustercheck/ipa/__init__.py b/src/ipaclustercheck/ipa/__init__.py
deleted file mode 100644
index e69de29..0000000
diff --git a/src/ipaclustercheck/ipa/crlmanager.py b/src/ipaclustercheck/ipa/crlmanager.py
deleted file mode 100644
index 6806d74..0000000
--- a/src/ipaclustercheck/ipa/crlmanager.py
+++ /dev/null
@@ -1,36 +0,0 @@
-#
-# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
-#
-
-from ipaclustercheck.ipa.plugin import ClusterPlugin, registry, find_checks
-from ipahealthcheck.core.plugin import Result, duration
-from ipahealthcheck.core import constants
-
-
-@registry
-class ClusterCRLManagerCheck(ClusterPlugin):
-
- @duration
- def check(self):
- data = self.registry.json
- crlmanagers = []
-
- for fqdn in data.keys():
- output = find_checks(data[fqdn], 'ipahealthcheck.ipa.roles',
- 'IPACRLManagerCheck')
- enabled = output[0].get('kw').get('crlgen_enabled')
- if enabled:
- crlmanagers.append(fqdn)
- if len(crlmanagers) == 0:
- yield Result(self, constants.ERROR,
- name='crlmanager',
- error='No CRL Manager defined')
- elif len(crlmanagers) == 1:
- yield Result(self, constants.SUCCESS,
- name='crlmanager',
- value=crlmanagers[0])
- else:
- yield Result(self, constants.ERROR,
- name='crlmanager',
- value=','.join(crlmanagers),
- error='Multiple CRL Managers defined')
diff --git a/src/ipaclustercheck/ipa/plugin.py b/src/ipaclustercheck/ipa/plugin.py
deleted file mode 100644
index a111988..0000000
--- a/src/ipaclustercheck/ipa/plugin.py
+++ /dev/null
@@ -1,117 +0,0 @@
-#
-# Copyright (C) 2020 FreeIPA Contributors see COPYING for license
-#
-
-from copy import deepcopy
-import json
-import logging
-from os import listdir
-from os.path import isfile, join
-
-from ipahealthcheck.core.plugin import Plugin, Registry
-from ipalib import api
-
-
-logger = logging.getLogger()
-
-def find_checks(data, source, check):
- """Look through the dict for a matching source and check.
-
- data: dict of source and check output
- source: name of source to find
- check: name of check to find
-
- Returns list of contents of source + check or empty list
- """
- rval = []
- for d in data:
- if d.get('source') == source and d.get('check') == check:
- rval.append(d)
-
- return rval
-
-
-def get_masters(data):
- """
- Return the list of known masters
-
- This is determined from the list of loaded healthcheck logs. It
- is possible that mixed versions are used so some may not be
- reporting the full list of masters, so check them all, and raise
- an exception if the list cannot be determined.
- """
- test_masters = list(data)
- masters = None
- for master in test_masters:
- output = find_checks(data[master], 'ipahealthcheck.ipa.meta',
- 'IPAMetaCheck')
- if len(output) == 0:
- raise ValueError('Unable to determine full list of masters. '
- 'ipahealthcheck.ipa.meta:IPAMetaCheck not '
- 'found.')
-
- masters = output[0].get('kw').get('masters')
- if masters:
- return masters
-
- raise ValueError('Unable to determine full list of masters. '
- 'None of ipahealthcheck.ipa.meta:IPAMetaCheck '
- 'contain masters.')
-
-
-class ClusterPlugin(Plugin):
- pass
-
-
-class ClusterRegistry(Registry):
- def __init__(self):
- super().__init__()
- self.json = None
-
- def initialize(self, framework, config, options=None):
- super().initialize(framework, config, options)
-
- self.json = {}
-
- self.load_files(options.dir)
-
- if not api.isdone('finalize'):
- if not api.isdone('bootstrap'):
- api.bootstrap(in_server=True,
- context='ipahealthcheck',
- log=None)
- if not api.isdone('finalize'):
- api.finalize()
-
- def load_files(self, dir):
- if self.json:
- return
-
- files = [f for f in listdir(dir) if isfile(join(dir, f))]
- for file in files:
- fname = join(dir, file)
- logger.debug("Reading %s", fname)
- try:
- with open(fname, 'r') as fd:
- data = fd.read()
- except Exception as e:
- logger.error("Unable to read %s: %s", fname, e)
- continue
-
- try:
- data = json.loads(data)
- except Exception as e:
- logger.error("Unable to parse JSON in %s: %s", fname, e)
- continue
-
- meta = find_checks(data, 'ipahealthcheck.meta.core',
- 'MetaCheck')
- if meta:
- fqdn = meta[0].get('kw').get('fqdn')
- self.json[fqdn] = deepcopy(data)
- else:
- logger.error("No fqdn defined in JSON in %s", fname)
- continue
-
-
-registry = ClusterRegistry()
diff --git a/src/ipaclustercheck/ipa/ruv.py b/src/ipaclustercheck/ipa/ruv.py
deleted file mode 100644
index 6477738..0000000
--- a/src/ipaclustercheck/ipa/ruv.py
+++ /dev/null
@@ -1,155 +0,0 @@
-#
-# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
-#
-
-import logging
-
-from ipaclustercheck.ipa.plugin import (
- ClusterPlugin,
- registry,
- find_checks,
- get_masters
-)
-from ipahealthcheck.core.plugin import Result, duration
-from ipahealthcheck.core import constants
-from ipalib import api
-from ipapython.dn import DN
-
-
-logger = logging.getLogger()
-
-
-@registry
-class ClusterRUVCheck(ClusterPlugin):
-
- # TODO: confirm that all masters are represented, otherwise the
- # trustworthiness of dangling RUV is mixed.
- #
- # gah, need to provide full list of all masters in a check.
-
- @duration
- def check(self):
- data = self.registry.json
-
- # Start with the list of masters from the file(s) collected
- # and find a MetaCheck with a full list of masters. For
- # backwards compatibility.
- try:
- masters = get_masters(data)
- except ValueError as e:
- yield Result(self, constants.ERROR,
- name='dangling_ruv',
- error=str(e))
- return
-
- if len(data.keys()) < len(masters):
- yield Result(self, constants.ERROR,
- name='dangling_ruv',
- error='Unable to determine list of RUVs, missing '
- 'some masters: %s' %
- ''.join(set(masters) - set(data.keys())))
- return
-
- # collect the full set of known RUVs for each master
- info = {}
- for master in masters:
- info[master] = {
- 'ca': False, # does the host have ca configured?
- 'ruvs': set(), # ruvs on the host
- 'csruvs': set(), # csruvs on the host
- 'clean_ruv': set(), # ruvs to be cleaned from the host
- 'clean_csruv': set() # csruvs to be cleaned from the host
- }
-
- for fqdn in data.keys():
- outputs = find_checks(data[fqdn], 'ipahealthcheck.ds.ruv',
- 'KnownRUVCheck')
- for output in outputs:
- if not 'suffix' in output.get('kw'):
- continue
- basedn = DN(output.get('kw').get('suffix'))
-
- ruvset = set()
- ruvtmp = output.get('kw').get('ruvs')
- for ruv in ruvtmp:
- ruvset.add(tuple(ruv))
-
- if basedn == DN('o=ipaca'):
- info[fqdn]['ca'] = True
- info[fqdn]['csruvs'] = ruvset
- elif basedn == api.env.basedn:
- info[fqdn]['ruvs'] = ruvset
- else:
- yield Result(self, constants.WARNING,
- name='dangling_ruv',
- error='Unknown suffix found %s expected %s'
- % (basedn, api.env.basedn))
-
- # Collect the nsDS5ReplicaID for each master
- ruvs = set()
- csruvs = set()
- for fqdn in data.keys():
- outputs = find_checks(data[fqdn], 'ipahealthcheck.ds.ruv',
- 'RUVCheck')
- for output in outputs:
- if not 'key' in output.get('kw'):
- continue
- basedn = DN(output.get('kw').get('key'))
- ruv = (fqdn, (output.get('kw').get('ruv')))
- if basedn == DN('o=ipaca'):
- csruvs.add(ruv)
- elif basedn == api.env.basedn:
- ruvs.add(ruv)
- else:
- yield Result(self, constants.WARNING,
- name='dangling_ruv',
- error='Unknown suffix found %s expected %s'
- % (basedn, api.env.basedn))
-
- dangles = False
- # get the dangling RUVs
- for master_info in info.values():
- for ruv in master_info['ruvs']:
- if ruv not in ruvs:
- master_info['clean_ruv'].add(ruv)
- dangles = True
-
- # if ca is not configured, there will be no csruvs in master_info
- for csruv in master_info['csruvs']:
- if csruv not in csruvs:
- master_info['clean_csruv'].add(csruv)
- dangles = True
-
- clean_csruvs = set()
- clean_ruvs = set()
- if dangles:
- for _unused, master_info in info.items():
- for ruv in master_info['clean_ruv']:
- logger.debug(
- "Dangling RUV id: %s, hostname: %s", ruv[1], ruv[0]
- )
- clean_ruvs.add(ruv[1])
- for csruv in master_info['clean_csruv']:
- logger.debug(
- "Dangling CS RUV id: %s, hostname: %s",
- csruv[1],
- csruv[0]
- )
- clean_csruvs.add(csruv[1])
-
- if clean_ruvs:
- yield Result(self, constants.ERROR,
- name='dangling_ruv',
- value=', '.join(clean_ruvs))
- else:
- yield Result(self, constants.SUCCESS,
- name='dangling_ruv',
- value='No dangling RUVs found')
- if clean_csruvs:
- yield Result(self, constants.ERROR,
- name='dangling_csruv',
- value=', '.join(clean_csruvs))
- else:
- yield Result(self, constants.SUCCESS,
- name='dangling_csruv',
- value='No dangling CS RUVs found')
diff --git a/tests/test_cluster_ruv.py b/tests/test_cluster_ruv.py
deleted file mode 100644
index 7583c84..0000000
--- a/tests/test_cluster_ruv.py
+++ /dev/null
@@ -1,106 +0,0 @@
-#
-# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
-#
-
-from base import BaseTest
-from util import capture_results
-
-from ipahealthcheck.core import config
-from ipaclustercheck.ipa.plugin import ClusterRegistry
-from ipaclustercheck.ipa.ruv import ClusterRUVCheck
-
-import clusterdata
-
-
-class RUVRegistry(ClusterRegistry):
- def load_files(self, dir):
- self.json = dir
-
-
-class Options:
- def __init__(self, data):
- self.data = data
-
- @property
- def dir(self):
- return self.data
-
-
-registry = RUVRegistry()
-
-
-class TestClusterRUV(BaseTest):
-
- def test_no_ruvs(self):
- """Single master test that has never created a replica
-
- This type of master will have no RUVs created at all.
- """
- framework = object()
- registry.initialize(framework, config.Config,
- Options(clusterdata.ONE_MASTER))
- f = ClusterRUVCheck(registry)
-
- self.results = capture_results(f)
-
- assert len(self.results) == 2
- result = self.results.results[0]
- assert result.kw.get('name') == 'dangling_ruv'
- assert result.kw.get('value') == 'No dangling RUVs found'
- result = self.results.results[1]
- assert result.kw.get('name') == 'dangling_csruv'
- assert result.kw.get('value') == 'No dangling CS RUVs found'
-
- def test_six_ruvs_ok(self):
- """Three master test with each having a CA, no dangling
- """
- framework = object()
- registry.initialize(framework, config.Config,
- Options(clusterdata.THREE_MASTERS_OK))
- f = ClusterRUVCheck(registry)
-
- self.results = capture_results(f)
-
- assert len(self.results) == 2
- result = self.results.results[0]
- assert result.kw.get('name') == 'dangling_ruv'
- assert result.kw.get('value') == 'No dangling RUVs found'
- result = self.results.results[1]
- assert result.kw.get('name') == 'dangling_csruv'
- assert result.kw.get('value') == 'No dangling CS RUVs found'
-
- def test_six_ruvs_ipa_bad(self):
- """Three master test with each having a CA, dangling IPA RUV
- """
- framework = object()
- registry.initialize(framework, config.Config,
- Options(clusterdata.THREE_MASTERS_BAD_IPA_RUV))
- f = ClusterRUVCheck(registry)
-
- self.results = capture_results(f)
-
- assert len(self.results) == 2
- result = self.results.results[0]
- assert result.kw.get('name') == 'dangling_ruv'
- assert result.kw.get('value') == '9'
- result = self.results.results[1]
- assert result.kw.get('name') == 'dangling_csruv'
- assert result.kw.get('value') == 'No dangling CS RUVs found'
-
- def test_six_ruvs_cs_bad(self):
- """Three master test with each having a CA, dangling CA RUV
- """
- framework = object()
- registry.initialize(framework, config.Config,
- Options(clusterdata.THREE_MASTERS_BAD_CS_RUV))
- f = ClusterRUVCheck(registry)
-
- self.results = capture_results(f)
-
- assert len(self.results) == 2
- result = self.results.results[0]
- assert result.kw.get('name') == 'dangling_ruv'
- assert result.kw.get('value') == 'No dangling RUVs found'
- result = self.results.results[1]
- assert result.kw.get('name') == 'dangling_csruv'
- assert result.kw.get('value') == '9'
--
2.41.0

44
SOURCES/0002-Don-t-fail-if-a-service-name-cannot-be-looked-up-in-.patch
Unescape View File

@ -0,0 +1,44 @@
From 35ff77300758c12110132d6d638802d5b223bd6d Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 13 Nov 2023 14:09:16 -0500
Subject: [PATCH] Don't fail if a service name cannot be looked up in LDAP
A new method was introduced to handle more IPA services. This
requires looking some of them up in LDAP. dirsrv not running
was not being caught so raised an error instead.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/312
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/ipahealthcheck/meta/services.py | 12 ++++++++++--
1 file changed, 10 insertions(+), 2 deletions(-)
diff --git a/src/ipahealthcheck/meta/services.py b/src/ipahealthcheck/meta/services.py
index 10fa83f..9838128 100644
--- a/src/ipahealthcheck/meta/services.py
+++ b/src/ipahealthcheck/meta/services.py
@@ -25,10 +25,18 @@ class IPAServiceCheck(ServiceCheck):
def get_service_name(self, role):
"""Roles define broad services. Translate a role name into
an individual service name.
+
+ Returns a string on success, None if the service is not
+ configured or cannot be determined.
"""
conn = api.Backend.ldap2
- if not api.Backend.ldap2.isconnected():
- api.Backend.ldap2.connect()
+ try:
+ if not api.Backend.ldap2.isconnected():
+ api.Backend.ldap2.connect()
+ except errors.NetworkError:
+ logger.debug("Service '%s' is not running", self.service_name)
+ return None
+
dn = DN(
("cn", role), ("cn", api.env.host),
("cn", "masters"), ("cn", "ipa"), ("cn", "etc"),
--
2.41.0

44
SOURCES/0003-Temporarily-disable-the-ipa-ods-exporter-service-sta.patch
Unescape View File

@ -0,0 +1,44 @@
From d1cb1997737c938bbc61d547aae277e308e78fce Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 14 Nov 2023 20:32:54 -0500
Subject: [PATCH] Temporarily disable the ipa-ods-exporter service status check
There is a bug in this service such that it will almost always
report as down. Rather than spamming users with this error give
time for it to be fixed in IPA upstream.
See https://pagure.io/freeipa/issue/9463
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/ipahealthcheck/meta/services.py | 14 --------------
1 file changed, 14 deletions(-)
diff --git a/src/ipahealthcheck/meta/services.py b/src/ipahealthcheck/meta/services.py
index 9838128..b8973cb 100644
--- a/src/ipahealthcheck/meta/services.py
+++ b/src/ipahealthcheck/meta/services.py
@@ -202,20 +202,6 @@ class ods_enforcerd(IPAServiceCheck):
return super().check()
-@registry
-class ipa_ods_exporter(IPAServiceCheck):
- requires = ('dirsrv',)
-
- def check(self, instance=''):
- self.service_name = self.get_service_name('DNSKeyExporter')
-
- if self.service_name is None:
- # No service name means it is not configured
- return ()
-
- return super().check()
-
-
@registry
class ipa_dnskeysyncd(IPAServiceCheck):
requires = ('dirsrv',)
--
2.40.1

46
SOURCES/0004-Skip-DogtagCertsConfigCheck-for-PKI-versions-11.5.0.patch
Unescape View File

@ -0,0 +1,46 @@
From e556edc0b1cb607caa50f760d5059877f35fbcdc Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 11 Jan 2024 14:40:02 -0500
Subject: [PATCH] Skip DogtagCertsConfigCheck for PKI versions >= 11.5.0
In 11.5.0 the PKI project stopped storing the certificate
blobs in CS.cfg. If we continue to check it we will report a
false positive so skip it in that case.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/317
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/ipahealthcheck/dogtag/ca.py | 9 +++++++++
1 file changed, 9 insertions(+)
diff --git a/src/ipahealthcheck/dogtag/ca.py b/src/ipahealthcheck/dogtag/ca.py
index 4afa5d7..ddf5ece 100644
--- a/src/ipahealthcheck/dogtag/ca.py
+++ b/src/ipahealthcheck/dogtag/ca.py
@@ -16,6 +16,8 @@ from ipaserver.install import krainstance
from ipapython.directivesetter import get_directive
from cryptography.hazmat.primitives.serialization import Encoding
+import pki.util
+
logger = logging.getLogger()
@@ -30,6 +32,13 @@ class DogtagCertsConfigCheck(DogtagPlugin):
logger.debug("No CA configured, skipping dogtag config check")
return
+ pki_version = pki.util.Version(pki.specification_version())
+ if pki_version >= pki.util.Version("11.5.0"):
+ logger.debug(
+ "PKI 11.5.0 no longer stores certificats in CS.cfg"
+ )
+ return
+
kra = krainstance.KRAInstance(api.env.realm)
blobs = {'auditSigningCert cert-pki-ca': 'ca.audit_signing.cert',
--
2.45.0

59
SOURCES/0005-test-Handle-PKI-11.5.0-not-storing-certs-in-CS.cfg.patch
Unescape View File

@ -0,0 +1,59 @@
From 3d85d43f62a0c52e44a2228c872307152b2b0de1 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 12 Jan 2024 10:17:18 -0500
Subject: [PATCH] test: Handle PKI >= 11.5.0 not storing certs in CS.cfg
Update the test to expect 0 results if the PKI version is
>= 11.5.0.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/317
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
tests/test_dogtag_ca.py | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/tests/test_dogtag_ca.py b/tests/test_dogtag_ca.py
index 0820aba..1f61dea 100644
--- a/tests/test_dogtag_ca.py
+++ b/tests/test_dogtag_ca.py
@@ -2,12 +2,16 @@
# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
#
+import pki.util
from util import capture_results, CAInstance, KRAInstance
from base import BaseTest
from ipahealthcheck.core import config, constants
from ipahealthcheck.dogtag.plugin import registry
from ipahealthcheck.dogtag.ca import DogtagCertsConfigCheck
from unittest.mock import Mock, patch
+import pytest
+
+pki_version = pki.util.Version(pki.specification_version())
class mock_Cert:
@@ -43,6 +47,9 @@ class TestCACerts(BaseTest):
Mock(return_value=KRAInstance()),
}
+ @pytest.mark.skipif(
+ pki_version >= pki.util.Version("11.5.0"),
+ reason='Does not apply to PKI 11.5.0+')
@patch('ipahealthcheck.dogtag.ca.get_directive')
@patch('ipaserver.install.certs.CertDB')
def test_ca_certs_ok(self, mock_certdb, mock_directive):
@@ -71,6 +78,9 @@ class TestCACerts(BaseTest):
assert result.source == 'ipahealthcheck.dogtag.ca'
assert result.check == 'DogtagCertsConfigCheck'
+ @pytest.mark.skipif(
+ pki_version >= pki.util.Version("11.5.0"),
+ reason='Does not apply to PKI 11.5.0+')
@patch('ipahealthcheck.dogtag.ca.get_directive')
@patch('ipaserver.install.certs.CertDB')
def test_cert_missing_from_file(self, mock_certdb, mock_directive):
--
2.45.0

92
SOURCES/0006-Handle-CS.cfg-file-missing-in-DogtagCertsConfigCheck.patch
Unescape View File

@ -0,0 +1,92 @@
From c780755c57286949d4c6d62dec6f0ce7d718dd13 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Mon, 18 Mar 2024 16:54:47 -0400
Subject: [PATCH] Handle CS.cfg file missing in DogtagCertsConfigCheck
This should never happen but if that file disappears things have
gone really, really badly. Throw a CRITICAL error.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/327
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/ipahealthcheck/dogtag/ca.py | 10 ++++++++++
tests/test_dogtag_ca.py | 9 +++++++--
2 files changed, 17 insertions(+), 2 deletions(-)
diff --git a/src/ipahealthcheck/dogtag/ca.py b/src/ipahealthcheck/dogtag/ca.py
index ddf5ece..5c2f6af 100644
--- a/src/ipahealthcheck/dogtag/ca.py
+++ b/src/ipahealthcheck/dogtag/ca.py
@@ -3,6 +3,7 @@
#
import logging
+import os
from ipahealthcheck.dogtag.plugin import DogtagPlugin, registry
from ipahealthcheck.core.plugin import Result
@@ -32,6 +33,15 @@ class DogtagCertsConfigCheck(DogtagPlugin):
logger.debug("No CA configured, skipping dogtag config check")
return
+ if not os.path.exists(paths.CA_CS_CFG_PATH):
+ yield Result(
+ self, constants.CRITICAL,
+ key=f'{paths.CA_CS_CFG_PATH}_missing',
+ configfile=paths.CA_CS_CFG_PATH,
+ msg=f'Configuration file {paths.CA_CS_CFG_PATH} is missing'
+ )
+ return
+
pki_version = pki.util.Version(pki.specification_version())
if pki_version >= pki.util.Version("11.5.0"):
logger.debug(
diff --git a/tests/test_dogtag_ca.py b/tests/test_dogtag_ca.py
index 1f61dea..a78e5de 100644
--- a/tests/test_dogtag_ca.py
+++ b/tests/test_dogtag_ca.py
@@ -50,9 +50,10 @@ class TestCACerts(BaseTest):
@pytest.mark.skipif(
pki_version >= pki.util.Version("11.5.0"),
reason='Does not apply to PKI 11.5.0+')
+ @patch('os.path.exists')
@patch('ipahealthcheck.dogtag.ca.get_directive')
@patch('ipaserver.install.certs.CertDB')
- def test_ca_certs_ok(self, mock_certdb, mock_directive):
+ def test_ca_certs_ok(self, mock_certdb, mock_directive, mock_exists):
"""Test what should be the standard case"""
trust = {
'ocspSigningCert cert-pki-ca': 'u,u,u',
@@ -62,6 +63,7 @@ class TestCACerts(BaseTest):
'caSigningCert cert-pki-ca': 'CT,C,C',
'transportCert cert-pki-kra': 'u,u,u',
}
+ mock_exists.return_value = True
mock_certdb.return_value = mock_CertDB(trust)
mock_directive.side_effect = [name for name, nsstrust in trust.items()]
@@ -81,9 +83,11 @@ class TestCACerts(BaseTest):
@pytest.mark.skipif(
pki_version >= pki.util.Version("11.5.0"),
reason='Does not apply to PKI 11.5.0+')
+ @patch('os.path.exists')
@patch('ipahealthcheck.dogtag.ca.get_directive')
@patch('ipaserver.install.certs.CertDB')
- def test_cert_missing_from_file(self, mock_certdb, mock_directive):
+ def test_cert_missing_from_file(self, mock_certdb, mock_directive,
+ mock_exists):
"""Test a missing certificate.
Note that if it is missing from the database then this check
@@ -103,6 +107,7 @@ class TestCACerts(BaseTest):
location = nicknames.index('auditSigningCert cert-pki-ca')
nicknames[location] = 'NOT auditSigningCert cert-pki-ca'
+ mock_exists.return_value = True
mock_certdb.return_value = mock_CertDB(trust)
mock_directive.side_effect = nicknames
--
2.45.0

47
SOURCES/0007-Fixes-log-file-permissions-as-per-CIS-benchmark.patch
Unescape View File

@ -0,0 +1,47 @@
From e0c09f9f1388bbce43775f40a39266e692e231da Mon Sep 17 00:00:00 2001
From: Thorsten Scherf <tscherf@redhat.com>
Date: Wed, 13 Mar 2024 12:57:34 +0100
Subject: [PATCH] Fixes log file permissions as per CIS benchmark
As per CIS benchmark the log file permissions should be 640 for some log
files but if we change /var/log/ipa-custodia.audit.log permissions to
640 then "ipa-healthcheck" reports a permission issue.
Fixes: https://github.com/freeipa/freeipa-healthcheck/issues/325
Signed-off-by: Thorsten Scherf <tscherf@redhat.com>
---
src/ipahealthcheck/ipa/files.py | 8 +++++---
1 file changed, 5 insertions(+), 3 deletions(-)
diff --git a/src/ipahealthcheck/ipa/files.py b/src/ipahealthcheck/ipa/files.py
index b7ca116..d914014 100644
--- a/src/ipahealthcheck/ipa/files.py
+++ b/src/ipahealthcheck/ipa/files.py
@@ -121,7 +121,7 @@ class IPAFileCheck(IPAPlugin, FileCheck):
self.files.append((filename, 'root', 'root', '0600'))
self.files.append((paths.IPA_CUSTODIA_AUDIT_LOG,
- 'root', 'root', '0644'))
+ 'root', 'root', '0644', '0640'))
self.files.append((paths.KADMIND_LOG, 'root', 'root',
('0600', '0640')))
@@ -133,11 +133,13 @@ class IPAFileCheck(IPAPlugin, FileCheck):
self.files.append((paths.SLAPD_INSTANCE_ERROR_LOG_TEMPLATE % inst,
constants.DS_USER, constants.DS_GROUP, '0600'))
- self.files.append((paths.VAR_LOG_HTTPD_ERROR, 'root', 'root', '0644'))
+ self.files.append((paths.VAR_LOG_HTTPD_ERROR, 'root', 'root',
+ '0644', '0640'))
for globpath in glob.glob("%s/debug*.log" % paths.TOMCAT_CA_DIR):
self.files.append(
- (globpath, constants.PKI_USER, constants.PKI_GROUP, "0644")
+ (globpath, constants.PKI_USER, constants.PKI_GROUP,
+ "0644", "0640")
)
for globpath in glob.glob(
--
2.45.0

190
SOURCES/0008-Fix-some-file-mode-format-issues.patch
Unescape View File

@ -0,0 +1,190 @@
From 2206b9915606c555163dec775a99a355dc02bee0 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Tue, 28 May 2024 11:15:48 -0400
Subject: [PATCH] Fix some file mode format issues
When specifying multiple possible modes for a file the values must
be a tuple. There were two occurances where they were listed
separately.
Add in a pre-check on the formatting to raise an error for badly
formatted files. This may be annoying for users if one sneaks in
again but the CI should catch it.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/325
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
src/ipahealthcheck/core/files.py | 12 +++++-
src/ipahealthcheck/ipa/files.py | 6 +--
tests/test_core_files.py | 72 +++++++++++++++++++++++++++++++-
tests/util.py | 1 +
4 files changed, 85 insertions(+), 6 deletions(-)
diff --git a/src/ipahealthcheck/core/files.py b/src/ipahealthcheck/core/files.py
index 85d42bc..32bc5b2 100644
--- a/src/ipahealthcheck/core/files.py
+++ b/src/ipahealthcheck/core/files.py
@@ -31,7 +31,17 @@ class FileCheck:
@duration
def check(self):
- for (path, owner, group, mode) in self.files:
+ # first validate that the list of files to check is in the correct
+ # format
+ process_files = []
+ for file in self.files:
+ if len(file) == 4:
+ process_files.append(file)
+ else:
+ yield Result(self, constants.ERROR, key=file,
+ msg='Code format is incorrect for file')
+
+ for (path, owner, group, mode) in process_files:
if not isinstance(owner, tuple):
owner = tuple((owner,))
if not isinstance(group, tuple):
diff --git a/src/ipahealthcheck/ipa/files.py b/src/ipahealthcheck/ipa/files.py
index d914014..c80fd5b 100644
--- a/src/ipahealthcheck/ipa/files.py
+++ b/src/ipahealthcheck/ipa/files.py
@@ -121,7 +121,7 @@ class IPAFileCheck(IPAPlugin, FileCheck):
self.files.append((filename, 'root', 'root', '0600'))
self.files.append((paths.IPA_CUSTODIA_AUDIT_LOG,
- 'root', 'root', '0644', '0640'))
+ 'root', 'root', ('0644', '0640')))
self.files.append((paths.KADMIND_LOG, 'root', 'root',
('0600', '0640')))
@@ -134,12 +134,12 @@ class IPAFileCheck(IPAPlugin, FileCheck):
constants.DS_USER, constants.DS_GROUP, '0600'))
self.files.append((paths.VAR_LOG_HTTPD_ERROR, 'root', 'root',
- '0644', '0640'))
+ ('0644', '0640')))
for globpath in glob.glob("%s/debug*.log" % paths.TOMCAT_CA_DIR):
self.files.append(
(globpath, constants.PKI_USER, constants.PKI_GROUP,
- "0644", "0640")
+ ("0644", "0640"))
)
for globpath in glob.glob(
diff --git a/tests/test_core_files.py b/tests/test_core_files.py
index 924d7fa..e7010a9 100644
--- a/tests/test_core_files.py
+++ b/tests/test_core_files.py
@@ -2,14 +2,22 @@
# Copyright (C) 2019 FreeIPA Contributors see COPYING for license
#
+from ldap import OPT_X_SASL_SSF_MIN
import pwd
import posix
+from util import m_api
+from util import capture_results
+
+from ipahealthcheck.core import config
from ipahealthcheck.core.files import FileCheck
from ipahealthcheck.core import constants
from ipahealthcheck.core.plugin import Results
+from ipahealthcheck.ipa.files import IPAFileCheck
+from ipahealthcheck.system.plugin import registry
from unittest.mock import patch
+from ipapython.dn import DN
+from ipapython.ipaldap import LDAPClient, LDAPEntry
-from util import capture_results
nobody = pwd.getpwnam('nobody')
@@ -20,6 +28,37 @@ files = (('foo', 'root', 'root', '0660'),
('fiz', ('root', 'bin'), ('root', 'bin'), '0664'),
('zap', ('root', 'bin'), ('root', 'bin'), ('0664', '0640'),))
+bad_modes = (('biz', ('root', 'bin'), ('root', 'bin'), '0664', '0640'),)
+
+
+class mock_ldap:
+ SCOPE_BASE = 1
+ SCOPE_ONELEVEL = 2
+ SCOPE_SUBTREE = 4
+
+ def __init__(self, ldapentry):
+ """Initialize the results that we will return from get_entries"""
+ self.results = ldapentry
+
+ def get_entry(self, dn, attrs_list=None, time_limit=None,
+ size_limit=None, get_effective_rights=False):
+ return [] # the call doesn't check the value
+
+
+class mock_ldap_conn:
+ def set_option(self, option, invalue):
+ pass
+
+ def get_option(self, option):
+ if option == OPT_X_SASL_SSF_MIN:
+ return 256
+
+ return None
+
+ def search_s(self, base, scope, filterstr=None,
+ attrlist=None, attrsonly=0):
+ return tuple()
+
def make_stat(mode=33200, uid=0, gid=0):
"""Return a mocked-up stat.
@@ -234,4 +273,33 @@ def test_files_group_not_found(mock_grgid, mock_grnam, mock_stat):
my_results = get_results(results, 'group')
for result in my_results.results:
assert result.result == constants.WARNING
- assert result.kw.get('got') == 'Unknown gid 0'
+
+
+def test_bad_modes():
+ f = FileCheck()
+ f.files = bad_modes
+
+ results = capture_results(f)
+
+ for result in results.results:
+ assert result.result == constants.ERROR
+ assert result.kw.get('msg') == 'Code format is incorrect for file'
+
+
+@patch('ipaserver.install.krbinstance.is_pkinit_enabled')
+def test_ipa_files_format(mock_pkinit):
+ mock_pkinit.return_value = True
+
+ fake_conn = LDAPClient('ldap://localhost', no_schema=True)
+ ldapentry = LDAPEntry(fake_conn, DN(m_api.env.container_dns,
+ m_api.env.basedn))
+ framework = object()
+ registry.initialize(framework, config.Config)
+ f = IPAFileCheck(registry)
+
+ f.conn = mock_ldap(ldapentry)
+
+ results = capture_results(f)
+
+ for result in results.results:
+ assert result.result == constants.SUCCESS
diff --git a/tests/util.py b/tests/util.py
index 12c1688..fb8750a 100644
--- a/tests/util.py
+++ b/tests/util.py
@@ -141,6 +141,7 @@ m_api.env.container_host = DN(('cn', 'computers'), ('cn', 'accounts'))
m_api.env.container_sysaccounts = DN(('cn', 'sysaccounts'), ('cn', 'etc'))
m_api.env.container_service = DN(('cn', 'services'), ('cn', 'accounts'))
m_api.env.container_masters = DN(('cn', 'masters'))
+m_api.env.container_dns = DN(('cn', 'dns'))
m_api.Backend = Mock()
m_api.Command = Mock()
m_api.Command.ping.return_value = {
--
2.45.0

28
SOURCES/0009-Allow-WARNING-in-the-files-test.patch
Unescape View File

@ -0,0 +1,28 @@
From b6346fedcc158a3ed3a70691350bf7ebee4a8460 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Thu, 20 Jun 2024 14:27:16 -0400
Subject: [PATCH] Allow WARNING in the files test
We are only validating the format and don't need to actually
enforce the results in CI. The validation raises ERROR.
Related: https://github.com/freeipa/freeipa-healthcheck/issues/325
Signed-off-by: Rob Crittenden <rcritten@redhat.com>
---
tests/test_core_files.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/tests/test_core_files.py b/tests/test_core_files.py
index e7010a9..d308410 100644
--- a/tests/test_core_files.py
+++ b/tests/test_core_files.py
@@ -302,4 +302,4 @@ def test_ipa_files_format(mock_pkinit):
results = capture_results(f)
for result in results.results:
- assert result.result == constants.SUCCESS
+ assert result.result in (constants.SUCCESS, constants.WARNING)
--
2.45.0

1
SOURCES/ipahealthcheck.conf
Unescape View File

@ -0,0 +1 @@
[default]

359
SPECS/freeipa-healthcheck.spec
Unescape View File

@ -0,0 +1,359 @@
%if 0%{?rhel}
%global prefix ipa
%global productname IPA
%global alt_prefix freeipa
%else
# Fedora
%global prefix freeipa
%global productname FreeIPA
%global alt_prefix ipa
%endif
%global debug_package %{nil}
%global python3dir %{_builddir}/python3-%{name}-%{version}-%{release}
%{!?python3_sitelib: %global python3_sitelib %(%{__python3} -c "from distutils.sysconfig import get_python_lib; print(get_python_lib())")}
%global alt_name %{alt_prefix}-healthcheck
%bcond_without tests
Name: %{prefix}-healthcheck
Version: 0.16
Release: 6%{?dist}
Summary: Health check tool for %{productname}
BuildArch: noarch
License: GPL-3.0-or-later
URL: https://github.com/freeipa/freeipa-healthcheck
Source0: https://github.com/freeipa/freeipa-healthcheck/archive/%{version}.tar.gz
Source1: ipahealthcheck.conf
Patch0001: 0001-Remove-ipaclustercheck.patch
Patch0002: 0002-Don-t-fail-if-a-service-name-cannot-be-looked-up-in-.patch
Patch0003: 0003-Temporarily-disable-the-ipa-ods-exporter-service-sta.patch
Patch0004: 0004-Skip-DogtagCertsConfigCheck-for-PKI-versions-11.5.0.patch
Patch0005: 0005-test-Handle-PKI-11.5.0-not-storing-certs-in-CS.cfg.patch
Patch0006: 0006-Handle-CS.cfg-file-missing-in-DogtagCertsConfigCheck.patch
Patch0007: 0007-Fixes-log-file-permissions-as-per-CIS-benchmark.patch
Patch0008: 0008-Fix-some-file-mode-format-issues.patch
Patch0009: 0009-Allow-WARNING-in-the-files-test.patch
Requires: %{name}-core = %{version}-%{release}
Requires: %{prefix}-server
Requires: python3-ipalib
Requires: python3-ipaserver
Requires: python3-lib389 >= 1.4.2.14-1
# cronie-anacron provides anacron
Requires: anacron
Requires: logrotate
Requires(post): systemd-units
Requires: %{name}-core = %{version}-%{release}
BuildRequires: python3-devel
BuildRequires: python3-setuptools
BuildRequires: systemd-devel
%{?systemd_requires}
# packages for make check
%if %{with tests}
BuildRequires: python3-pytest
BuildRequires: python3-ipalib
BuildRequires: python3-ipaserver
%endif
BuildRequires: python3-lib389
BuildRequires: python3-libsss_nss_idmap
# Cross-provides for sibling OS
Provides: %{alt_name} = %{version}
Conflicts: %{alt_name}
Obsoletes: %{alt_name} < %{version}
%description
The %{productname} health check tool provides a set of checks to
proactively detect defects in a FreeIPA cluster.
%package -n %{name}-core
Summary: Core plugin system for healthcheck
# Cross-provides for sibling OS
Provides: %{alt_name}-core = %{version}
Conflicts: %{alt_name}-core
Obsoletes: %{alt_name}-core < %{version}
%description -n %{name}-core
Core plugin system for healthcheck, usable standalone with other
packages.
%prep
%autosetup -p1 -n freeipa-healthcheck-%{version}
%build
%py3_build
%install
%py3_install
mkdir -p %{buildroot}%{_sysconfdir}/ipahealthcheck
install -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/ipahealthcheck
mkdir -p %{buildroot}/%{_unitdir}
install -p -m644 %{_builddir}/freeipa-healthcheck-%{version}/systemd/ipa-healthcheck.service %{buildroot}%{_unitdir}
install -p -m644 %{_builddir}/freeipa-healthcheck-%{version}/systemd/ipa-healthcheck.timer %{buildroot}%{_unitdir}
mkdir -p %{buildroot}/%{_libexecdir}/ipa
install -p -m755 %{_builddir}/freeipa-healthcheck-%{version}/systemd/ipa-healthcheck.sh %{buildroot}%{_libexecdir}/ipa/
mkdir -p %{buildroot}%{_sysconfdir}/logrotate.d
install -p -m644 %{_builddir}/freeipa-healthcheck-%{version}/logrotate/ipahealthcheck %{buildroot}%{_sysconfdir}/logrotate.d
mkdir -p %{buildroot}/%{_localstatedir}/log/ipa/healthcheck
mkdir -p %{buildroot}/%{_mandir}/man8
mkdir -p %{buildroot}/%{_mandir}/man5
install -p -m644 %{_builddir}/freeipa-healthcheck-%{version}/man/man8/ipa-healthcheck.8 %{buildroot}%{_mandir}/man8/
install -p -m644 %{_builddir}/freeipa-healthcheck-%{version}/man/man5/ipahealthcheck.conf.5 %{buildroot}%{_mandir}/man5/
(cd %{buildroot}/%{python3_sitelib}/ipahealthcheck && find . -type f | \
grep -v '^./core' | \
grep -v 'opt-1' | \
sed -e 's,\.py.*$,.*,g' | sort -u | \
sed -e 's,\./,%%{python3_sitelib}/ipahealthcheck/,g' ) >healthcheck.list
%if %{with tests}
%check
PYTHONPATH=src PATH=$PATH:$RPM_BUILD_ROOT/usr/bin pytest-3 tests/test_*
%endif
%post
%systemd_post ipa-healthcheck.service
%preun
%systemd_preun ipa-healthcheck.service
%postun
%systemd_postun_with_restart ipa-healthcheck.service
%files -f healthcheck.list
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc README.md
%{_bindir}/ipa-healthcheck
%dir %{_sysconfdir}/ipahealthcheck
%dir %{_localstatedir}/log/ipa/healthcheck
%config(noreplace) %{_sysconfdir}/ipahealthcheck/ipahealthcheck.conf
%config(noreplace) %{_sysconfdir}/logrotate.d/ipahealthcheck
%{python3_sitelib}/ipahealthcheck-%{version}-*.egg-info/
%{python3_sitelib}/ipahealthcheck-%{version}-*-nspkg.pth
%{_unitdir}/*
%{_libexecdir}/*
%{_mandir}/man8/*
%{_mandir}/man5/*
%files -n %{name}-core
%{!?_licensedir:%global license %%doc}
%license COPYING
%doc README.md
%{python3_sitelib}/ipahealthcheck/core/
%changelog
* Fri Jul 19 2024 Rob Crittenden <rcritten@redhat.com> - 0.16-6
- Skip DogtagCertsConfigCheck for PKI versions >= 11.5.0 (RHEL-39701)
- Need to change log file permissions of IPA as per CIS benchmark (RHEL-44305)
* Mon Jun 24 2024 Troy Dawson <tdawson@redhat.com> - 0.16-5
- Bump release for June 2024 mass rebuild
* Wed Jan 24 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Fri Jan 19 2024 Fedora Release Engineering <releng@fedoraproject.org> - 0.16-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_40_Mass_Rebuild
* Tue Nov 14 2023 Rob Crittenden <rcritten@redhat.com> - 0.16-2
- Don't fail if a service name cannot be looked up in LDAP
- Disable the ipa-ods-exporter service check
* Wed Nov 8 2023 Rob Crittenden <rcritten@redhat.com> - 0.16-1
- Update to 0.16 release
- This fixes pki-healthcheck
* Tue Nov 7 2023 Rob Crittenden <rcritten@redhat.com> - 0.15-1
- Update to 0.15 release
* Mon Aug 21 2023 Rob Crittenden <rcritten@redhat.com> - 0.14-1
- Update to 0.14 release
* Wed Jul 19 2023 Rob Crittenden <rcritten@redhat.com> - 0.13-1
- Update to 0.13 release
* Thu Jun 29 2023 Python Maint <python-maint@redhat.com> - 0.12-5
- Rebuilt for Python 3.12
* Wed Jun 28 2023 Python Maint <python-maint@redhat.com> - 0.12-4
- Bootstrap for Python 3.12
* Wed Mar 29 2023 Rob Crittenden <rcritten@redhat.com> - 0.12-3
- Migrated to SPDX license
* Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 0.12-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild
* Thu Dec 1 2022 Rob Crittenden <rcritten@redhat.com> - 0.12
- Update to 0.12 release
* Thu Jul 21 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.11-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_37_Mass_Rebuild
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 0.11-4
- Rebuilt for Python 3.11
* Thu Jun 16 2022 Python Maint <python-maint@redhat.com> - 0.11-3
- Bootstrap for Python 3.11
* Mon Jun 06 2022 Rob Crittenden <rcritten@redhat.com> - 0.11-2
- Don't WARN on KDC workers if cpus == 1 and KRB5KDC_ARGS is empty
* Thu Jun 02 2022 Rob Crittenden <rcritten@redhat.com> - 0.11-1
- Update to 0.11 release
* Tue Feb 8 2022 Rob Crittenden <rcritten@redhat.com> - 0.10-1
- Update to 0.10 release
* Thu Jan 20 2022 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-4
- Rebuilt for https://fedoraproject.org/wiki/Fedora_36_Mass_Rebuild
* Wed Jul 21 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.9-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_35_Mass_Rebuild
* Mon Jun 14 2021 Rob Crittenden <rcritten@redhat.com> - 0.9-2
- FileCheck would raise a CRITICAL for non-existent files
* Tue Jun 8 2021 Rob Crittenden <rcritten@redhat.com> - 0.9-1
- Update to upstream 0.9
- Fix bad date in 0.8-6.1 changelog entry
* Mon Jun 07 2021 Python Maint <python-maint@redhat.com> - 0.8-8.1
- Rebuilt for Python 3.10
* Fri Jun 04 2021 Python Maint <python-maint@redhat.com> - 0.8-7.1
- Bootstrap for Python 3.10
* Thu Apr 15 2021 Rob Crittenden <rcritten@redhat.com> - 0.8-6.1
- Switch from tox to pytest as the test runner. tox is being deprecated
in some distros.
* Mon Mar 8 2021 François Cami <fcami@redhat.com> - 0.8-6
- Make the spec file distribution-agnostic (rhbz#1935773).
* Tue Mar 2 2021 Alexander Scheel <ascheel@redhat.com> - 0.8-5
- Make the spec file more distribution-agnostic
- Use tox as the test runner when tests are enabled
* Tue Mar 02 2021 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 0.8-4
- Rebuilt for updated systemd-rpm-macros
See https://pagure.io/fesco/issue/2583.
* Tue Jan 26 2021 Fedora Release Engineering <releng@fedoraproject.org> - 0.8-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_34_Mass_Rebuild
* Mon Jan 18 2021 Rob Crittenden <rcritten@redhat.com> - 0.8-2
- A bad file group was reported as a python list, not a string
* Wed Jan 13 2021 Rob Crittenden <rcritten@redhat.com> - 0.8-1
- Update to upstream 0.8
- Fix FTBFS in F34/rawhide (#1915256)
* Wed Dec 16 2020 Rob Crittenden <rcritten@redhat.com> - 0.7-3
- Include upstream patch to fix parsing input from json files
* Tue Nov 17 2020 Rob Crittenden <rcritten@redhat.com> - 0.7-2
- Include upstream patch to fix collection of AD trust domains
- Include upstream patch to fix failing not-valid-after test
* Thu Oct 29 2020 Rob Crittenden <rcritten@redhat.com> - 0.7-1
- Update to upstream 0.7
* Wed Jul 29 2020 Rob Crittenden <rcritten@redhat.com> - 0.6-4
- Set minimum Requires on python3-lib389
- Don't assume that all users of healthcheck-core provide the same
set of options.
* Mon Jul 27 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.6-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_33_Mass_Rebuild
* Fri Jul 24 2020 Rob Crittenden <rcritten@redhat.com> - 0.6-2
- Don't collect IPA servers in MetaCheck
- Skip if dirsrv not available in IPAMetaCheck
* Wed Jul 1 2020 Rob Crittenden <rcritten@redhat.com> - 0.6-1
- Update to upstream 0.6
- Don't include cluster checking yet
* Tue Jun 23 2020 Rob Crittenden <rcritten@redhat.com> - 0.5-5
- Add BuildRequires on python3-setuptools
* Tue May 26 2020 Miro Hrončok <mhroncok@redhat.com> - 0.5-4
- Rebuilt for Python 3.9
* Tue Jan 28 2020 Fedora Release Engineering <releng@fedoraproject.org> - 0.5-3
- Rebuilt for https://fedoraproject.org/wiki/Fedora_32_Mass_Rebuild
* Mon Jan 27 2020 Rob Crittenden <rcritten@redhat.com> - 0.5-2
- Rebuild
* Thu Jan 2 2020 Rob Crittenden <rcritten@redhat.com> - 0.5-1
- Update to upstream 0.5
* Mon Dec 2 2019 François Cami <fcami@redhat.com> - 0.4-2
- Create subpackage to split out core processing (#1771710)
* Mon Dec 2 2019 François Cami <fcami@redhat.com> - 0.4-1
- Update to upstream 0.4
- Change Source0 to something "spectool -g" can use.
- Correct URL (#1773512)
- Errors not translated to strings (#1752849)
- JSON output not indented by default (#1729043)
- Add dependencies to checks to avoid false-positives (#1727900)
- Verify expected DNS records (#1695125
* Thu Oct 03 2019 Miro Hrončok <mhroncok@redhat.com> - 0.3-3
- Rebuilt for Python 3.8.0rc1 (#1748018)
* Mon Aug 19 2019 Miro Hrončok <mhroncok@redhat.com> - 0.3-2
- Rebuilt for Python 3.8
* Thu Jul 25 2019 François Cami <fcami@redhat.com> - 0.3-1
- Update to upstream 0.3
- Add logrotate configs + depend on anacron and logrotate
* Thu Jul 25 2019 François Cami <fcami@redhat.com> - 0.2-6
- Fix permissions
* Thu Jul 25 2019 Fedora Release Engineering <releng@fedoraproject.org> - 0.2-5
- Rebuilt for https://fedoraproject.org/wiki/Fedora_31_Mass_Rebuild
* Thu Jul 11 2019 François Cami <fcami@redhat.com> - 0.2-4
- Fix ipa-healthcheck.sh installation path (rhbz#1729188)
- Create and own log directory (rhbz#1729188)
* Tue Apr 30 2019 François Cami <fcami@redhat.com> - 0.2-3
- Add python3-lib389 to BRs
* Tue Apr 30 2019 François Cami <fcami@redhat.com> - 0.2-2
- Fix changelog
* Thu Apr 25 2019 Rob Crittenden <rcritten@redhat.com> - 0.2-1
- Update to upstream 0.2
* Thu Apr 4 2019 François Cami <fcami@redhat.com> - 0.1-2
- Explicitly list dependencies
* Tue Apr 2 2019 François Cami <fcami@redhat.com> - 0.1-1
- Initial package import
Write Preview
Loading…
Cancel
Save