Display WARNING when ipa-healtcheck tool is run as normal linux user. #148
Assignees
Comments
menonsudhir
changed the title
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Jun 16, 2022
The vast majority of checks require root access so enforce it at run time. This won't affect other runtimes that use healthcheck-core. Fixes: freeipa#148 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Jun 16, 2022
The vast majority of checks require root access so enforce it at run time. This won't affect other runtimes that use healthcheck-core. Fixes: freeipa#148 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
to rcritten/freeipa-healthcheck
that referenced
this issue
Mar 28, 2023
The vast majority of checks require root access so enforce it at run time. This won't affect other runtimes that use healthcheck-core. Fixes: freeipa#148 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
rcritten
added a commit
that referenced
this issue
Apr 6, 2023
The vast majority of checks require root access so enforce it at run time. This won't affect other runtimes that use healthcheck-core. Fixes: #148 Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Currently when a normal linux user runs healthcheck tool it gives error, instead we should display warning message such as only root user can run the tool.
[testuser@master]$ ipa-healthcheck
/usr/lib/python3.7/site-packages/ipahealthcheck/core/core.py:269: DeprecationWarning: Trying deprecated initialization API: initialize() takes 3 positional arguments but 4 were given
DeprecationWarning)
Introspect error on :1.17:/org/fedorahosted/certmonger: dbus.exceptions.DBusException: org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message
/usr/lib/python3.7/site-packages/ipahealthcheck/ipa/host.py:41: DeprecationWarning: Use 'ipapython.ipautil.remove_file'
installutils.remove_file(ccache_name)
[
{
"source": "ipahealthcheck.dogtag.ca",
"check": "DogtagCertsConfigCheck",
"result": "CRITICAL",
"uuid": "dffa0f74-ea29-4c4e-8a80-d65fcd708a79",
"when": "20200811122952Z",
"duration": "0.002170",
"kw": {
"exception": "NSSDB '/etc/pki/pki-tomcat/alias' not initialized."
}
},
{
"source": "ipahealthcheck.dogtag.ca",
"check": "DogtagCertsConnectivityCheck",
"result": "ERROR",
"uuid": "9c445db9-d3f3-4a34-a5ab-4b3cbe1700af",
"when": "20200811122952Z",
"duration": "0.006043",
"kw": {
"msg": "Request for certificate failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ds.backends",
"check": "BackendsCheck",
"result": "CRITICAL",
"uuid": "ff3512e6-4483-4762-8b71-01c45973e250",
"when": "20200811122952Z",
"duration": "0.000178",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.config",
"check": "ConfigCheck",
"result": "CRITICAL",
"uuid": "2ac2daf7-1fd0-4152-899b-4a326d271724",
"when": "20200811122952Z",
"duration": "0.000049",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.disk_space",
"check": "DiskSpaceCheck",
"result": "CRITICAL",
"uuid": "fff62a91-64a8-4222-9a53-b7371889a485",
"when": "20200811122952Z",
"duration": "0.000043",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.dse",
"check": "DSECheck",
"result": "CRITICAL",
"uuid": "7857f9e0-d28d-4ff3-97d3-a69370a9bf37",
"when": "20200811122952Z",
"duration": "0.000036",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.encryption",
"check": "EncryptionCheck",
"result": "CRITICAL",
"uuid": "5b8844f3-32bf-4d47-8088-2553332c726f",
"when": "20200811122952Z",
"duration": "0.000037",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.fs_checks",
"check": "FSCheck",
"result": "CRITICAL",
"uuid": "92660ed2-c347-4536-ba05-b8cd9ada6bfb",
"when": "20200811122952Z",
"duration": "0.000035",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.nss_ssl",
"check": "NssCheck",
"result": "CRITICAL",
"uuid": "2af26c5e-ee3f-4029-b826-dbe3d4d379f9",
"when": "20200811122952Z",
"duration": "0.000036",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.ds_plugins",
"check": "RIPluginCheck",
"result": "CRITICAL",
"uuid": "7511dea6-4a7d-4a1f-af76-e8db56e926bb",
"when": "20200811122952Z",
"duration": "0.000035",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.replication",
"check": "ReplicationCheck",
"result": "CRITICAL",
"uuid": "3f2a78db-010a-4d36-8afb-253f665e55a0",
"when": "20200811122952Z",
"duration": "0.000035",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.replication",
"check": "ReplicationChangelogCheck",
"result": "CRITICAL",
"uuid": "f8ea58dc-cb48-40f3-b518-68eaf61d4b9a",
"when": "20200811122952Z",
"duration": "0.000036",
"kw": {
"exception": "Could not find configuration for instance: FEDORA31-TEST"
}
},
{
"source": "ipahealthcheck.ds.ruv",
"check": "KnownRUVCheck",
"result": "CRITICAL",
"uuid": "104d84f5-7521-45f5-990e-7b6a4bcbe624",
"when": "20200811122952Z",
"duration": "0.000067",
"kw": {
"exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertmongerExpirationCheck",
"result": "CRITICAL",
"uuid": "01562f4b-6214-4c99-be56-7970a3ba8352",
"when": "20200811122952Z",
"duration": "0.002226",
"kw": {
"exception": "org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertfileExpirationCheck",
"result": "CRITICAL",
"uuid": "f542d774-f793-440b-ac11-4deef9a6adfa",
"when": "20200811122952Z",
"duration": "0.000665",
"kw": {
"exception": "org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertTracking",
"result": "CRITICAL",
"uuid": "31a685f0-5478-406b-9437-59fedff928df",
"when": "20200811122952Z",
"duration": "0.000233",
"kw": {
"exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertNSSTrust",
"result": "CRITICAL",
"uuid": "b423c91f-e51c-4e65-8993-c5649e1c0277",
"when": "20200811122952Z",
"duration": "0.001737",
"kw": {
"exception": "NSSDB '/etc/pki/pki-tomcat/alias' not initialized."
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPANSSChainValidation",
"result": "ERROR",
"uuid": "61ffa894-3f3f-4ca8-970b-8eab9295c97b",
"when": "20200811122952Z",
"duration": "0.000050",
"kw": {
"error": "[Errno 13] Permission denied: '/etc/pki/pki-tomcat/password.conf'",
"msg": "Unable to read CA NSSDB token password: {error}"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPAOpenSSLChainValidation",
"result": "ERROR",
"uuid": "5278f3df-01c5-4bad-8605-b5f930a17250",
"when": "20200811122952Z",
"duration": "0.006056",
"kw": {
"key": "/var/lib/ipa/certs/httpd.crt",
"reason": "Can't open /var/lib/ipa/certs/httpd.crt for reading, Permission denied\n139998803199808:error:0200100D:system library:fopen:Permission denied:crypto/bio/bss_file.c:69:fopen('/var/lib/ipa/certs/httpd.crt','r')\n139998803199808:error:2006D002:BIO routines:BIO_new_file:system lib:crypto/bio/bss_file.c:78:\nunable to load certificate\n",
"msg": "Certificate validation for {key} failed: {reason}"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPAOpenSSLChainValidation",
"result": "ERROR",
"uuid": "91df5d1c-4817-4b4d-b0f2-4feac78a88cd",
"when": "20200811122952Z",
"duration": "0.011576",
"kw": {
"key": "/var/lib/ipa/ra-agent.pem",
"reason": "Can't open /var/lib/ipa/ra-agent.pem for reading, Permission denied\n140321520256832:error:0200100D:system library:fopen:Permission denied:crypto/bio/bss_file.c:69:fopen('/var/lib/ipa/ra-agent.pem','r')\n140321520256832:error:2006D002:BIO routines:BIO_new_file:system lib:crypto/bio/bss_file.c:78:\nunable to load certificate\n",
"msg": "Certificate validation for {key} failed: {reason}"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPARAAgent",
"result": "ERROR",
"uuid": "ffadb282-4520-4516-9a45-e48f0fc51b01",
"when": "20200811122952Z",
"duration": "0.000092",
"kw": {
"error": "[Errno 13] Permission denied: '/var/lib/ipa/ra-agent.pem'",
"msg": "Unable to load RA cert: {error}"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertRevocation",
"result": "CRITICAL",
"uuid": "d978c572-4d1b-4be0-9301-27f4e5992b4b",
"when": "20200811122952Z",
"duration": "0.000665",
"kw": {
"exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertmongerCA",
"result": "ERROR",
"uuid": "30a0804c-1ad8-4734-b4c9-09aea18b3737",
"when": "20200811122952Z",
"duration": "0.001302",
"kw": {
"key": "IPA",
"msg": "Certmonger CA '{key}' missing"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertmongerCA",
"result": "ERROR",
"uuid": "904e7629-883d-4512-abbe-e7eb8ee7d5a8",
"when": "20200811122952Z",
"duration": "0.001954",
"kw": {
"key": "dogtag-ipa-ca-renew-agent",
"msg": "Certmonger CA '{key}' missing"
}
},
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertmongerCA",
"result": "ERROR",
"uuid": "5ce472c2-1ae2-4679-8ead-289bbddfbe6b",
"when": "20200811122952Z",
"duration": "0.002615",
"kw": {
"key": "dogtag-ipa-ca-renew-agent-reuse",
"msg": "Certmonger CA '{key}' missing"
}
},
{
"source": "ipahealthcheck.ipa.dna",
"check": "IPADNARangeCheck",
"result": "CRITICAL",
"uuid": "dc743b54-f164-4a62-84a3-e7dbb2037b4c",
"when": "20200811122952Z",
"duration": "0.014965",
"kw": {
"exception": "Insufficient access: SASL(-1): generic failure: GSSAPI Error: Unspecified GSS failure. Minor code may provide more information (No Kerberos credentials available (default cache: KCM:))"
}
},
{
"source": "ipahealthcheck.ipa.idns",
"check": "IPADNSSystemRecordsCheck",
"result": "CRITICAL",
"uuid": "ea64a45e-0d14-46d8-aae8-55e5c64b3100",
"when": "20200811122952Z",
"duration": "0.001169",
"kw": {
"exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.files",
"check": "IPAFileNSSDBCheck",
"result": "CRITICAL",
"uuid": "1ea819ba-b101-4414-8061-4df7f9bf58e6",
"when": "20200811122952Z",
"duration": "0.000122",
"kw": {
"exception": "[Errno 13] Permission denied: '/etc/dirsrv/slapd-FEDORA31-TEST/cert9.db'"
}
},
{
"source": "ipahealthcheck.ipa.files",
"check": "IPAFileCheck",
"result": "CRITICAL",
"uuid": "2d947544-4dae-43ab-abd8-ede4c070d4b9",
"when": "20200811122952Z",
"duration": "0.001194",
"kw": {
"exception": "org.freedesktop.DBus.Error.AccessDenied: Sender is not authorized to send message"
}
},
{
"source": "ipahealthcheck.ipa.files",
"check": "TomcatFileCheck",
"result": "CRITICAL",
"uuid": "75d9f367-28e0-47f8-bdd6-dfa7b89766ce",
"when": "20200811122952Z",
"duration": "0.000063",
"kw": {
"exception": "[Errno 13] Permission denied: '/etc/pki/pki-tomcat/password.conf'"
}
},
{
"source": "ipahealthcheck.ipa.host",
"check": "IPAHostKeytab",
"result": "ERROR",
"uuid": "fd81312e-0be6-4c1e-9571-d3d4eec2dbef",
"when": "20200811122952Z",
"duration": "0.001709",
"kw": {
"msg": "Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639107): No credentials cache found"
}
},
{
"source": "ipahealthcheck.ipa.meta",
"check": "IPAMetaCheck",
"result": "ERROR",
"uuid": "83450123-2278-4868-9694-d45f280011f3",
"when": "20200811122952Z",
"duration": "0.000999",
"kw": {
"msg": "server-show failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.roles",
"check": "IPACRLManagerCheck",
"result": "CRITICAL",
"uuid": "869719af-d244-45ff-ac49-327e4878e8f5",
"when": "20200811122952Z",
"duration": "0.000062",
"kw": {
"exception": "Unable to read /var/lib/pki/pki-tomcat/conf/ca/CS.cfg"
}
},
{
"source": "ipahealthcheck.ipa.roles",
"check": "IPARenewalMasterCheck",
"result": "ERROR",
"uuid": "ae2bc7bb-622b-40cf-84bd-b9c1b1c560bd",
"when": "20200811122952Z",
"duration": "0.000328",
"kw": {
"key": "renewal_master",
"msg": "Request for configuration failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.topology",
"check": "IPATopologyDomainCheck",
"result": "ERROR",
"uuid": "6415d7b5-4370-4a86-8bfe-4db746f0a350",
"when": "20200811122952Z",
"duration": "0.000351",
"kw": {
"msg": "topologysuffix-verify domain failed, ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.topology",
"check": "IPATopologyDomainCheck",
"result": "CRITICAL",
"uuid": "3a02df11-291b-47fc-a71a-6bb0f1b3c8de",
"when": "20200811122952Z",
"duration": "0.000524",
"kw": {
"exception": "ldap2 is not connected (ldap2_140148405442832 in MainThread)"
}
},
{
"source": "ipahealthcheck.ipa.trust",
"check": "IPADomainCheck",
"result": "CRITICAL",
"uuid": "ee32eeb7-1405-46f5-a27d-2028ecef838c",
"when": "20200811122952Z",
"duration": "0.006040",
"kw": {
"error": "[Errno 13] Permission denied: '/etc/sssd/sssd.conf'",
"key": "domain-check",
"msg": "Unable to parse sssd.conf: {error}"
}
}
]
The text was updated successfully, but these errors were encountered: