diff --git a/src/ipahealthcheck/core/core.py b/src/ipahealthcheck/core/core.py index 44e0251a..47ec61a3 100644 --- a/src/ipahealthcheck/core/core.py +++ b/src/ipahealthcheck/core/core.py @@ -265,6 +265,13 @@ def run_healthcheck(self): if rval is not None: return rval + # If we have IPA configured without a CA then we want to skip + # the pkihealthcheck plugins otherwise they will generated a + # lot of false positives. The IPA plugins are loaded first so + # which should set ca_configured in its registry to True or + # False. We will skip the pkihealthcheck plugins only if + # ca_configured is False which means that it was set by IPA. + ca_configured = None for name, registry in find_registries(self.entry_points).items(): try: registry.initialize(framework, config, options) @@ -276,6 +283,11 @@ def run_healthcheck(self): except Exception as e: logger.error("Unable to initialize %s: %s", name, e) continue + if hasattr(registry, 'ca_configured'): + ca_configured = registry.ca_configured + if 'pkihealthcheck' in name and ca_configured is False: + logger.debug('IPA CA is not configured, skipping %s', name) + continue for plugin in find_plugins(name, registry): plugins.append(plugin) diff --git a/src/ipahealthcheck/ipa/plugin.py b/src/ipahealthcheck/ipa/plugin.py index a901f368..9daa85a0 100644 --- a/src/ipahealthcheck/ipa/plugin.py +++ b/src/ipahealthcheck/ipa/plugin.py @@ -34,6 +34,7 @@ def __init__(self): super().__init__() self.trust_agent = False self.trust_controller = False + self.ca_configured = False def initialize(self, framework, config, options=None): super().initialize(framework, config) @@ -85,5 +86,8 @@ def initialize(self, framework, config, options=None): if role.get('status') == 'enabled': self.trust_controller = True + ca = cainstance.CAInstance(api.env.realm, host_name=api.env.host) + self.ca_configured = ca.is_configured() + registry = IPARegistry()