Skip to content

Releases: freeipa/freeipa-healthcheck

0.17

03 Jun 15:36
Compare
Choose a tag to compare

What's Changed

  • Don't fail if a service name cannot be looked up in LDAP by @rcritten in #313
  • Address two issues uncovered in freeIPA CI by @rcritten in #314
  • Skip DogtagCertsConfigCheck for PKI versions >= 11.5.0 by @rcritten in #318
  • test: Handle PKI >= 11.5.0 not storing certs in CS.cfg by @rcritten in #319
  • Fixes log file permissions as per CIS benchmark by @tscherf in #326
  • Handle CS.cfg file missing in DogtagCertsConfigCheck by @rcritten in #328
  • Fix some file mode format issues by @rcritten in #330

Full Changelog: 0.16...0.17

0.16

09 Nov 15:46
Compare
Choose a tag to compare

What's Changed

  • Remove call to api.Backend.ldap2.disconnect() by @rcritten in #311. This broke pki-healthcheck.

Full Changelog: 0.15...0.16

0.15

07 Nov 15:16
Compare
Choose a tag to compare

What's Changed

  • Change the github runners to conform with new requirements by @rcritten in #304
  • Add a dirsrv requires to services that look up their names in LDAP by @rcritten in #301
  • Convert DBus objects into native python objects by @rcritten in #306
  • Use timezone.utc instead of datetime.UTC for backwards compatibility by @rcritten in #303
  • Validate service keytabs other than just /etc/krb5.keytab by @rcritten in #289
  • Support validating LWCA certmonger requests by @rcritten in #308

Full Changelog: 0.14...0.15

0.14

21 Aug 14:00
Compare
Choose a tag to compare

Python 3.12: utcnow function is deprecated

0.13

19 Jul 14:43
Compare
Choose a tag to compare

What's Changed

  • Add more services to check the status, switch to using roles by @rcritten in #271
  • Require root to run ipa-healthcheck by @rcritten in #267
  • If there are KRAs, ensure the renewal server is one by @rcritten in #290
  • Report certmonger requests that are in the stuck state by @rcritten in #291
  • Skip AD domains with posix ranges in the catalog check by @rcritten in #269
  • Report when all ipa-ca records are missing in IPADNSSystemRecordsCheck by @rcritten in #287
  • Restrict the length of JSON output indent to 32 by @rcritten in #288
  • output: fix prometheus output pluging to comply with format spec by @UiP9AV6Y in #293
  • Catch exceptions during user/group name lookup in FileCheck by @rcritten in #297
  • gha: Replace F35/36 with F37/38 by @rcritten in #294
  • Don't error in DogtagCertsConnectivityCheck with external CAs by @rcritten in #286

Full Changelog: 0.12...0.13

0.11

02 Jun 15:21
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.10...0.11

0.10

08 Feb 18:47
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: 0.9...0.10

0.9

10 Jun 14:00
Compare
Choose a tag to compare
0.9
  • Add service dependencies to more checks so they are skipped if dependent services are not running
  • Filter out the pki healthcheck sources if IPA CA is not installed
  • Don't collect the CRLManager role if the CA is not configured
  • Drop or replace print statements which were polluting stdout/stderr with lines that should have been logged instead
  • Add service log files to those tracked by the FileCheck for owner/group/perms/mode
  • Check for mismatches in certificates between LDAP and the system
  • Fix the --debug option which was being reset internally back to WARN
  • Add check for KRA Agent to compare the certificate with LDAP, similar to RA Agent check
  • For human output display a message when no issues are found instead of an empty list []
  • Check for a host certificate to avoid a false positive tracking
  • Add compatibility for python 3.10