{"payload":{"feedbackUrl":"https://github.com/orgs/community/discussions/53140","repo":{"id":173812913,"defaultBranch":"master","name":"freeipa-healthcheck","ownerLogin":"freeipa","currentUserCanPush":false,"isFork":false,"isEmpty":false,"createdAt":"2019-03-04T20:03:36.000Z","ownerAvatar":"https://avatars.githubusercontent.com/u/10979201?v=4","public":true,"private":false,"isOrgOwned":true},"refInfo":{"name":"","listCacheKey":"v0:1699544741.0","currentOid":""},"activityList":{"items":[{"before":"e0c09f9f1388bbce43775f40a39266e692e231da","after":"c780755c57286949d4c6d62dec6f0ce7d718dd13","ref":"refs/heads/master","pushedAt":"2024-03-25T15:28:12.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Handle CS.cfg file missing in DogtagCertsConfigCheck\n\nThis should never happen but if that file disappears things have\ngone really, really badly. Throw a CRITICAL error.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/327\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Handle CS.cfg file missing in DogtagCertsConfigCheck"}},{"before":"3d85d43f62a0c52e44a2228c872307152b2b0de1","after":"e0c09f9f1388bbce43775f40a39266e692e231da","ref":"refs/heads/master","pushedAt":"2024-03-13T16:10:54.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Fixes log file permissions as per CIS benchmark\n\nAs per CIS benchmark the log file permissions should be 640 for some log\nfiles but if we change /var/log/ipa-custodia.audit.log permissions to\n640 then \"ipa-healthcheck\" reports a permission issue.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/325\nSigned-off-by: Thorsten Scherf ","shortMessageHtmlLink":"Fixes log file permissions as per CIS benchmark"}},{"before":"e556edc0b1cb607caa50f760d5059877f35fbcdc","after":"3d85d43f62a0c52e44a2228c872307152b2b0de1","ref":"refs/heads/master","pushedAt":"2024-01-15T13:54:13.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"test: Handle PKI >= 11.5.0 not storing certs in CS.cfg\n\nUpdate the test to expect 0 results if the PKI version is\n>= 11.5.0.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/317\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"test: Handle PKI >= 11.5.0 not storing certs in CS.cfg"}},{"before":"96aa8f66c870b3cb358ea1841988292422fa7aa0","after":"e556edc0b1cb607caa50f760d5059877f35fbcdc","ref":"refs/heads/master","pushedAt":"2024-01-12T14:37:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Skip DogtagCertsConfigCheck for PKI versions >= 11.5.0\n\nIn 11.5.0 the PKI project stopped storing the certificate\nblobs in CS.cfg. If we continue to check it we will report a\nfalse positive so skip it in that case.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/317\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Skip DogtagCertsConfigCheck for PKI versions >= 11.5.0"}},{"before":"35ff77300758c12110132d6d638802d5b223bd6d","after":"96aa8f66c870b3cb358ea1841988292422fa7aa0","ref":"refs/heads/master","pushedAt":"2023-11-16T13:43:41.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Temporarily disable the ipa-ods-exporter service status check\n\nThere is a bug in this service such that it will almost always\nreport as down. Rather than spamming users with this error give\ntime for it to be fixed in IPA upstream.\n\nSee https://pagure.io/freeipa/issue/9463\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Temporarily disable the ipa-ods-exporter service status check"}},{"before":"a6b89d4823de1a3459f1189a7c9eb4fb1a9931b7","after":"35ff77300758c12110132d6d638802d5b223bd6d","ref":"refs/heads/master","pushedAt":"2023-11-14T14:37:30.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Don't fail if a service name cannot be looked up in LDAP\n\nA new method was introduced to handle more IPA services. This\nrequires looking some of them up in LDAP. dirsrv not running\nwas not being caught so raised an error instead.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/312\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Don't fail if a service name cannot be looked up in LDAP"}},{"before":"a56f1f8007bb27ebbf2d0caf70986b24f827c331","after":"a6b89d4823de1a3459f1189a7c9eb4fb1a9931b7","ref":"refs/heads/master","pushedAt":"2023-11-09T15:45:41.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Become 0.16","shortMessageHtmlLink":"Become 0.16"}},{"before":"f2eb911a72eed7c290c031f6df9b4fd4800e8e89","after":"a56f1f8007bb27ebbf2d0caf70986b24f827c331","ref":"refs/heads/master","pushedAt":"2023-11-09T15:37:34.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Remove call to api.Backend.ldap2.disconnect()\n\nThis was added while I was testing the IPA LDAP client\ncache performance. By disconnecting a summary of the cache is\nlogged. I never intended it remain in the code.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/310\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Remove call to api.Backend.ldap2.disconnect()"}},{"before":"25bbaab9ab98a3a0198db0788b3e35d68d80922c","after":"f2eb911a72eed7c290c031f6df9b4fd4800e8e89","ref":"refs/heads/master","pushedAt":"2023-11-07T15:15:52.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Become 0.15","shortMessageHtmlLink":"Become 0.15"}},{"before":"e69589d507aaa1b837fc4c31cce534d246a535aa","after":"25bbaab9ab98a3a0198db0788b3e35d68d80922c","ref":"refs/heads/master","pushedAt":"2023-11-07T14:39:43.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Disable failing not installed and not configured tests\n\nThese pass locally for me but fail in the github workflow. Marking\nas xfail for now.\n\nA deprecation warning is being spit out now on stderr instead out\nstdout which includes the underlying message. Check both stdout\nand stderr to be on the safe side.\n\nNote: these tests only run as root.\n\nRelated: https://github.com/freeipa/freeipa-healthcheck/issues/309\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Disable failing not installed and not configured tests"}},{"before":"fd0b2ce794f56ed970ecf06c808a530bd2e065f9","after":"e69589d507aaa1b837fc4c31cce534d246a535aa","ref":"refs/heads/master","pushedAt":"2023-10-16T14:24:59.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Validate service keytabs other than just /etc/krb5.keytab\n\nThere are quite a few other keytabs in use in IPA other than\njust the host keytab. Validate that kinit in that keytab\nworks if the service is configured.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/175\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Validate service keytabs other than just /etc/krb5.keytab"}},{"before":"02211dd4b5e7559da2159e0e712e4d3f845baf4a","after":"fd0b2ce794f56ed970ecf06c808a530bd2e065f9","ref":"refs/heads/master","pushedAt":"2023-10-16T14:24:44.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Use timezone.utc instead of datetime.UTC for backwards compatibility\n\nWe switched to datetime.UTC because datetime.utcnow() was deprecated.\nThis is only available in python 3.11+. Use datetime.timezone.utc\ninstead which is available from python 3.2+\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/302\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Use timezone.utc instead of datetime.UTC for backwards compatibility"}},{"before":"cef7d57e2d4d1fbb13facb7629c7b8c6811e0fc7","after":"02211dd4b5e7559da2159e0e712e4d3f845baf4a","ref":"refs/heads/master","pushedAt":"2023-10-16T14:09:12.000Z","pushType":"pr_merge","commitsCount":2,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Disable the pylint github workflow\n\nUbuntu has pylint 3.0.1 which is apparently incompatible with\npylint_plugins.py. Disable this temporarily. Chances are good\nthat once this is addressed in freeipa it can be ported back\nhere as well.\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Disable the pylint github workflow"}},{"before":"9603491e20d6670b8b05ea4349f141a5eec1bd07","after":"cef7d57e2d4d1fbb13facb7629c7b8c6811e0fc7","ref":"refs/heads/master","pushedAt":"2023-10-03T13:12:14.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Add a dirsrv requires to services that look up their names in LDAP\n\nSome services aren't included in ipaplaform.knownservices\nlike smb and winbind. It is possible to discover the\nservice name using the same method used by ipactl, via roles.\n\nIf dirsrv isn't started then this will blow up spectacularly\nso use requires as a guard against it.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/301\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Add a dirsrv requires to services that look up their names in LDAP"}},{"before":"04c109a7e57ecc7d772634b8ad89f98137a91e09","after":"9603491e20d6670b8b05ea4349f141a5eec1bd07","ref":"refs/heads/master","pushedAt":"2023-09-29T02:20:27.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Change the github runners to conform with new requirements\n\nThe older style runner is being deprecreated per\nhttps://github.blog/changelog/2023-06-13-github-actions-all-actions-will-run-on-node16-instead-of-node12-by-default/\n\nThe documntation is rather confusing what needed to be changed but\none of the examples included this change and it's now passing CI so...\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Change the github runners to conform with new requirements"}},{"before":"e05903dc95be0182eac310f5a9d593d93fc43fa8","after":"04c109a7e57ecc7d772634b8ad89f98137a91e09","ref":"refs/heads/master","pushedAt":"2023-08-21T13:59:24.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Become 0.14","shortMessageHtmlLink":"Become 0.14"}},{"before":"11c77a199304fba4f430e9386593477f37652f23","after":"e05903dc95be0182eac310f5a9d593d93fc43fa8","ref":"refs/heads/master","pushedAt":"2023-08-16T17:24:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Python 3.12: utcnow function is deprecated\n\nipa-healthcheck on python 3.12 uses datetime.utcnow() which\nis deprecated and produces warnings.\nReplace with datetime.now(tz=UTC)\n\nWhen a datetime object is returned through IPACertificate API,\nalways set the timezone to UTC (this makes the new code compatible\nwith old IPA and new IPA versions).\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/298\nSigned-off-by: Florence Blanc-Renaud ","shortMessageHtmlLink":"Python 3.12: utcnow function is deprecated"}},{"before":"29855ec76bcb445543e1f2b16b13e5bcfeb67723","after":"11c77a199304fba4f430e9386593477f37652f23","ref":"refs/heads/master","pushedAt":"2023-07-19T14:40:06.000Z","pushType":"push","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Become 0.13\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Become 0.13"}},{"before":"18178ba09b221eef7f0bb869980e1c043a8e764f","after":"29855ec76bcb445543e1f2b16b13e5bcfeb67723","ref":"refs/heads/master","pushedAt":"2023-07-19T14:34:16.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Don't error in DogtagCertsConnectivityCheck with external CAs\n\nThe purpose of the check is to validate that communication\nwith the CA works. In the past we looked up serial number 1\nfor this check. The problem is that if the server was\ninstalled with RSNv3 so had no predictable CA serial number.\n\nIt also was broken with externally-issued CA certificate which\ncannot be looked up in IPA.\n\nInstead use the IPA RA agent certificate which should definitely\nhave a serial number in the IPA CA if one is configured.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/285\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Don't error in DogtagCertsConnectivityCheck with external CAs"}},{"before":"4906c52b629bfce275558d4701c083f4c020ef32","after":"18178ba09b221eef7f0bb869980e1c043a8e764f","ref":"refs/heads/master","pushedAt":"2023-07-12T13:59:30.000Z","pushType":"pr_merge","commitsCount":3,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Address issues uncovered by pylint 2.15.5\n\nTwo variables used before assignment\n\nThree Useless suppression of 'unexpected-keyword-arg'\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/295\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Address issues uncovered by pylint 2.15.5"}},{"before":"d398f4589c4e711a2f6d4e7782ab52ce46a680bc","after":"4906c52b629bfce275558d4701c083f4c020ef32","ref":"refs/heads/master","pushedAt":"2023-07-05T15:44:06.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Catch exceptions during user/group name lookup in FileCheck\n\nIt's possible that one or more of the allowed users/groups\nin a file check do not exist on the system. Catch this\nexception and try to proceed as best as possible.\n\nhttps://github.com/freeipa/freeipa-healthcheck/issues/296\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Catch exceptions during user/group name lookup in FileCheck"}},{"before":"9124c5c6ad83a254177dc998e16e2ecbe7d72912","after":"d398f4589c4e711a2f6d4e7782ab52ce46a680bc","ref":"refs/heads/master","pushedAt":"2023-05-31T19:15:58.519Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"output: fix prometheus output pluging to comply with format specification\n\nuse comment syntax for HELP and TYPE annotations, as specified\nby the prometheus test-base exposition format [1].\n\nthis change also introduces a output sub-class to reduce code\nduplication.\n\ncloses #292\n\n[1] https://prometheus.io/docs/instrumenting/exposition_formats/#text-based-format\n\nSigned-off-by: Gordon Bleux <33967640+UiP9AV6Y@users.noreply.github.com>","shortMessageHtmlLink":"output: fix prometheus output pluging to comply with format specifica…"}},{"before":"8ca85127b97b1379e36794c19fe38d372ed07f76","after":"9124c5c6ad83a254177dc998e16e2ecbe7d72912","ref":"refs/heads/master","pushedAt":"2023-05-09T15:47:17.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Restrict the length of JSON output indent to 32\n\nToo big a value and the system will exhause memory. Normally I\ntrust users not to do things like but it doesn't hurt to constrain\nsometimes.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/197\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Restrict the length of JSON output indent to 32"}},{"before":"30471ebdc9fe5871c115ca06f78a415275a320e6","after":"8ca85127b97b1379e36794c19fe38d372ed07f76","ref":"refs/heads/master","pushedAt":"2023-04-11T14:05:48.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Report when all ipa-ca records are missing in IPADNSSystemRecordsCheck\n\nIf no DNS records were returned at all then the check for mismatches\nwas missed. Add a special case for this scenario by using a placeholder\nfor the IP address for a given CA server. If no records are returned\nat all this case will catch it. If any exist at all then the\ncurrent code will handle it.\n\nThis is is easily reproduced using a non-IPA DNS server like\nGoogle or Cloudflare where all lookups will fail.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/284\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Report when all ipa-ca records are missing in IPADNSSystemRecordsCheck"}},{"before":"6642a1ad142581429bbc6e29298f535f9e45462a","after":"30471ebdc9fe5871c115ca06f78a415275a320e6","ref":"refs/heads/master","pushedAt":"2023-04-07T12:50:26.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Skip AD domains with posix ranges in the catalog check\n\nThe catalog check is intended to ensure that the trust is\nworking by looking up a user. For a non-posix range we can use\nthe Administrator user because it has a predicible SID.\n\nWith a posix range the UID/GID may not be set so the lookup\ncan fail (with an empty return value).\n\nSo skip domain which have a posix range associated with it.\n\nFixes: https://bugzilla.redhat.com/show_bug.cgi?id=1775199\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Skip AD domains with posix ranges in the catalog check"}},{"before":"4185976472cd144e5e1abab235305da6e93ead86","after":"6642a1ad142581429bbc6e29298f535f9e45462a","ref":"refs/heads/master","pushedAt":"2023-04-07T12:49:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Report certmonger requests that are in the stuck state\n\nThese may be caught already by other checks if the tracking\nis configured incorrectly but it's a belt-and-suspenders\napproach to ensure that the certificates have been issued\nproperly.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/123\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Report certmonger requests that are in the stuck state"}},{"before":"fa6b7caa6aa6520bc1b23dfb498568ebfd171f28","after":"4185976472cd144e5e1abab235305da6e93ead86","ref":"refs/heads/master","pushedAt":"2023-04-07T11:59:51.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"If there are KRAs, ensure the renewal server is one\n\nIf there are KRAs in the topology and there isn't one on\nthe renewal server then the KRA certificates will not be\nrenewed because they expect another server to do it for them.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/125\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"If there are KRAs, ensure the renewal server is one"}},{"before":"31be12b8b7adebea92e31b6265e450ae361e48b7","after":"fa6b7caa6aa6520bc1b23dfb498568ebfd171f28","ref":"refs/heads/master","pushedAt":"2023-04-06T13:09:42.000Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Require root to run ipa-healthcheck\n\nThe vast majority of checks require root access so enforce\nit at run time.\n\nThis won't affect other runtimes that use healthcheck-core.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/148\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Require root to run ipa-healthcheck"}},{"before":"c1091f525be536ee85f92c2d9fa20216cad2b187","after":"31be12b8b7adebea92e31b6265e450ae361e48b7","ref":"refs/heads/master","pushedAt":"2023-03-28T19:24:52.742Z","pushType":"pr_merge","commitsCount":1,"pusher":{"login":"rcritten","name":"Rob Crittenden","path":"/rcritten","primaryAvatarUrl":"https://avatars.githubusercontent.com/u/5193315?s=80&v=4"},"commit":{"message":"Add more services to check the status, switch to using roles\n\nSome services aren't included in ipaplaform.knownservices\nlike smb and winbind. It is possible to discover the\nservice name using the same method used by ipactl, via roles.\nSwitch some services to the roles method.\n\nThe services added:\n* ods_enforcerd\n* ipa_ods_exporter\n* ipa_dnskeysyncd\n* chronyd\n* smb\n* winbind\n\nAdd option to skip disabled services. This is currently only\nfor chronyd which is not required but we'll check it if its\nenabled.\n\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/219\nFixes: https://github.com/freeipa/freeipa-healthcheck/issues/196\n\nSigned-off-by: Rob Crittenden ","shortMessageHtmlLink":"Add more services to check the status, switch to using roles"}}],"hasNextPage":false,"hasPreviousPage":false,"activityType":"all","actor":null,"timePeriod":"all","sort":"DESC","perPage":30,"cursor":"djE6ks8AAAAEHrh2tgA","startCursor":null,"endCursor":null}},"title":"Activity · freeipa/freeipa-healthcheck"}