1pki-healthcheck(8) pki-healthcheck CLI pki-healthcheck(8)
2
6 pki-healthcheck - Command-Line Interface to check health of a PKI
7 installation
8
11 pki-healthcheck [CLI-options]
12
15 A PKI installation can be complex, therefore identifying real or poten‐
16 tial issues can be difficult and require a lot of analysis. This tool
17 aims to reduce the burden by attempting to identify issues in advance
18 so that they can be corrected, ideally before the issue becomes criti‐
19 cal.
20 ORGANIZATION
23 The areas of the system to check are logically grouped together. This
24 grouping is called a source. A source consists of one or more checks.
25 A check is as atomic as possible to limit the scope and complexity.
28 Each check will return a result, either a result of WARNING, ERROR,
31 CRITICAL or SUCCESS. Returning SUCCESS tells you that the check was
32 done and was deemed correct.
33 Upon failure, the output will include name of the source and name
36 of the check that detected the failure along with a message and
37 name/value pairs indicating the problem. If a check can't make a final
38 determination, it throws WARNING so that it can be examined.
39
42 COMMANDS
43 --list-sources
44 Display a list of the available sources and the checks associated
45 with those sources.
46 OPTIONAL ARGUMENTS
49 --source=SOURCE
50 Execute one or more checks within this given source.
51 --check=CHECK
54 Execute this particular check within a source. A source must be
55 supplied as well with this option.
56 --output-type=[json|human]
59 Set the output type. Defaults to JSON.
60 --failures-only
63 Exclude SUCCESS results on output.
64 --severity=SEVERITY
67 Only report errors in the requested severity of SUCCESS, WARNING,
68 ERROR or CRITICAL. This can be provided multiple times to search on
69 multiple levels.
70 --debug
73 Generate additional debugging output.
74 JSON OUTPUT
77 The output is displayed as a list of result messages for each check
78 executed in JSON format. This could be input for a monitoring system.
79 --output-file=FILENAME
82 Write the output to this filename rather than stdout.
83 --indent=INDENT
86 Pretty-print the JSON with this indention level. This can make the
87 output more human-readable.
88 HUMAN-READABLE OUTPUT
91 The results are displayed in a more human-readable format.
92 --input-file=FILENAME
95 Take as input a JSON results output and convert it to a more
96 human-readable form.
97
100 0 if all checks were successful
101 1 if any one check failed or the command failed to execute properly
104
107 /etc/pki/healthcheck.conf
108
111 CHECKS INCLUDED
112 Certificate sync between CS.cfg and NSS database
113 Checks whether the system certificates in CS.cfg and NSS database are
114 the same
115
118 pki-healthcheck tool can operate only on a single instance PKI instal‐
119 lation with the instance name as pki-tomcat
120
123 Execute healthcheck with the default JSON output:
124 pki-healthcheck
125 Execute healthcheck with a prettier JSON output:
128 pki-healthcheck --indent 2
129 Execute healthcheck and only display errors:
132 pki-healthcheck --failures-only
133 Execute healthcheck and display results in human-readable format:
136 pki-healthcheck --output-format human
137 Execute healthcheck and write results to a file:
140 pki-healthcheck --output-file /var/log/pki/healthcheck/results.json
141 Display in the previous report in a human-readable format:
144 pki-healthcheck --output-format human --input-file
145 /var/log/pki/healthcheck/results.json
146
149 Dinesh Prasanth M K <dmoluguw@redhat.com>
150
153 Copyright (c) 2020 Red Hat, Inc. This is licensed under the GNU Gen‐
154 eral Public License, version 2 (GPLv2). A copy of this license is
155 available at http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt
156 ⟨http://www.gnu.org/licenses/old-licenses/gpl-2.0.txt⟩.
157PKI January 16, 2020 pki-healthcheck(8)