Provided by: freeipa-healthcheck_0.10-1_all bug


       ipahealthcheck.conf - ipa-healthcheck configuration file




       The  ipahealthcheck.conf  configuration  file  is  used  to  set the defaults when running


       The configuration options are not case  sensitive.  The  values  may  be  case  sensitive,
       depending on the option.

       Blank lines are ignored.  Lines beginning with # are comments and are ignored.

       Valid  lines  consist  of  an  option name, an equals sign and a value. Spaces surrounding
       equals sign are ignored. An option terminates at the end of a line.

       Values should not be quoted, the quotes will not be stripped.

           # Wrong - don't include quotes
           verbose = "True"

           # Right - Properly formatted options
           verbose = True

       Options must appear in the section named [default]. There are no other sections defined or
       used currently.

       Options  may  be  defined  that are not used. Be careful of misspellings, they will not be


       There may be reasons that a user will want to suppress some  results.  One  example  is  a
       customer  certificate that is generating a warning because it is unknown to IPA. Excluding
       a result key does not prevent it from running, it is filtered from the  reported  results.
       Excluding  by  source  or  key  will  prevent it from running at all. Services will not be
       excluded because other checks may rely on them (

       Each excludes type may be listed multiple times. Invalid sources, checks and/or keys  will
       not  be flagged. These configuration options are only processed when found in the EXCLUDES
       section and are otherwise ignored.

       Users are encouraged to annotate the reason for excluding the results so the reason is not

       Results can be suppressed or excluded in three ways:

              • source, e.g. ipahealthcheck.ipa.certs

              • check, e.g. IPADNSSystemRecordsCheck

              • report key, e.g. 20210910141457 (certmonger tracking id)


       The following options are relevant in each section.


              The number of days left before a certificate expires to start displaying a warning.
              The default is 28.

              The time allowed in seconds for each check to run before being considered an error.
              The default is 10.


       source Filter results based on the check source.

       check  Filter results based on the check name.

       key    Filter results based on the result key in the healthcheck output.

       All  command-line  options  may  be  included  in  the  configuration file. Dashes must be
       converted  to  underscore  for  the  configuration  file,   e.g.   --output-type   becomes
       output_type.  All  options,  including  those that don't make sense in a config file, like
       --list-sources, are allowed. Let the buyer beware.

       The purpose of allowing command-line options to  be  in  the  configuration  file  is  for
       automation  without  having  to  tweak the automation script. For example, if you want the
       default  output  type  to  be  human  for  the  systemd  timer  automated  runs,  settting
       output_type=human  in  the configuration file will do this. When loading configuration the
       first option wins, so if any option is  in  the  configuration  file  then  it  cannot  be
       overridden  by  the  command-line  unless a different configuration file is specified (see

       There may be conflicting exceptions. For example, if all=True is set in the  configuration
       file,  and the command-line contains --failures-only, then only failures will be displayed
       because of the way the option evaluation is done.

       Options that don't make sense  for  the  configuration  file  include  --list-sources  and


              configuration file


       7 days left before a certificate expires to start displaying a warning:



       Exclude all certificate checks.


       Don't warn about a custom certificate being tracked by certmonger: