Provided by: freeipa-healthcheck_0.10-1_all 
NAME
ipahealthcheck.conf - ipa-healthcheck configuration file
SYNOPSIS
/etc/ipahealthcheck/ipahealthcheck.conf
DESCRIPTION
The ipahealthcheck.conf configuration file is used to set the defaults when running
ipa-healthcheck.
SYNTAX
The configuration options are not case sensitive. The values may be case sensitive,
depending on the option.
Blank lines are ignored. Lines beginning with # are comments and are ignored.
Valid lines consist of an option name, an equals sign and a value. Spaces surrounding
equals sign are ignored. An option terminates at the end of a line.
Values should not be quoted, the quotes will not be stripped.
# Wrong - don't include quotes
verbose = "True"
# Right - Properly formatted options
verbose = True
verbose=True
Options must appear in the section named [default]. There are no other sections defined or
used currently.
Options may be defined that are not used. Be careful of misspellings, they will not be
rejected.
EXCLUDES
There may be reasons that a user will want to suppress some results. One example is a
customer certificate that is generating a warning because it is unknown to IPA. Excluding
a result key does not prevent it from running, it is filtered from the reported results.
Excluding by source or key will prevent it from running at all. Services will not be
excluded because other checks may rely on them (ipahealthcheck.meta.services).
Each excludes type may be listed multiple times. Invalid sources, checks and/or keys will
not be flagged. These configuration options are only processed when found in the EXCLUDES
section and are otherwise ignored.
Users are encouraged to annotate the reason for excluding the results so the reason is not
lost.
Results can be suppressed or excluded in three ways:
• source, e.g. ipahealthcheck.ipa.certs
• check, e.g. IPADNSSystemRecordsCheck
• report key, e.g. 20210910141457 (certmonger tracking id)
OPTIONS
The following options are relevant in each section.
[default]
cert_expiration_days
The number of days left before a certificate expires to start displaying a warning.
The default is 28.
timeout
The time allowed in seconds for each check to run before being considered an error.
The default is 10.
[excludes]
source Filter results based on the check source.
check Filter results based on the check name.
key Filter results based on the result key in the healthcheck output.
All command-line options may be included in the configuration file. Dashes must be
converted to underscore for the configuration file, e.g. --output-type becomes
output_type. All options, including those that don't make sense in a config file, like
--list-sources, are allowed. Let the buyer beware.
The purpose of allowing command-line options to be in the configuration file is for
automation without having to tweak the automation script. For example, if you want the
default output type to be human for the systemd timer automated runs, settting
output_type=human in the configuration file will do this. When loading configuration the
first option wins, so if any option is in the configuration file then it cannot be
overridden by the command-line unless a different configuration file is specified (see
--config).
There may be conflicting exceptions. For example, if all=True is set in the configuration
file, and the command-line contains --failures-only, then only failures will be displayed
because of the way the option evaluation is done.
Options that don't make sense for the configuration file include --list-sources and
--input-file.
FILES
/etc/ipahealthcheck/ipahealthcheck.conf
configuration file
EXAMPLES
7 days left before a certificate expires to start displaying a warning:
[default]
cert_expiration_days=7
timeout=5
[default]
cert_expiration_days=7
Exclude all certificate checks.
[excludes]
source=ipahealthcheck.ipa.certs
Don't warn about a custom certificate being tracked by certmonger:
[excludes]
key=20210910141452
SEE ALSO
ipa-healthcheck(8)