Howto define custom health check types that will be performed by the heartbeat URL and by the iManager Console.

  • 7001148
  • 13-Aug-2008
  • 26-Apr-2012

Environment


Novell Access Management 3 Access Administration
Novell Access Management 3 Linux Novell Identity Server
Novell Access Manager 3 Support Pack 4 applied

Situation

With Access Manager 3 Support Pack 4, a new configurable HealthCheck Property feature has been added where Administrators may configure the types of health checks that will be performed by the heartbeat URL and by the iManager Console. By default, the full list of healthchecks below will be performed. However, Administrators will be able to define whether a subset of this list can be done too.

The healthcheck configuration is controlled using a WEB.XML initialization parameter for the NIDP Web Application.

The initialization parameter is named "healthCheckProperties" and the value consists of one of more entries. Each entry in turn consists of three parts: the Tag Name, the heartbeat enabled state, and the iManager Console enabled state.
 
For example, we have an entry with "LDAPConfigStore,false,true".  This entry turns off the health check for LDAP User Stores for the heartbeat URL and turns on the health check for LDAP User Stores for the iManager Console.
 
 Multiple entries are separated using the ";" character.
 
 A complete example of the all available initialization parameter with multiple entries is shown below:

<context-param>
    <param-name>healthCheckProperties</param-name>       
    <param-value>LDAPConfigStore,false,true;LDAPUserStores,true,true;Clustering,false,true;Keys,false,true;SystemThrottle,false,false;HTTPRequestFlow,false,false;ESPTCPListeners,false,false;ESPTrustedIDP,false,false;SSLListeners,false,false;NSureAudit,false,false</param-value>
</context-param>
   
The Tag Name identifies the health check type that will be enabled or disabled.  The Tag Names are defined as:

LDAPConfigStore: (H,C) Test the health of all replicas of the configuration data store (eDirectory)
LDAPUserStores: (H,C) Test the health of all replicas of all defined user stores. Also, ensure all defined search contexts exist.
Clustering: (H,C) Test that all expected cluster members are participating in the cluster and that no unknown have joined the cluster.
Keys: (H,C) Test that the signing and encryption keys have been configured and exist.
SystemThrottle: (C)Test the load of the system. Specifically, warn if the LDAP load is higher than the threshold set by the initialization
 parameter "ldapLoadThreshold" and/or if the system memory is lower than the percentage set using the system property "nids.freemem.threshold". (3.1 Only)
HTTPRequestFlow: (C) Warn if there exist HTTP incomming or outgoing requests that have been active for more than one minute. (3.1 only)
ESPTCPListeners:  (H,C) ESP only. Test the health of all non-SSL TCP listeners (Connectors) defined in the Tomcat /conf/server.xml. The health is determined
 by making a connection to the connector at the most once every 10 minutes.
ESPTrustedIDP:  (H,C) ESP only. Warn if there is not a Trusted IDP configured for the ESP.
SSLListeners:  (H,C) IDP, SP only. Not ESP. Test the health of all SSL TCP listeners. The health is determined by making a connection to the connector at
 most once every 5 minutes.  The SSL connectors are gathered by querying the machine for its active network interfaces, from the Tomcat /conf/server.xml
 file, and from incomming SSL requests.
NSureAudit: (C) Test if NSureAudit is initialized and operational.  (3.1 only)

H - Included in the health check set executed when the HeartBeat URL queries for health.
C - Included in the health check set executed when the iManager Console queries for health.

Note that even though all health checks are not done in both H and C, to maintain consistent entry syntax, all entries require the three fields, tag name, true/false, true/false.
Any "extra" true/false for a tag name that is not executed for HeartBeat URL or iManager Console will just be ignored.

The default values for all health check types are true for both HeartBeat URL and iManager Console. This means that if the initialization parameter "healthCheckProperties" is  omitted from the WEB.XML file, then all healthchecks will be executed.  Only healthcheck tag names that need to be disabled need to be entered into the initialization parameter.