On 28-05-2021 17:22, Kees Bakker via FreeIPA-users wrote:
Hi,After installing a new replica and running /usr/bin/ipa-healthcheck --source pki.server.healthcheck.clones.connectivity_and_data I'm getting this error keyctl_search: Required key not available Enter password for Internal Key Storage Token: Internal server error HTTPSConnectionPool(host='iparep3.ghs.nl', port=443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7fc473262a90>: Failed to establish a new connection: [Errno 113] No route to host',)) [ { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "c2f3ec1d-494b-4f6a-b6e3-0e38108f2005", "when": "20210528150818Z", "duration": "30.348789", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: iparep3.ghs.nl Port: 443" } } ] First, it is asking for a password, and I have no clue for what. I've tried the admin password and the Directory Manager password. It makes no difference. Second, it tries to connect to a replica that was removed several months ago. Both ipa-replica-manage list and ipa-csreplica-manage show the correct list of masters that we currently have. Where does ipa-healthcheck get the information from to query the removed replica? BTW. Two replica run CentOS 8 Stream, and one runs CentOS 7. The first two give this healthcheck error, the centos7 master does not.
That last remark should be: on CentOS 7 there was no such check. So, perhaps the error is there too. # /usr/bin/ipa-healthcheck --source pki.server.healthcheck.clones.connectivity_and_data Source 'pki.server.healthcheck.clones.connectivity_and_data' not found -- Kees _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected] Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
