I just upgraded a 2-node master/master ipa setup- basically rebuilt it from
Centos7 servers to Rocky8.
(the standard process... remove a replica... rebuild it, install freeipa, get
back into replica mode, etc).
Everything in the above process seems to have gone very well. Since I am now
on a RHEL8-like host, I ran ipa-healthcheck.
Of the two nodes, I am only seeing one error, and only on one node (error
message below).
A redhat access article claims this can be fixed by adding entries for the host
in the local hosts file (no go, no difference).
DNS records properly exist for the freeipa node as well as the ipa-ca variant.
(ipa-ca points to the IP addresses of both servers, been this way for a long
time)
Can anyone explain the seriousness of the following error, and perhaps also
give me an idea what might fix it?
I of course would prefer my ipa-healthchecks to complete without any issues.
(Thanks all!)
[
{
"source": "ipahealthcheck.ipa.certs",
"check": "IPACertDNSSAN",
"result": "ERROR",
"uuid": "5576f96d-cee4-475e-b5ee-0466fe6bfa58",
"when": "20221007165940Z",
"duration": "0.422118",
"kw": {
"key": "20221006190547",
"hostname": "ipa-ca.rgd.mcw.edu",
"san": [
"voq.rgd.mcw.edu"
],
"ca": "IPA",
"profile": "caIPAserviceCert",
"msg": "Certificate request id {key} with profile {profile} for CA {ca}
does not have a DNS SAN {san} matching name {hostname}"
}
}
]
Thank you all for any insight/assistance. -Kent B
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
