On Чцв, 24 кра 2025, tipex tipex via FreeIPA-users wrote:
Hi Rob
I ran the two commands and this has fixed the error with not being able
to show the security domains. Listing them did indeed show that there
were two old ones present. I followed the article you provided to
remove them. The main error in the health check how now cleared so my
system it significantly more healthy than it was before thanks to you
and everyone else. Hats off for your knowledge and help.
Before attempting the dist upgrade again from Fedora 40 to 41 I wanted
to sense check the things listed in the health check:
- Error relating to IPv6 = Ignore, unless there is an easy way to get rid of it.
There is no way to clear it, at least now. Link-local IPv6 addresses
aren't usable for running IPA servers on them, so we remind admins about
that. In most cases we should probably do that only during initial
installation and when we see those addresses in actual DNS entries, not
just on the interfaces where they'll be almost always configured
automatically.
- Warnings on configuration attributes that are not applicable for the
configured backend type = Ignore, although it would be nice to get rid
of these warnings if possible.
- Warnings on missing uri records = Ignore as I cant add uri records in
AWS route53.
- Error for "ipahealthcheck.ds.replication". "msg": "The replication
agreement (catosg-it-prod-dc-a-euw2az1.internal.example.com) under
\"o=ipaca\" is not in synchronization.\nStatus message: error (18)
can't acquire replica (incremental update transient warning. backing
off, will retry update later.)"
I'm getting this last error on both machines. Feels like one that needs
to be addressed before attempting an update.
As it says, it is a temporary state reported by the replication process.
It goes through these states all the time. If you have non-working
replication due to inability to talk to another replica, you'd better
fix networking problems (routing, firewalls, etc) that prevent the
connection working.
--
/ Alexander Bokovoy
Sr. Principal Software Engineer
Security / Identity Management Engineering
Red Hat Limited, Finland
--
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
