Bug 2143901
| Summary: | ipa-healthcheck is using retired server | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 9 | Reporter: | Rakesh Kumar <rakkumar> |
| Component: | pki-core | Assignee: | RHCS Maintainers <rhcs-maint> |
| Status: | POST --- | QA Contact: | idm-cs-qe-bugs |
| Severity: | medium | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | 9.4 | CC: | ckelley, dchen, frenaud, mfargett, rcritten, tscherf |
| Target Milestone: | rc | Keywords: | Triaged |
| Target Release: | --- | ||
| Hardware: | x86_64 | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | Bug | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
Summary about the case
1. Command ran: ipa-healthcheck --debug --failures-only
2. DNS entry of the failed server is removed
3. ipa-healthcheck returns Internal server error HTTPSConnectionPool(host='removed.example.com', port=443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at 0x7f4097949e48>: Failed to establish a new connection: [Errno -2] Name or service not known',))
4. Customer ask: If a server is removed, but for some reason it didn't remove all the pieces from IDM, then ipa-healthcheck should actually be reporting on that, instead of just failing because the method it used to determine the server list, and the one it picked, didn't remove properly.
Well, I would say, ipa-healthcheck generally right. It mentioned that it failed to eastablish a new connection because it is unable to find the name (from DNS).
It also does not showing the working servers and services because **--failures-only**
|
Please clarify which of the posted healthcheck output you are concerned with. Only the first one appears to be related: { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "72ad2788-e0b7-4f5e-9eeb-*******", "when": "20210707180422Z", "duration": "37.131043", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: test1.example.com Port: 443" } }, How does this not already provide information that a host is not fully removed?