Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
DescriptionNikhil Dehadrai
2019-07-08 13:12:53 UTC
Description of problem:
ipa-healthcheck command fails to return any error message when Master is down and is run on Replica
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. Setup IPA-Master / Replica with latest IPA version
2. Ensure ipa-healthcheck package is available , # ipa-healthcheck
3. On Master, stop IPA service # ipactl stop
4. On Replica, run ipa-healthcheck command
#ipa-healthcheck --failures-only --output-type human
5. On IPA Master, run ipa-healthcheck command
#ipa-healthcheck --failures-only --output-type human
Actual results:
1. After step4, no error message is observed
[root@kvm-04-guest19 ~]# ipa-healthcheck --failures-only --output-type human
[root@kvm-04-guest19 ~]# echo $?
0
2. after step5, following error is observed on IPA master
[root@kvm-02-guest15 ipahealthcheck]# ipa-healthcheck --failures-only --output-type human
ERROR: ipahealthcheck.meta.services.dirsrv: dirsrv: not running
ERROR: ipahealthcheck.meta.services.httpd: httpd: not running
ERROR: ipahealthcheck.meta.services.krb5kdc: krb5kdc: not running
ERROR: ipahealthcheck.meta.services.named: named: not running
ERROR: ipahealthcheck.meta.services.pki_tomcatd: pki_tomcatd: not running
ERROR: ipahealthcheck.dogtag.ca.DogtagCertsConnectivityCheck: Request for certificate failed, ldap2 is not connected (ldap2_139856093222224 in MainThread)
CRITICAL: ipahealthcheck.ds.replication.ReplicationConflictCheck: cannot connect to 'ldapi://%2Fvar%2Frun%2Fslapd-TESTRELM-TEST.socket': Connection refused
CRITICAL: ipahealthcheck.ipa.certs.IPACertTracking: ldap2 is not connected (ldap2_139856093222224 in MainThread)
CRITICAL: ipahealthcheck.ipa.certs.IPARAAgent: Skipping because no LDAP connection
CRITICAL: ipahealthcheck.ipa.certs.IPACertRevocation: ldap2 is not connected (ldap2_139856093222224 in MainThread)
CRITICAL: ipahealthcheck.ipa.files.IPAFileCheck: ldap2 is not connected (ldap2_139856093222224 in MainThread)
ERROR: ipahealthcheck.ipa.host.IPAHostKeytab: Failed to obtain host TGT: Major (851968): Unspecified GSS failure. Minor code may provide more information, Minor (2529639068): Cannot contact any KDC for realm 'TESTRELM.TEST'
ERROR: ipahealthcheck.ipa.topology.IPATopologyDomainCheck: topologysuffix-verify domain failed, ldap2 is not connected (ldap2_139856093222224 in MainThread)
CRITICAL: ipahealthcheck.ipa.topology.IPATopologyDomainCheck: ldap2 is not connected (ldap2_139856093222224 in MainThread)
Expected results:
Additional info:
Similar issue is observed when the scenario is reversed ( IPA replica stop, and command run on IPA-Master)
This is expected behavior. Each master is independent of one another when it comes to checking status.
What we might want to do is suppress the LDAP connection errors if 389-ds is down though.
Comment 8Alexander Bokovoy
2019-07-23 11:14:22 UTC
I'm going to use this BZ to track skipping test when their required services are not enabled.
Upstream fixes in master:
693fcf36e087e34ebd8cd20fcdb959329c9eb221
158bfadfef85dd66f9645b0b6bd4f1cb8a56b53e
1fedf08a6de405b87897c4b7ed30f62cae88cd47
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.
https://access.redhat.com/errata/RHEA-2020:1640