>>Does the IPA server host entry still exist?
Yes, I see
it under Identity>Hosts
Specifying the other server did work. SSSD is working again.
[root@gsil-ipa01 etc]# ipa-getkeytab -s gsil-ipa02.idm.x.x -p
host/gsil-ipa01.idm.x.x(a)IDM.x.x -k /etc/krb5.keytab
After doing this I restarted the server and tried to run health check again. Now
healthcheck has a lot of errors. Where do you suggest I start?
I was also reading that "If your IdM topology contains an integrated CA, one server
has the role of the Certificate revocation list (CRL) publisher server and one server has
the role of the CA renewal server.
By default, the first CA server installed fulfills these two roles..."
It was my first installed server that failed. Should I move the roles to my replica?
(Assuming I can)
Here is the healthcheck-
I presume that if I can fix dirsrv it will help clear up many of the other issues. Let me
know if you think there is something more critical to be fixed first.
[root@gsil-ipa01 ~]# ipa-healthcheck --failures-only
caSigningCert External CA not found, assuming 3rd party
[
{
"source": "ipahealthcheck.meta.services",
"check": "dirsrv",
"result": "ERROR",
"uuid": "c7a2bf32-5878-44f5-b7a5-87b69e4149fa",
"when": "20230316130703Z",
"duration": "498.704933",
"kw": {
"status": false,
"msg": "dirsrv: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "httpd",
"result": "ERROR",
"uuid": "edf67606-4326-4e37-b860-dc3992eb3bc7",
"when": "20230316130703Z",
"duration": "0.105259",
"kw": {
"status": false,
"msg": "httpd: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "ipa_custodia",
"result": "ERROR",
"uuid": "87418dcb-c07c-4914-9296-ae5a2baca99d",
"when": "20230316130703Z",
"duration": "0.109029",
"kw": {
"status": false,
"msg": "ipa-custodia: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "ipa_dnskeysyncd",
"result": "ERROR",
"uuid": "97d08885-7dac-4c60-a447-b669a4cc6e09",
"when": "20230316130703Z",
"duration": "0.100007",
"kw": {
"status": false,
"msg": "ipa-dnskeysyncd: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "ipa_otpd",
"result": "ERROR",
"uuid": "c83f8cd2-6553-4934-99dd-de4cfa3f515f",
"when": "20230316130703Z",
"duration": "0.103143",
"kw": {
"status": false,
"msg": "ipa-otpd: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "kadmin",
"result": "ERROR",
"uuid": "657130bf-396f-48a1-968f-3f89170313a3",
"when": "20230316130703Z",
"duration": "0.104496",
"kw": {
"status": false,
"msg": "kadmin: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "krb5kdc",
"result": "ERROR",
"uuid": "5e82b86c-ac90-49f9-a8fe-1a8c35909f91",
"when": "20230316130703Z",
"duration": "0.097375",
"kw": {
"status": false,
"msg": "krb5kdc: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "named",
"result": "ERROR",
"uuid": "3ca8751b-803a-46af-a849-fcb309eb65db",
"when": "20230316130703Z",
"duration": "0.093471",
"kw": {
"status": false,
"msg": "named: not running"
}
},
{
"source": "ipahealthcheck.meta.services",
"check": "pki_tomcatd",
"result": "ERROR",
"uuid": "9c57a360-bd4c-48be-af8a-6e738c79c486",
"when": "20230316130703Z",
"duration": "0.002969",
"kw": {
"status": false,
"msg": "pki_tomcatd: not running"
}
},
{
"source": "ipahealthcheck.ipa.files",
"check": "IPAFileCheck",
"result": "WARNING",
"uuid": "4a9001d5-1ad5-4a4c-99fd-48273dd9f822",
"when": "20230316130707Z",
"duration": "0.005756",
"kw": {
"key": "_var_log_ipaupgrade.log_mode",
"path": "/var/log/ipaupgrade.log",
"type": "mode",
"expected": "0600",
"got": "0644",
"msg": "Permissions of /var/log/ipaupgrade.log are too permissive:
0644 and should be 0600"
}
}
]