lejeczek via FreeIPA-users wrote:
Hi guys.
I believe that is reproducible every time - clean deployment, first
master's ipa-healthcheck no problems, replica added still no problems,
then on that first replica 'ipa-kra-install' and immediately:
-> $ ipa-healthcheck
Internal error testing KRA clone. KRA clone problem detected Host:
swir.mine.private Port: 443
Unhandler rdtype 256
Unhandler rdtype 256
Unhandler rdtype 256
Unhandler rdtype 256
Unhandler rdtype 256
Unhandler rdtype 256
Unhandler rdtype 256
Unhandler rdtype 256
[
{
"source": "pki.server.healthcheck.clones.connectivity_and_data",
"check": "ClonesConnectivyAndDataCheck",
"result": "ERROR",
"uuid": "eed4f41f-27fe-4f37-aa01-d47602f2c58f",
"when": "20220126174106Z",
"duration": "1.207738",
"kw": {
"status": "ERROR: pki-tomcat : Internal error testing KRA clone.
Host: swir.mine.private Port: 443"
}
}
]
How critical is that and what to do to fix it?
I believe this is a false positive. The pki healthcheck maintainer is
working on it.
The "Unhandler" errors are the newish DNS URI records that are currently
unhandled by healthcheck. Support has been added in the tip but I have a
few more things to merge before doing another full release (which of
course will take a while to trickle down, if ever, into existing
distribution releases).
rob