hi all,
our ipa-healthcheck gives some seemingly odd output:
Internal server error
HTTPSConnectionPool(host='oldm2.domain', port=443): Max retries exceeded with url:
/ca/rest/certs/search?size=3 (Caused by
NewConnectionError('<urllib3.connection.VerifiedHTTPSConnection object at
0x7f32581cb748>: Failed to establish a new connection: [Errno -2] Name or service not
known',))
[
{
"source": "pki.server.healthcheck.clones.connectivity_and_data",
"check": "ClonesConnectivyAndDataCheck",
"result": "ERROR",
"uuid": "c7694559-157f-42da-9722-29ab4308d8bc",
"when": "20210601115956Z",
"duration": "0.424097",
"kw": {
"status": "ERROR: pki-tomcat : Internal error testing CA clone.
Host: oldm2.domain Port: 443"
}
},
googling the error itself, i find references to this being a false
positive; but looking closer (and also the initial server error) give an
actual error: they reference an old master (it's obviously not called
oldm2, so i had to read it a few times to see it was actually this old
host).
a while ago we migrated our centos7 setup (oldm1 and oldm2) to rhel82
(newm3 and newm4), by following the migration guide
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/...
i'm quite sure we followed all steps, including the final uninstall on
oldm1 and oldm2.
however, after starting to run ipa-healthcheck recently and seeing this
error, we looked for other traces of the old servers and started to
clean them up. the old hosts are no longer around, so no chance to rerun
things or check logs.
so far we removed a bunch of DNS entries where the oldm1 was still used,
but we now also have some other ones that reference oldm2: e.g. the pki
related error above, but also oldm2 is still referenced in some entries
in our dirserv dse.ldif (2 nsslapd-referral, 3 nsds50ruv and 3
nsruvReplicaLastModified). the traces are only of oldm2, not sign of
oldm1 there.
i'd appreciate some tips/guidance for removing the pki reference to
oldm2 and things we can do to cleanup the dse.ldif
many many thanks,
stijn