Some time ago we upgraded our IPA servers from CentOS 7.x to Oracle
Linux 8.3. We did it exactly as recommended in the respective documentation.
A few days ago we found out that two out of our eight servers do not
work as they should. On both of them pki-tomcatd refuses to start. The
two servers are ipa2 and ipa6 - both have the CA feature installed.
Additionally, on ipa6 configuration is not replicated to the other
servers. ipa2 seems to have even more problems. kinit does not work,
neither does the WebGUI.
My first question is addressed to Rob. Is ipa-healthcheck checking the
whole IPA server landscape or does it check only the server where the
command is issued?
What would probably be the best way to make these two servers work
normal again? (I am thinking of just ripping these two servers out of
the topology and setting them up from scratch again?)
Cheers,
Ronald