I do have migration in mind, and I already have seen that doc.
I double checked the roles, and the only two roles that are enabled are
CA-server and DNS-server.
They are present on both systems.
However currently I'm 'just' adding an el9 replica and the old el8 master
can't seem to reach the ca accourding to the healthcheck.
And I don't want to start migrating before the current situation has a good
alth status for all the replicas/masters.
Op di 17 jan. 2023 om 15:37 schreef Francisco Triviño García <
ftriv...@redhat.com>:
>
> On 1/17/23 09:33, Rob Verduijn via FreeIPA-users wrote:
>
> Hello all,
>
> I wanted to migrate my old el8 freeipa server to el9.
>
> So I installed a new system with el9 and configured a replica on it.
>
> After this was completed I ran ipa-healthcheck on the new el9 replica and
> all was well.
>
> However after this I ran ipa-healthcheck on the old el8 ipa server and I
> got the following error.
> ipa-healthcheck
> Internal server error 'Link'
> [
> {
> "source": "pki.server.healthcheck.clones.connectivity_and_data",
> "check": "ClonesConnectivyAndDataCheck",
> "result": "ERROR",
> "uuid": "5aea196e-1693-4c14-93c5-649286c8ef7f",
> "when": "20230117082651Z",
> "duration": "0.402024",
> "kw": {
> "status": "ERROR: pki-tomcat : Internal error testing CA clone.
> Host: freeipa01.tjako.thuis Port: 443"
> }
> }
> ]
>
> I double checked the firewall and all ports were open on the el9 server
> firewall-cmd --list-all
> public (active)
> target: default
> icmp-block-inversion: no
> interfaces: br0 enp1s0
> sources:
> services: cockpit dhcpv6-client dns freeipa-ldap freeipa-ldaps http https
> ntp ssh
> ports:
> protocols:
> forward: yes
> masquerade: no
> forward-ports:
> source-ports:
> icmp-blocks:
> rich rules:
>
> On the el9 server ipa-healthcheck yields no errors and ipactl status shows
> everything is
> running.
>
> Anybody know why the old el8 server fails the ipa-healthcheck ?
>
> Assuming that the new server (as a replica of the el8 server) was
> installed including all the server roles present on el8, I guess there are
> more steps to be completed, here you can find the full migration guide:
>
> https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/migrating_to_identity_management_on_rhel_9/assembly_migrating-your-idm-environment-from-rhel-8-servers-to-rhel-9-servers_migrating-to-idm-on-rhel-9
>
> is freeipa01.tjako.thuis the new server?
>
>
> Rob
>
>
> _______________________________________________
> FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>
>
_______________________________________________
FreeIPA-users mailing list -- freeipa-users@lists.fedorahosted.org
To unsubscribe send an email to freeipa-users-le...@lists.fedorahosted.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/freeipa-users@lists.fedorahosted.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
