Hi!
I run a 2-node FreeIPA server on an EL9 clone. I got some automatic updates 4
hours ago:
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade:
pki-jackson-core-2.19.1-1.el9_6.noarch
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade:
pki-jackson-annotations-2.19.1-1.el9_6.noarch
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade:
pki-jackson-databind-2.19.1-1.el9_6.noarch
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade:
pki-jackson-module-jaxb-annotations-2.19.1-1.el9_6.noarch
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade:
pki-jackson-jaxrs-providers-2.19.1-1.el9_6.noarch
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade:
389-ds-base-libs-2.6.1-12.el9_6.x86_64
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade: python3-lib389-2.6.1-12.el9_6.noarch
2025-10-18T06:09:24+0000 SUBDEBUG Upgrade: 389-ds-base-2.6.1-12.el9_6.x86_64
2025-10-18T06:09:39+0000 SUBDEBUG Upgrade: libssh-config-0.10.4-15.el9_6.noarch
2025-10-18T06:09:39+0000 SUBDEBUG Upgrade: libssh-0.10.4-15.el9_6.x86_64
2025-10-18T06:09:39+0000 SUBDEBUG Upgrade:
pki-jackson-jaxrs-json-provider-2.19.1-1.el9_6.noarch
2025-10-18T06:09:39+0000 SUBDEBUG Upgrade:
kernel-headers-5.14.0-570.52.1.el9_6.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgrade: iputils-20210202-11.el9_6.3.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgrade:
vim-minimal-2:8.2.2637-22.el9_6.1.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded: 389-ds-base-2.6.1-11.el9_6.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
pki-jackson-databind-2.14.1-2.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded: libssh-0.10.4-13.el9.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded: libssh-config-0.10.4-13.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
pki-jackson-annotations-2.14.1-1.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded: pki-jackson-core-2.14.1-2.el9.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded: python3-lib389-2.6.1-11.el9_6.noarch
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
kernel-headers-5.14.0-570.49.1.el9_6.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
389-ds-base-libs-2.6.1-11.el9_6.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded: iputils-20210202-11.el9_6.1.x86_64
2025-10-18T06:09:40+0000 SUBDEBUG Upgraded:
vim-minimal-2:8.2.2637-22.el9_6.x86_64
, and now IPA healthcheck is complaining in both nodes:
[alex@ipa9 ~]$ sudo ipa-healthcheck
[sudo] password for alex:
[
{
"source": "ipahealthcheck.ds.backends",
"check": "BackendsCheck",
"result": "CRITICAL",
"uuid": "c356f22a-dda3-466f-9d29-a17b0f7d69ac",
"when": "20251019080916Z",
"duration": "0.168095",
"kw": {
"key": "DSBLE0007",
"items": [
"cn=changelog"
],
"msg": "System indexes are essential for proper directory server
operation. Missing or\nincorrectly configured system indexes can lead to poor
search performance, replication\nissues, and other operational problems.\n\nThe
following system indexes should be present with correct configuration:\n-
entryrdn: index type 'subtree'\n- parentId: index type 'eq' with matching rule
'integerOrderingMatch'\n- ancestorId: index type 'eq' with matching rule
'integerOrderingMatch'\n- objectClass: index type 'eq'\n- aci: index type
'pres'\n- nscpEntryDN: index type 'eq'\n- nsUniqueId: index type 'eq'\n-
nsds5ReplConflict: index types 'eq', 'pres'\n- nsCertSubjectDN: index type
'eq'\n- numsubordinates: index type 'pres'\n- nsTombstoneCSN: index type
'eq'\n- targetuniqueid: index type 'eq'\n- changeNumber: index type 'eq' with
matching rule 'integerOrderingMatch'\n- entryusn: index type 'eq' with matching
rule 'integerOrderingMatch'\n\nCurrent discrepancies:\n- Index parentId missing
matching rule: integerOrderingMatch\n- Unable to check index ancestorId: No
object exists given the filter criteria: ancestorId
(&(&(objectclass=nsIndex))(|(cn=ancestorId)))\n"
}
},
{
"source": "ipahealthcheck.ds.backends",
"check": "BackendsCheck",
"result": "CRITICAL",
"uuid": "63ce8a2d-61d6-4c10-8565-4bf90b7487ff",
"when": "20251019080916Z",
"duration": "0.168103",
"kw": {
"key": "DSBLE0007",
"items": [
"o=ipaca"
],
"msg": "System indexes are essential for proper directory server
operation. Missing or\nincorrectly configured system indexes can lead to poor
search performance, replication\nissues, and other operational problems.\n\nThe
following system indexes should be present with correct configuration:\n-
entryrdn: index type 'subtree'\n- parentId: index type 'eq' with matching rule
'integerOrderingMatch'\n- ancestorId: index type 'eq' with matching rule
'integerOrderingMatch'\n- objectClass: index type 'eq'\n- aci: index type
'pres'\n- nscpEntryDN: index type 'eq'\n- nsUniqueId: index type 'eq'\n-
nsds5ReplConflict: index types 'eq', 'pres'\n- nsCertSubjectDN: index type
'eq'\n- numsubordinates: index type 'pres'\n- nsTombstoneCSN: index type
'eq'\n- targetuniqueid: index type 'eq'\n- entryusn: index type 'eq' with
matching rule 'integerOrderingMatch'\n\nCurrent discrepancies:\n- Index
parentId missing matching rule: integerOrderingMatch\n- Unable to check index
ancestorId: No object exists given the filter criteria: ancestorId
(&(&(objectclass=nsIndex))(|(cn=ancestorId)))\n"
}
},
{
"source": "ipahealthcheck.ds.backends",
"check": "BackendsCheck",
"result": "CRITICAL",
"uuid": "cbf48511-496d-4924-8157-9e1507b35dc1",
"when": "20251019080916Z",
"duration": "0.168104",
"kw": {
"key": "DSBLE0007",
"items": [
"dc=ipa,dc=pdp7,dc=net"
],
"msg": "System indexes are essential for proper directory server
operation. Missing or\nincorrectly configured system indexes can lead to poor
search performance, replication\nissues, and other operational problems.\n\nThe
following system indexes should be present with correct configuration:\n-
entryrdn: index type 'subtree'\n- parentId: index type 'eq' with matching rule
'integerOrderingMatch'\n- ancestorId: index type 'eq' with matching rule
'integerOrderingMatch'\n- objectClass: index type 'eq'\n- aci: index type
'pres'\n- nscpEntryDN: index type 'eq'\n- nsUniqueId: index type 'eq'\n-
nsds5ReplConflict: index types 'eq', 'pres'\n- nsCertSubjectDN: index type
'eq'\n- numsubordinates: index type 'pres'\n- nsTombstoneCSN: index type
'eq'\n- targetuniqueid: index type 'eq'\n- entryusn: index type 'eq' with
matching rule 'integerOrderingMatch'\n\nCurrent discrepancies:\n- Index
parentId missing matching rule: integerOrderingMatch\n- Unable to check index
ancestorId: No object exists given the filter criteria: ancestorId
(&(&(objectclass=nsIndex))(|(cn=ancestorId)))\n"
}
}
]
Is there a procedure that needs to be run for this update?
Cheers,
Álex
--
_______________________________________________
FreeIPA-users mailing list -- [email protected]
To unsubscribe send an email to [email protected]
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedorahosted.org/archives/list/[email protected]
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
