Tested on: # cat /etc/redhat-release Red Hat Enterprise Linux release 9.4 Beta (Plow) # rpm -qa | grep -e jss -e pki python3-idm-pki-11.5.0-0.1.alpha4.el9.noarch idm-pki-base-11.5.0-0.1.alpha4.el9.noarch pki-jackson-core-2.14.1-2.el9.noarch pki-jackson-annotations-2.14.1-1.el9.noarch pki-jackson-databind-2.14.1-2.el9.noarch pki-jackson-jaxrs-providers-2.14.1-2.el9.noarch idm-jss-5.5.0-0.2.alpha3.el9.x86_64 pki-jackson-module-jaxb-annotations-2.14.1-2.el9.noarch pki-jackson-jaxrs-json-provider-2.14.1-2.el9.noarch pki-resteasy-jackson2-provider-3.0.26-16.el9.noarch idm-jss-tomcat-5.5.0-0.2.alpha3.el9.x86_64 pki-resteasy-core-3.0.26-16.el9.noarch pki-resteasy-client-3.0.26-16.el9.noarch pki-resteasy-servlet-initializer-3.0.26-16.el9.noarch idm-pki-java-11.5.0-0.1.alpha4.el9.noarch idm-pki-tools-11.5.0-0.1.alpha4.el9.x86_64 idm-pki-server-11.5.0-0.1.alpha4.el9.noarch idm-pki-ca-11.5.0-0.1.alpha4.el9.noarch idm-pki-kra-11.5.0-0.1.alpha4.el9.noarch --------------------------------------------- 1. Install master CA i.e pki-tomcat 2. Install master KRA i.e pki-tomcat 2. Install Clone CA-1 i.e pki-tomcat 3. Install Clone CA-2 i.e ca-clone2 4. Install Clone KRA i.e kra-clone 5. Run healthcheck: # pki-healthcheck --failures-only [] 6. Stop Clone-CA-1 i.e pki-tomcat and run healthcheck from master VM: pki-server stop pki-tomcat # pki-healthcheck --failures-only Internal server error HTTPSConnectionPool(host='clone.example.com', port=8443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) [ { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "642d84c4-2c84-43c7-ae79-67c377fc100a", "when": "20240110201434Z", "duration": "0.387313", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: clone.example.com Port: 8443" } } ] 7. Stop Clone-CA-2 i.e ca-clone2: pki-server stop ca-clone2 # pki-healthcheck --failures-only Internal server error HTTPSConnectionPool(host='clone.example.com', port=8443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) Internal server error HTTPSConnectionPool(host='clone.example.com', port=20443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) [ { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "a6ad72e3-319d-44f3-9a53-da7339f6f2b3", "when": "20240110201544Z", "duration": "0.364644", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: clone.example.com Port: 8443" } }, { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "cfa73ce6-7832-42f2-8691-75cc923d2b48", "when": "20240110201544Z", "duration": "0.364667", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: clone.example.com Port: 20443" } } ] 8. Stop Clone-KRA i.e kra-clone: # pki-healthcheck --failures-only Internal server error HTTPSConnectionPool(host='clone.example.com', port=8443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) Internal server error HTTPSConnectionPool(host='clone.example.com', port=20443): Max retries exceeded with url: /ca/rest/certs/search?size=3 (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) Unable to reach KRA at https://clone.example.com:21443: HTTPSConnectionPool(host='clone.example.com', port=21443): Max retries exceeded with url: /kra/admin/kra/getStatus (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) [ { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "618511c3-cbe9-46c5-9435-1170f84b1a44", "when": "20240110201639Z", "duration": "0.363697", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: clone.example.com Port: 8443" } }, { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "af29fdb3-1fae-4d06-9206-0bf90c2f2cb1", "when": "20240110201639Z", "duration": "0.363719", "kw": { "status": "ERROR: pki-tomcat : Internal error testing CA clone. Host: clone.example.com Port: 20443" } }, { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "9273bf20-c050-43e1-ab9e-0c281b9e84ec", "when": "20240110201640Z", "duration": "0.960110", "kw": { "status": "ERROR: pki-tomcat : Unable to reach KRA at https://clone.example.com:21443: HTTPSConnectionPool(host='clone.example.com', port=21443): Max retries exceeded with url: /kra/admin/kra/getStatus (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused'))" } } ] 8. Start Clone-CA-1 & 2: # pki-healthcheck --failures-only Unable to reach KRA at https://clone.example.com:21443: HTTPSConnectionPool(host='clone.example.com', port=21443): Max retries exceeded with url: /kra/admin/kra/getStatus (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused')) [ { "source": "pki.server.healthcheck.clones.connectivity_and_data", "check": "ClonesConnectivyAndDataCheck", "result": "ERROR", "uuid": "2a33f002-e5ee-4fdd-9ecd-480a102fe733", "when": "20240110201745Z", "duration": "1.632751", "kw": { "status": "ERROR: pki-tomcat : Unable to reach KRA at https://clone.example.com:21443: HTTPSConnectionPool(host='clone.example.com', port=21443): Max retries exceeded with url: /kra/admin/kra/getStatus (Caused by NewConnectionError(': Failed to establish a new connection: [Errno 111] Connection refused'))" } } ]