My cluster has 2 VA’s one va become inactive state suddenly, VA update is in progress state. I did the curl and it’s allowing but docker ps -a shows ccg exited yesterday and otel_agent exited today. Need suggestions or thoughts asap will be more helpful
What does the below script return?
#!/bin/bash
echo "Starting SailPoint VA connectivity test..."
echo "----------------------------------------------"
# Define the list of hosts to test
# NOTE: For wildcard domains, we pick a specific, known host (e.g., 'www.')
HOSTS_TO_TEST=(
# Flatcar (updates)
"www.flatcar-linux.org"
# SailPoint (core services)
"api.identitynow.com"
"www.sailpoint.com"
"va-access.infra.identitynow.com"
# Note: If you have a specific tenant URL like 'my-tenant.identitynow.com', add it here!
# LaunchDarkly (feature flags)
"app.launchdarkly.com"
# AWS S3 (general)
"s3.amazonaws.com"
# AWS ECR (container images)
"api.ecr.us-east-1.amazonaws.com"
"ecr.us-east-1.amazonaws.com"
"874540850173.dkr.ecr.us-east-1.amazonaws.com"
"229634586956.dkr.ecr.us-gov-west-1.amazonaws.com"
)
# Loop through each host and test it
for HOST in "${HOSTS_TO_TEST[@]}"; do
echo -n "Testing: $HOST ... "
# Use curl with -v (verbose) and -I (HEAD request)
# Redirect stderr (verbose output) and stdout (headers) to /dev/null
# We only care about the exit code.
if curl -v -I "https://{$HOST}" --connect-timeout 5 &> /dev/null; then
echo "✅ SUCCESS"
else
echo "❌ FAILURE"
echo " (Tip: Run 'curl -v https://{$HOST}' for detailed error info)"
fi
done
echo "----------------------------------------------"
echo "Test complete."
I found that with AWS VA boxes, if you are not allowing outbound to api.ecr.us-east-1.amazonaws.com, it would cause an issue where on an update ccg wouldn’t successfully run, and it even caused issues where it seemed it corrupt the containers, and the VAs had to be rebuilt. Granted, this is partially an assumption on my part. But once we fixed outgoing communications the new VA(s) built out didn’t have any further issues.