freeipa server安裝報錯

weixin_34146805發表於2018-09-03
Server
2018-09-03T06:26:26Z DEBUG stderr=Job for certmonger.service failed because the control process exited with error code. See "systemctl status certmonger.service" and "journalctl -xe" for details.
2018-09-03T06:26:26Z DEBUG Traceback (most recent call last):
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
    run_step(full_msg, method)
  File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
    method()
  File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 250, in configure_certmonger_renewal
    cmonger.start()
  File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 294, in start
    skip_output=not capture_output)
  File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 542, in run
    raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/bin/systemctl start certmonger.service' returned non-zero exit status 1

2018-09-03T06:26:26Z DEBUG   [error] CalledProcessError: Command '/bin/systemctl start certmonger.service' returned non-zero exit status 1
2018-09-03T06:26:26Z DEBUG   File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
    return_value = self.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run
    cfgr.run()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in run
    self.execute()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, in execute
    for _nothing in self._executor():
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner
    step()
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure
    next(executor)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception
    self.__parent._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
    six.reraise(*exc_info)
  [5/5]: configuring ipa-custodia to start on boot

大致的意思就是說freeipa 的certmonger 服務沒有啟動成功。

執行systemctl status certmonger.service 看看啥原因。

[root@ipa-master ~]# /bin/systemctl status certmonger.service
● certmonger.service - Certificate monitoring and PKI enrollment
   Loaded: loaded (/usr/lib/systemd/system/certmonger.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since 一 2018-09-03 14:27:45 CST; 5s ago
  Process: 13213 ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS (code=exited, status=1/FAILURE)
 Main PID: 13213 (code=exited, status=1/FAILURE)

9月 03 14:27:45 ipa-master.finup.com systemd[1]: Starting Certificate monitoring and PKI enrollment...
9月 03 14:27:45 ipa-master.finup.com certmonger[13213]: 2018-09-03 14:27:45 [13213] Unable to set well-known bus name "org.fedorahosted.certmonger...le(-1).
9月 03 14:27:45 ipa-master.finup.com certmonger[13213]: Error connecting to D-Bus.
9月 03 14:27:45 ipa-master.finup.com systemd[1]: certmonger.service: main process exited, code=exited, status=1/FAILURE
9月 03 14:27:45 ipa-master.finup.com systemd[1]: Failed to start Certificate monitoring and PKI enrollment.
9月 03 14:27:45 ipa-master.finup.com systemd[1]: Unit certmonger.service entered failed state.
9月 03 14:27:45 ipa-master.finup.com systemd[1]: certmonger.service failed.

根據這個問題google下。查到一個命令 certmonger -S -d 10
執行下發現問題了 。

2018-09-03 14:31:30 [13226] CA5('local').encryption_certs starts (NEED_TO_REFRESH)
2018-09-03 14:31:30 [13226] Adding disabled DBus watch on FD 7 (for Write) for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Adding a watch group for FD 7 for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Dequeuing FD 7 for 0x5604cd6ff700:(nil).
2018-09-03 14:31:30 [13226] Not queuing FD 7 for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Adding enabled DBus watch on FD 7 (for Read) for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Dequeuing FD 7 for 0x5604cd6ff700:(nil).
2018-09-03 14:31:30 [13226] Queuing FD 7 for Read for 0x5604cd6ff700:0x5604cd7024b0.
2018-09-03 14:31:30 [13226] Unable to set well-known bus name "org.fedorahosted.certmonger": Connection ":1.57" is not allowed to own the service "org.fedorahosted.certmonger" due to security policies in the configuration file(-1).
Error connecting to D-Bus.

原來跟這個dbus服務有管。

重啟systemctl restart dbus.socket和systemctl restart dbus.service
ok

重新安裝ipa-server 解決。。

相關文章