安装FreeIPA以及应用时报错汇总
作者:尹正杰
版权声明:原创作品,谢绝转载!否则将追究法律责任。
一.ERROR DNS zone yinzhengjie.org.cn already exists in DNS and is handled by server(s): dns28.hichina.com., dns27.hichina.com.
报错原因:
根据报错信息提示我的这两个域名以及存在了,并在“dns27.hichina.com”和“dns28.hichina.com”这两台机器上有对应的解析关系。事实上我在2017时的确购买了这个域名,有效期3年,今年才2018年,因此他说的这个记录时有效的!下面是我当时在服务器端ping上图中的2个DNS服务器。
[root@node100 ~]# ping dns28.hichina.com PING dns28.hichina.com (140.205.41.20) 56(84) bytes of data. 64 bytes from 140.205.41.20: icmp_seq=1 ttl=128 time=30.5 ms ^C --- dns28.hichina.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 30.573/30.573/30.573/0.000 ms [root@node100 ~]# [root@node100 ~]# ping dns27.hichina.com PING dns27.hichina.com (106.11.211.69) 56(84) bytes of data. 64 bytes from 106.11.211.69: icmp_seq=1 ttl=128 time=17.4 ms ^C --- dns27.hichina.com ping statistics --- 1 packets transmitted, 1 received, 0% packet loss, time 0ms rtt min/avg/max/mdev = 17.440/17.440/17.440/0.000 ms [root@node100 ~]#
解决方案:
既然说这个域名已经存在了,那我换个域名不就得了,于是我将我的主机名改为了“node100.yinzhengjie.com”,然后重启服务器,继续安装FreeIPA时,这个报错就消失了!
二. ERROR Command '/usr/bin/ldapmodify -v -f /tmp/tmpmtA7b9 -H ldapi://%2fvar%2frun%2fslapd-YINZHENGJIE-COM.socket -Y EXTERNAL' returned non-zero exit status 1
报错原因:
我怀疑是缺少相应的安装包才导致以上的错误发生。
解决方案:
根据官方文档提示,更新yum源,安装相应的依赖包,配置主机名解析后,重新安装你会发现这个告警消除了。参考链接:https://www.globo.tech/learning-center/install-freeipa-centos-7/
[root@node100 ~]# ipa-server-install --uninstall
This is a NON REVERSIBLE operation and will delete all data and configuration!
It is highly recommended to take a backup of existing data and configuration using ipa-backup utility before proceeding.
Are you sure you want to continue with the uninstall procedure? [no]: yes
Shutting down all IPA services
Unconfiguring ntpd
Configuring certmonger to stop tracking system certificates for KRA
Configuring certmonger to stop tracking system certificates for CA
Unconfiguring directory server
ipaserver.install.dsinstance: ERROR Unable to find server cert nickname in /etc/dirsrv/slapd-YINZHENGJIE-COM/dse.ldif
Removing IPA client configuration
Unconfigured automount client failed: Command 'ipa-client-automount --uninstall --debug' returned non-zero exit status 1
Removing Kerberos service principals from /etc/krb5.keytab
Failed to remove Kerberos service principals: Command '/usr/sbin/ipa-rmkeytab -k /etc/krb5.keytab -r YINZHENGJIE.COM' returned non-zero exit status 3
Disabling client Kerberos and LDAP configurations
Redundant SSSD configuration file /etc/sssd/sssd.conf was moved to /etc/sssd/sssd.conf.deleted
nscd daemon is not installed, skip configuration
nslcd daemon is not installed, skip configuration
Client uninstall complete.
The ipa-client-install command was successful
[root@node100 ~]#
三.ERROR Command '/bin/systemctl start certmonger.service' returned non-zero exit status 1
报错原因:
根据上述报错,大致的意思就是说freeIPA的“certmonger”服务没有启动成功。于是我们可以查看我们手动启动一下“certmonger”服务。发现手动去启动也失败啦!如下所示:
[root@node100 ~]# systemctl start certmonger.service Job for certmonger.service failed because the control process exited with error code. See "systemctl status certmonger.service" and "journalctl -xe" for details. [root@node100 ~]# systemctl start certmonger Job for certmonger.service failed because the control process exited with error code. See "systemctl status certmonger.service" and "journalctl -xe" for details. [root@node100 ~]# journalctl -xe -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit certmonger.service has failed. -- -- The result is failed. Dec 12 04:49:34 node100.yinzhengjie.com systemd[1]: Unit certmonger.service entered failed state. Dec 12 04:49:34 node100.yinzhengjie.com systemd[1]: certmonger.service failed. Dec 12 04:49:34 node100.yinzhengjie.com polkitd[3005]: Unregistered Authentication Agent for unix-process:31841:148777 (system bu Dec 12 04:49:39 node100.yinzhengjie.com polkitd[3005]: Registered Authentication Agent for unix-process:31850:149247 (system bus Dec 12 04:49:39 node100.yinzhengjie.com systemd[1]: Starting Certificate monitoring and PKI enrollment... -- Subject: Unit certmonger.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit certmonger.service has begun starting up. Dec 12 04:49:39 node100.yinzhengjie.com certmonger[31856]: 2018-12-12 04:49:39 [31856] Unable to set well-known bus name "org.fed Dec 12 04:49:39 node100.yinzhengjie.com certmonger[31856]: Error connecting to D-Bus. Dec 12 04:49:39 node100.yinzhengjie.com systemd[1]: certmonger.service: main process exited, code=exited, status=1/FAILURE Dec 12 04:49:39 node100.yinzhengjie.com systemd[1]: Failed to start Certificate monitoring and PKI enrollment. -- Subject: Unit certmonger.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit certmonger.service has failed. -- -- The result is failed. Dec 12 04:49:39 node100.yinzhengjie.com systemd[1]: Unit certmonger.service entered failed state. Dec 12 04:49:39 node100.yinzhengjie.com systemd[1]: certmonger.service failed. Dec 12 04:49:39 node100.yinzhengjie.com polkitd[3005]: Unregistered Authentication Agent for unix-process:31850:149247 (system bu [root@node100 ~]#