2018-09-03T06:26:26Z DEBUG stderr=Job for certmonger.service failed because the control process exited with error code. See "systemctl status certmonger.service" and "journalctl -xe" for details.
2018-09-03T06:26:26Z DEBUG Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 504, in start_creation
run_step(full_msg, method)
File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 494, in run_step
method()
File "/usr/lib/python2.7/site-packages/ipaserver/install/dogtaginstance.py", line 250, in configure_certmonger_renewal
cmonger.start()
File "/usr/lib/python2.7/site-packages/ipaplatform/base/services.py", line 294, in start
skip_output=not capture_output)
File "/usr/lib/python2.7/site-packages/ipapython/ipautil.py", line 542, in run
raise CalledProcessError(p.returncode, arg_string, str(output))
CalledProcessError: Command '/bin/systemctl start certmonger.service' returned non-zero exit status 1
2018-09-03T06:26:26Z DEBUG [error] CalledProcessError: Command '/bin/systemctl start certmonger.service' returned non-zero exit status 1
2018-09-03T06:26:26Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 172, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/cli.py", line 333, in run
cfgr.run()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 368, in run
self.execute()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 392, in execute
for _nothing in self._executor():
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 424, in __runner
step()
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 421, in <lambda>
step = lambda: next(self.__gen)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 658, in _configure
next(executor)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 434, in __runner
exc_handler(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 463, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 521, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 518, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python2.7/site-packages/ipapython/install/core.py", line 453, in _handle_exception
six.reraise(*exc_info)
[5/5]: configuring ipa-custodia to start on boot
大致的意思就是说freeipa 的certmonger 服务没有启动成功。
运行systemctl status certmonger.service 看看啥原因。
[root@ipa-master ~]# /bin/systemctl status certmonger.service
● certmonger.service - Certificate monitoring and PKI enrollment
Loaded: loaded (/usr/lib/systemd/system/certmonger.service; enabled; vendor preset: disabled)
Active: failed (Result: exit-code) since 一 2018-09-03 14:27:45 CST; 5s ago
Process: 13213 ExecStart=/usr/sbin/certmonger -S -p /var/run/certmonger.pid -n $OPTS (code=exited, status=1/FAILURE)
Main PID: 13213 (code=exited, status=1/FAILURE)
9月 03 14:27:45 ipa-master.finup.com systemd[1]: Starting Certificate monitoring and PKI enrollment...
9月 03 14:27:45 ipa-master.finup.com certmonger[13213]: 2018-09-03 14:27:45 [13213] Unable to set well-known bus name "org.fedorahosted.certmonger...le(-1).
9月 03 14:27:45 ipa-master.finup.com certmonger[13213]: Error connecting to D-Bus.
9月 03 14:27:45 ipa-master.finup.com systemd[1]: certmonger.service: main process exited, code=exited, status=1/FAILURE
9月 03 14:27:45 ipa-master.finup.com systemd[1]: Failed to start Certificate monitoring and PKI enrollment.
9月 03 14:27:45 ipa-master.finup.com systemd[1]: Unit certmonger.service entered failed state.
9月 03 14:27:45 ipa-master.finup.com systemd[1]: certmonger.service failed.
根据这个问题google下。查到一个命令 certmonger -S -d 10
运行下发现问题了 。
2018-09-03 14:31:30 [13226] CA5('local').encryption_certs starts (NEED_TO_REFRESH)
2018-09-03 14:31:30 [13226] Adding disabled DBus watch on FD 7 (for Write) for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Adding a watch group for FD 7 for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Dequeuing FD 7 for 0x5604cd6ff700:(nil).
2018-09-03 14:31:30 [13226] Not queuing FD 7 for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Adding enabled DBus watch on FD 7 (for Read) for 0x5604cd6ff700.
2018-09-03 14:31:30 [13226] Dequeuing FD 7 for 0x5604cd6ff700:(nil).
2018-09-03 14:31:30 [13226] Queuing FD 7 for Read for 0x5604cd6ff700:0x5604cd7024b0.
2018-09-03 14:31:30 [13226] Unable to set well-known bus name "org.fedorahosted.certmonger": Connection ":1.57" is not allowed to own the service "org.fedorahosted.certmonger" due to security policies in the configuration file(-1).
Error connecting to D-Bus.
原来跟这个dbus服务有管。
重启systemctl restart dbus.socket和systemctl restart dbus.service
ok
重新安装ipa-server 解决。。
网友评论