Freeipa работала нормально, потом, я думаю, она пыталась обновиться, и теперь у меня непригодная система, и она влияет на другие системы. Я видел эту ошибку в нескольких онлайн-сообщениях, но не могу исправить ни одного исправления.
Когда я запускаю ее вручную:
[root@kdc1 log]# ipa-server-upgrade
Upgrading IPA:. Estimated time: 1 minute 30 seconds
[1/11]: stopping directory server
[2/11]: saving configuration
[3/11]: disabling listeners
[4/11]: enabling DS global lock
[5/11]: disabling Schema Compat
[6/11]: starting directory server
[7/11]: updating schema
[8/11]: upgrading server
[9/11]: stopping directory server
[10/11]: restoring configuration
[11/11]: starting directory server
Done.
Update complete
Upgrading IPA services
Upgrading the configuration of the IPA services
[Verifying that root certificate is published]
[Migrate CRL publish directory]
CRL tree already moved
[Verifying that CA proxy configuration is correct]
[Verifying that KDC configuration is using ipa-kdb backend]
[Fix DS schema file syntax]
Syntax already fixed
[Removing RA cert from DS NSS database]
RA cert already removed
[Enable sidgen and extdom plugins by default]
[Updating HTTPD service IPA configuration]
[Updating HTTPD service IPA WSGI configuration]
Nothing to do for configure_httpd_wsgi_conf
[Updating mod_nss protocol versions]
Protocol versions already updated
[Updating mod_nss cipher suite]
[Updating mod_nss enabling OCSP]
[Fixing trust flags in /etc/httpd/alias]
Trust flags already processed
[Moving HTTPD service keytab to gssproxy]
[Removing self-signed CA]
[Removing Dogtag 9 CA]
[Checking for deprecated KDC configuration files]
[Checking for deprecated backups of Samba configuration files]
[Add missing CA DNS records]
IPA CA DNS records already processed
[Removing deprecated DNS configuration options]
DNS is not configured
[Ensuring minimal number of connections]
DNS is not configured
[Updating GSSAPI configuration in DNS]
DNS is not configured
[Updating pid-file configuration in DNS]
DNS is not configured
DNS is not configured
DNS is not configured
DNS is not configured
DNS is not configured
DNS is not configured
DNS is not configured
DNS is not configured
[Upgrading CA schema]
CA schema update complete (no changes)
[Verifying that CA audit signing cert has 2 year validity]
[Update certmonger certificate renewal configuration]
Failed to get request: bus, object_path and dbus_interface must not be None.
IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
bus, object_path and dbus_interface must not be None.
The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Конец файла журнала (очень long):
2020-03-03T03:51:44Z DEBUG stderr=
2020-03-03T03:51:44Z DEBUG Loading Index file from '/var/lib/ipa/sysrestore/sysrestore.index'
2020-03-03T03:51:44Z DEBUG Starting external process
2020-03-03T03:51:44Z DEBUG args=/usr/bin/certutil -d dbm:/etc/pki/pki-tomcat/alias -L -f /etc/pki/pki-tomcat/alias/pwdfile.txt
2020-03-03T03:51:44Z DEBUG Process finished, return code=0
2020-03-03T03:51:44Z DEBUG stdout=
Certificate Nickname Trust Attributes
SSL,S/MIME,JAR/XPI
caSigningCert cert-pki-ca CTu,Cu,Cu
auditSigningCert cert-pki-ca u,u,Pu
Server-Cert cert-pki-ca u,u,u
ocspSigningCert cert-pki-ca u,u,u
subsystemCert cert-pki-ca u,u,u
2020-03-03T03:51:44Z DEBUG stderr=
2020-03-03T03:51:44Z ERROR Failed to get request: bus, object_path and dbus_interface must not be None.
2020-03-03T03:51:44Z ERROR IPA server upgrade failed: Inspect /var/log/ipaupgrade.log and run command ipa-server-upgrade manually.
2020-03-03T03:51:44Z DEBUG File "/usr/lib/python2.7/site-packages/ipapython/admintool.py", line 178, in execute
return_value = self.run()
File "/usr/lib/python2.7/site-packages/ipaserver/install/ipa_server_upgrade.py", line 56, in run
raise admintool.ScriptError(str(e))
2020-03-03T03:51:44Z DEBUG The ipa-server-upgrade command failed, exception: ScriptError: bus, object_path and dbus_interface must not be None.
2020-03-03T03:51:44Z ERROR bus, object_path and dbus_interface must not be None.
2020-03-03T03:51:44Z ERROR The ipa-server-upgrade command failed. See /var/log/ipaupgrade.log for more information
Я могу запустить команду certutil отдельно, так что, похоже, это не так. Я понятия не имею, в чем проблема, где искать или как я могу это исправить. Предложения