Проблема

Не разворачивается контроллер домена

Диагностика

  • при запуске команды:
    aldpro-roles --iud
    проверить ее вывод на наличие сообщений вида:
     	  ID: install_replica
Function: ipa_replica.install
  Result: False
 Comment: Реплика не установлена
 Started: 13:51:13.184517
Duration: 103320.488 ms
 Changes:
          ----------
          stderr:
              Lookup failed: Preferred host cher-tst-ald03.aldtest.asutp does not provide DNS.
              Validate installation settings ...
              Create file system structures ...
              Create self-signed certificate database ...
              selinux is disabled, will not relabel ports or files.
              selinux is disabled, will not relabel ports or files.
              Create database backend: dc=ald,dc=pro ...
              Perform post-installation tasks ...
              Replica DNS records could not be added on master: Insufficient access: Insufficient 'add' privilege to add the entry 'idnsname=dc-02,idnsname=ald.pro.,cn=dns,dc=ald,dc=pro'.
              Custodia uses 'dc-02.ald.pro' as master peer.
              Connect error: (unknown error code)
              The ipa-replica-install command failed. See /var/log/ipareplica-install.log for more information
  • Сопоставить содержимое файла /var/log/freeipa-replica-install.log с указанным ниже:
    freeipa-replica-install.log 
    DEBUG step duration: ipa-custodia __enable 0.47 sec
DEBUG Done configuring ipa-custodia.
DEBUG service duration: ipa-custodia 1.35 sec
DEBUG Loading StateFile from '/var/lib/ipa/sysupgrade/sysupgrade.state'
DEBUG Saving StateFile to '/var/lib/ipa/sysupgrade/sysupgrade.state'
DEBUG   File "/usr/lib/python3/dist-packages/ipapython/admintool.py", line 180, in execute
    return_value = self.run()
  File "/usr/lib/python3/dist-packages/ipapython/install/cli.py", line 340, in run
    return cfgr.run()
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 360, in run
    return self.execute()
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 386, in execute
    for rval in self._executor():
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 431, in __runner
    exc_handler(exc_info)
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 460, in _handle_execute_exception
    self._handle_exception(exc_info)
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 515, in _handle_exception
    super(ComponentBase, self)._handle_exception(exc_info)
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 450, in _handle_exception
    six.reraise(*exc_info)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 421, in __runner
    step()
  File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 418, in <lambda>
    step = lambda: next(self.__gen)
  File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
    six.reraise(*exc_info)
  File "/usr/lib/python3/dist-packages/six.py", line 693, in reraise
    raise value
  File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
    value = gen.send(prev_value)
  File "/usr/lib/python3/dist-packages/ipapython/install/common.py", line 65, in _install
    for unused in self._installer(self.parent):
  File "/usr/lib/python3/dist-packages/ipaserver/install/server/__init__.py", line 608, in main
    replica_install(self)
  File "/usr/lib/python3/dist-packages/ipaserver/install/server/replicainstall.py", line 401, in decorated
    func(installer)
  File "/usr/lib/python3/dist-packages/ipaserver/install/server/replicainstall.py", line 1334, in install
    krb.enable_ssl()
  File "/usr/lib/python3/dist-packages/ipaserver/install/krbinstance.py", line 561, in enable_ssl
    self._wait_for_replica_kdc_entry()
  File "/usr/lib/python3/dist-packages/ipaserver/install/krbinstance.py", line 412, in _wait_for_replica_kdc_entry
    ldap_uri, cacert=paths.IPA_CA_CRT, start_tls=True
  File "/usr/lib/python3/dist-packages/ipapython/ipaldap.py", line 795, in __init__
    self._conn = self._connect()
  File "/usr/lib/python3/dist-packages/ipapython/ipaldap.py", line 1205, in _connect
    conn.start_tls_s()
  File "/usr/lib/python3.7/contextlib.py", line 130, in __exit__
    self.gen.throw(type, value, traceback)
  File "/usr/lib/python3/dist-packages/ipapython/ipaldap.py", line 1137, in error_handler
    raise errors.DatabaseError(desc=desc, info=info)
 
DEBUG The ipa-replica-install command failed, exception: DatabaseError: Connect error: (unknown err
or code)
ERROR Connect error: (unknown error code)

Возможная причина: На КД используются сертификаты, подписанные внешним УЦ . Перейти к решению.

Возможные причины