我正在尝试使用 ipa-server-install 命令安装 freeipa-server。在 debian 中从实验存储库安装 freeipa-server 时,发生与 not_valid_after_it 的 not_valid_before_utc 时间相关的错误。是什么原因造成的,如何修复?以下是发生的下载步骤和日志,其中没有找到任何可以提供帮助的信息。
下载阶段。
[1/43]: creating directory server instance
Validate installation settings ...
Create file system structures ...
selinux is disabled, will not relabel ports or files.
Create database backend: dc=zxc,dc=ru ...
Perform post-installation tasks ...
[2/43]: tune ldbm plugin
[3/43]: adding default schema
[4/43]: enabling memberof plugin
[5/43]: enabling winsync plugin
[6/43]: configure password logging
[7/43]: configuring replication version plugin
[8/43]: enabling IPA enrollment plugin
[9/43]: configuring uniqueness plugin
[10/43]: configuring uuid plugin
[11/43]: configuring modrdn plugin
[12/43]: configuring DNS plugin
[13/43]: enabling entryUSN plugin
[14/43]: configuring lockout plugin
[15/43]: configuring graceperiod plugin
[16/43]: configuring topology plugin
[17/43]: creating indices
[18/43]: enabling referential integrity plugin
[19/43]: configuring certmap.conf
[20/43]: configure new location for managed entries
[21/43]: configure dirsrv ccache and keytab
[22/43]: enabling SASL mapping fallback
[23/43]: restarting directory server
[24/43]: adding sasl mappings to the directory
[25/43]: adding default layout
[26/43]: adding delegation layout
[27/43]: creating container for managed entries
[28/43]: configuring user private groups
[29/43]: configuring netgroups from hostgroups
[30/43]: creating default Sudo bind user
[31/43]: creating default Auto Member layout
[32/43]: adding range check plugin
[33/43]: creating default HBAC rule allow_all
[34/43]: adding entries for topology management
[35/43]: initializing group membership
[36/43]: adding master entry
[37/43]: initializing domain level
[38/43]: configuring Posix uid/gid generation
[39/43]: adding replication acis
[40/43]: activating sidgen plugin
[41/43]: activating extdom plugin
[42/43]: configuring directory to start on boot
[43/43]: restarting directory server
Done configuring directory server (dirsrv).
Configuring Kerberos KDC (krb5kdc)
[1/11]: adding kerberos container to the directory
[2/11]: configuring KDC
[3/11]: initialize kerberos container
[4/11]: adding default ACIs
[5/11]: creating a keytab for the directory
[6/11]: creating a keytab for the machine
[7/11]: adding the password extension to the directory
[8/11]: creating anonymous principal
[9/11]: starting the KDC
[10/11]: configuring KDC to start on boot
[11/11]: enable PAC ticket signature support
Done configuring Kerberos KDC (krb5kdc).
Configuring kadmin
[1/2]: starting kadmin
[2/2]: configuring kadmin to start on boot
Done configuring kadmin.
Configuring ipa-custodia
[1/5]: Making sure custodia container exists
[2/5]: Generating ipa-custodia config file
[3/5]: Generating ipa-custodia keys
[4/5]: starting ipa-custodia
[5/5]: configuring ipa-custodia to start on boot
Done configuring ipa-custodia.
Configuring certificate server (pki-tomcatd). Estimated time: 3 minutes
[1/30]: configuring certificate server instance
[2/30]: stopping certificate server instance to update CS.cfg
[3/30]: backing up CS.cfg
[4/30]: Add ipa-pki-wait-running
[5/30]: secure AJP connector
[6/30]: reindex attributes
[7/30]: exporting Dogtag certificate store pin
[8/30]: disabling nonces
[9/30]: set up CRL publishing
[10/30]: enable PKIX certificate path discovery and validation
[11/30]: authorizing RA to modify profiles
[12/30]: authorizing RA to manage lightweight CAs
[13/30]: Ensure lightweight CAs container exists
[14/30]: Ensuring backward compatibility
[15/30]: starting certificate server instance
[16/30]: configure certmonger for renewals
[17/30]: requesting RA certificate from CA
[error] TypeError: Can't instantiate abstract class IPACertificate with abstract methods not_valid_after_utc, not_valid_before_utc
Can't instantiate abstract class IPACertificate with abstract methods not_valid_after_utc, not_valid_before_utc
The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
日志文件
2024-03-28T15:26:22Z DEBUG [17/30]: requesting RA certificate from CA
2024-03-28T15:26:22Z DEBUG Starting external process
2024-03-28T15:26:22Z DEBUG args=['/usr/bin/openssl', 'pkcs7', '-inform', 'DER', '-print_certs', '-out', '/var/lib/ipa/tmpzohnbt8x']
2024-03-28T15:26:22Z DEBUG Process finished, return code=0
2024-03-28T15:26:22Z DEBUG stdout=
2024-03-28T15:26:22Z DEBUG stderr=
2024-03-28T15:26:22Z DEBUG Starting external process
2024-03-28T15:26:22Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nokeys', '-clcerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmp9lk304vz', '-passin', 'file:/tmp/tmp4z3cyt00']
2024-03-28T15:26:22Z DEBUG Process finished, return code=0
2024-03-28T15:26:22Z DEBUG stdout=
2024-03-28T15:26:22Z DEBUG stderr=
2024-03-28T15:26:22Z DEBUG Starting external process
2024-03-28T15:26:22Z DEBUG args=['/usr/bin/openssl', 'pkcs12', '-nocerts', '-in', '/root/ca-agent.p12', '-out', '/var/lib/ipa/tmpdmbxzx35', '-passin', 'file:/tmp/tmpqoy9bgxk', '-nodes']
2024-03-28T15:26:23Z DEBUG Process finished, return code=0
2024-03-28T15:26:23Z DEBUG stdout=
2024-03-28T15:26:23Z DEBUG stderr=
2024-03-28T15:26:31Z DEBUG certmonger request is in state 'GENERATING_KEY_PAIR'
2024-03-28T15:26:31Z DEBUG certmonger request is in state 'SUBMITTING'
2024-03-28T15:26:32Z DEBUG certmonger request is in state 'PRE_SAVE_CERT'
2024-03-28T15:26:33Z DEBUG certmonger request is in state 'POST_SAVED_CERT'
2024-03-28T15:26:36Z DEBUG certmonger request is in state 'MONITORING'
2024-03-28T15:26:36Z DEBUG Cert request 20240328152630 was successful
2024-03-28T15:26:36Z DEBUG Starting external process
2024-03-28T15:26:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2024-03-28T15:26:36Z DEBUG Process finished, return code=1
2024-03-28T15:26:36Z DEBUG stdout=
2024-03-28T15:26:36Z DEBUG stderr=
2024-03-28T15:26:36Z DEBUG Starting external process
2024-03-28T15:26:36Z DEBUG args=['/usr/sbin/selinuxenabled']
2024-03-28T15:26:36Z DEBUG Process finished, return code=1
2024-03-28T15:26:36Z DEBUG stdout=
2024-03-28T15:26:36Z DEBUG stderr=
2024-03-28T15:26:36Z DEBUG Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 672, in run_step
method()
File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 936, in __request_ra_certificate
self.ra_cert = x509.load_certificate_from_file(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipalib/x509.py", line 465, in load_certificate_from_file
return load_pem_x509_certificate(f.read())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipalib/x509.py", line 427, in load_pem_x509_certificate
return IPACertificate(
^^^^^^^^^^^^^^^
TypeError: Can't instantiate abstract class IPACertificate with abstract methods not_valid_after_utc, not_valid_before_utc
2024-03-28T15:26:36Z DEBUG [error] TypeError: Can't instantiate abstract class IPACertificate with abstract methods not_valid_after_utc, not_valid_before_utc
2024-03-28T15:26:36Z DEBUG Removing /root/.dogtag/pki-tomcat/ca
2024-03-28T15:26:36Z DEBUG File "/usr/lib/python3/dist-packages/ipapython/admintool.py", line 180, in execute
return_value = self.run()
^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/cli.py", line 344, in run
return cfgr.run()
^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 360, in run
return self.execute()
^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 386, in execute
for rval in self._executor():
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 435, in __runner
exc_handler(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 468, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 458, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 425, in __runner
step()
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 419, in step_next
return next(self.__gen)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 663, in _configure
next(executor)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 435, in __runner
exc_handler(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 468, in _handle_execute_exception
self._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 526, in _handle_exception
self.__parent._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 458, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 523, in _handle_exception
super(ComponentBase, self)._handle_exception(exc_info)
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 458, in _handle_exception
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 425, in __runner
step()
File "/usr/lib/python3/dist-packages/ipapython/install/core.py", line 419, in step_next
return next(self.__gen)
^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 81, in run_generator_with_yield_from
six.reraise(*exc_info)
File "/usr/lib/python3/dist-packages/six.py", line 719, in reraise
raise value
File "/usr/lib/python3/dist-packages/ipapython/install/util.py", line 59, in run_generator_with_yield_from
value = gen.send(prev_value)
^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipapython/install/common.py", line 65, in _install
for unused in self._installer(self.parent):
File "/usr/lib/python3/dist-packages/ipaserver/install/server/__init__.py", line 566, in main
master_install(self)
File "/usr/lib/python3/dist-packages/ipaserver/install/server/install.py", line 278, in decorated
func(installer)
File "/usr/lib/python3/dist-packages/ipaserver/install/server/install.py", line 914, in install
ca.install_step_0(False, None, options, custodia=custodia)
File "/usr/lib/python3/dist-packages/ipaserver/install/ca.py", line 404, in install_step_0
ca.configure_instance(
File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 506, in configure_instance
self.start_creation(runtime=runtime)
File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 686, in start_creation
run_step(full_msg, method)
File "/usr/lib/python3/dist-packages/ipaserver/install/service.py", line 672, in run_step
method()
File "/usr/lib/python3/dist-packages/ipaserver/install/cainstance.py", line 936, in __request_ra_certificate
self.ra_cert = x509.load_certificate_from_file(
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipalib/x509.py", line 465, in load_certificate_from_file
return load_pem_x509_certificate(f.read())
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
File "/usr/lib/python3/dist-packages/ipalib/x509.py", line 427, in load_pem_x509_certificate
return IPACertificate(
^^^^^^^^^^^^^^^
2024-03-28T15:26:36Z DEBUG The ipa-server-install command failed, exception: TypeError: Can't instantiate abstract class IPACertificate with abstract methods not_valid_after_utc, not_valid_before_utc
2024-03-28T15:26:36Z ERROR Can't instantiate abstract class IPACertificate with abstract methods not_valid_after_utc, not_valid_before_utc
2024-03-28T15:26:36Z ERROR The ipa-server-install command failed. See /var/log/ipaserver-install.log for more information
我尝试在 chrony 中配置 ntp 服务器,并使用 tzdata 和 timedatectl set-timezone UTC 更改时间。NTP 安装无法进行,因为 freeipa-server 停止工作,并且没有 ip-server-install 命令。