我在 kubernetes 中部署 FreeIPA 时遇到了问题。我使用的是基于 rocky 9 的提供镜像,但这个问题也发生在其他镜像上(基于 fedora、CentOS 等)。部署它时,我的本地 docker 工作正常,但 kubernetes 却不行。这是我使用的描述容器的 yaml 部分:
containers:
- env:
- name: IPA_SERVER_HOSTNAME
value: ipa.example.com
- name: IPA_SERVER_IP
value: ""
- name: IPA_SERVER_INSTALL_OPTS
value: -U --setup-dns --no-forwarders --no-ntp -r example.com
- name: PASSWORD
valueFrom:
secretKeyRef:
key: admin-password
name: freeipa-password
image: freeipa/freeipa-server:rocky-9
name: freeipa
args:
- "ipa-server-install"
resources:
limits:
cpu: 1000m
memory: 8Gi
requests:
cpu: 300m
memory: 2Gi
securityContext:
allowPrivilegeEscalation: true
capabilities:
drop:
- ALL
privileged: true
readOnlyRootFilesystem: false
我没有包括一些日志部分,例如公开端口等。安装一切顺利,直到它尝试启动 certmonger.service 以配置 pki-tomcatd:
2024-03-15 [error] CalledProcessError: CalledProcessError(Command ['/bin/systemctl', 'start', 'certmonger.service'] returned non-zero exit status 1: 'Job for certmonger.service failed because the control process exited with error code.\nSee "systemctl status certmonger.service" and "journalctl -xeu certmonger.service" for details.\n')
2024-03-15 FreeIPA server configuration failed.
journalctl -xeu certmonger.service 包含以下信息:
Mar 15 09:11:29 freeipa-statefulset-0 certmonger[3652]: 2024-03-15 09:11:29 [3652] Changing to root directory.
Mar 15 09:11:29 freeipa-statefulset-0 certmonger[3652]: 2024-03-15 09:11:29 [3652] Obtaining system lock.
Mar 15 09:11:30 freeipa-statefulset-0 certmonger[3652]: 2024-03-15 09:11:30 [3652] Error connecting to system bus.
Mar 15 09:11:30 freeipa-statefulset-0 certmonger[3652]: Error connecting to D-Bus.
Mar 15 09:11:30 freeipa-statefulset-0 certmonger[3652]: Please verify that the certmonger service is still running.
Mar 15 09:11:30 freeipa-statefulset-0 systemd[1]: certmonger.service: Main process exited, code=exited, status=1/FAILURE
因此,显然 dbus 由于某种原因无法启动。以下是 systemctl status dbus 的输出:
Mar 15 09:11:29 freeipa-statefulset-0 dbus-broker-launch[3646]: main @ ../src/launch/main.c +178Mar 15 09:11:29 freeipa-statefulset-0 dbus-broker-launch[3646]: Exiting due to fatal error: -107Mar 15 09:11:29 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Main process exited, code=exited, status=1/FAILUREMar 15 09:11:29 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Failed with result 'exit-code'.Mar 15 09:11:29 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Start request repeated too quickly.Mar 15 09:11:29 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Failed with result 'exit-code'.Mar 15 09:11:29 freeipa-statefulset-0 systemd[1]: Failed to start D-Bus System Message Bus.Mar 15 09:11:30 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Start request repeated too quickly.Mar 15 09:11:30 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Failed with result 'exit-code'.Mar 15 09:11:30 freeipa-statefulset-0 systemd[1]: Failed to start D-Bus System Message Bus.
以下是来自 dbus 上的 journalctl 的更多信息:
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Failed with result 'exit-code'.
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: Starting D-Bus System Message Bus...
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: Started D-Bus System Message Bus.
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[272]: ERROR sockopt_get_peersec @ ../src/util/sockopt.c +41: Invalid argument
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[272]: broker_new @ ../src/broker/broker.c +105
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[272]: run @ ../src/broker/main.c +261
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[272]: main @ ../src/broker/main.c +295
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[271]: ERROR service_add @ ../src/launch/service.c +921: Transport endpoint is not connected
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[271]: launcher_add_services @ ../src/launch/launcher.c +804
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[271]: launcher_run @ ../src/launch/launcher.c +1409
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[271]: run @ ../src/launch/main.c +152
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[271]: main @ ../src/launch/main.c +178
Mar 15 09:05:41 freeipa-statefulset-0 dbus-broker-launch[271]: Exiting due to fatal error: -107
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Main process exited, code=exited, status=1/FAILURE
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Failed with result 'exit-code'.
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Start request repeated too quickly.
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: dbus-broker.service: Failed with result 'exit-code'.
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: Failed to start D-Bus System Message Bus.
Mar 15 09:05:41 freeipa-statefulset-0 systemd[1]: dbus.socket: Failed with result 'service-start-limit-hit'.
我尝试手动启动 dbus.service,但失败并出现相同错误。我还注意到 dbus.socket 也启动失败,但可以手动成功启动。有什么可能的解决方法可以使 dbus 正常工作,为什么它一开始就无法启动?