Dave McGinnis's questions

我正在尝试设置一个简单的流浪盒来使用 FreeIPA 进行测试。我使用的是 CentOS 7 映像，并在盒子中安装了最少的额外东西，并使用一个非常简单的 FreeIPA 定义开始。我尝试过使用简单的 shell 命令，也尝试过使用ansible-freeipa。在这两种情况下，我都看到了相同的错误，尽管它发生的频率似乎不同。在简单的 shell 命令中，它只有大约 50% 的时间失败，但使用 Ansible 似乎是 100%。

失败给了我一个类似下面的错误。

fatal: [ipaserver.test.hadoop.com]: FAILED! => {"changed": false, "module_stderr": "Shared connection to ipaserver.test.hadoop.com closed.\r\n", "module_stdout": "\u001b[?1034hTraceback (most recent call last):\r\n File "/root/.ansible/tmp/ansible-tmp-1583188576.27-186488091977372/AnsiballZ_ipaserver_setup_ca.py", line 102, in \r\n _ansiballz_main()\r\n File "/root/.ansible/tmp/ansible-tmp-1583188576.27-186488091977372/AnsiballZ_ipaserver_setup_ca.py", line 94, in _ansiballz_main\r\n invoke_module(zipped_mod, temp_path, ANSIBALLZ_PARAMS)\r\n File "/root/.ansible/tmp/ansible-tmp-1583188576.27-186488091977372/AnsiballZ_ipaserver_setup_ca.py", line 40, in invoke_module\r\n runpy.run_module(mod_name='ansible.modules.ipaserver_setup_ca', init_globals=None, run_name='main', alter_sys=True)\r\n File "/usr/lib64/python2.7/runpy.py", line 176, in run_module\r\n fname, loader, pkg_name)\r\n File "/usr/lib64/python2.7/runpy.py", line 82, in _run_module_code\r\n mod_name, mod_fname, mod_loader, pkg_name)\r\n File "/usr/lib64/python2.7/runpy.py", line 72, in _run_code\r\n exec code in run_globals\r\n File "/tmp/ansible_ipaserver_setup_ca_payload_Pc9wnM/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py", line 354, in \r\n File "/tmp/ansible_ipaserver_setup_ca_payload_Pc9wnM/ansible_ipaserver_setup_ca_payload.zip/ansible/modules/ipaserver_setup_ca.py", line 345, in main\r\n File "/usr/lib/python2.7/site-packages/ipaserver/install/ca.py", line 391, in install_step_1\r\n ca.start('pki-tomcat')\r\n File "/usr/lib/python2.7/site-packages/ipaserver/install/service.py", line 464, in start\r\n self.service.start(instance_name, capture_output=capture_output, wait=wait)\r\n File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 192, in start\r\n self.wait_until_running()\r\n File "/usr/lib/python2.7/site-packages/ipaplatform/redhat/services.py", line 186, in wait_until_running\r\n raise RuntimeError('CA did not start in %ss' % timeout)\r\nRuntimeError: CA did not start in 300.0s\r\n", "msg": "MODULE FAILURE\nSee stdout/stderr for the exact error", "rc": 1}

查看 /var/log/messages，我看到错误发生在系统时间 23:25 到 23:27 之间的某个时间。根据错误，在重新启动 CA 时会发生这种情况。它似乎在第一次启动时就可以正常启动。

Mar 2 23:25:42 localhost systemd: Stopped PKI Tomcat Server pki-tomcat.
Mar 2 23:25:43 localhost systemd: Starting PKI Tomcat Server pki-tomcat...
Mar 2 23:26:13 localhost pkidaemon: -----------------------
Mar 2 23:26:13 localhost pkidaemon: Banner is not installed
Mar 2 23:26:13 localhost pkidaemon: -----------------------
Mar 2 23:27:07 localhost pkidaemon: ----------------------
Mar 2 23:27:08 localhost pkidaemon: Enabled all subsystems
Mar 2 23:27:08 localhost pkidaemon: ----------------------
Mar 2 23:27:18 localhost systemd: pki-tomcatd@pki-tomcat.service start-pre operation timed out. Terminating.
Mar 2 23:27:18 localhost systemd: Failed to start PKI Tomcat Server pki-tomcat.
Mar 2 23:27:18 localhost systemd: Unit pki-tomcatd@pki-tomcat.service entered failed state.
Mar 2 23:27:18 localhost systemd: pki-tomcatd@pki-tomcat.service failed.

但是，当我查看 PKI 日志时，在此时间范围内没有任何内容。这些是 /var/log/pki/pki-ca-spawn.20200302231442.log 中的最后几行：

2020-03-02 23:18:32 pkispawn : INFO END spawning subsystem 'CA' of instance 'pki-tomcat'
2020-03-02 23:18:32 pkispawn : INFO ... archiving configuration into '/var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20200302231442'
2020-03-02 23:18:32 pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20200302231442
2020-03-02 23:18:32 pkispawn : DEBUG ........... chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20200302231442
2020-03-02 23:18:32 pkispawn : DEBUG ........... chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_deployment.cfg.20200302231442
2020-03-02 23:18:32 pkispawn : INFO ... archiving manifest into '/var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20200302231442'
2020-03-02 23:18:32 pkispawn : INFO ....... cp -p /etc/sysconfig/pki/tomcat/pki-tomcat/ca/manifest /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20200302231442
2020-03-02 23:18:32 pkispawn : DEBUG ........... chmod 660 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20200302231442
2020-03-02 23:18:32 pkispawn : DEBUG ........... chown 17:17 /var/log/pki/pki-tomcat/ca/archive/spawn_manifest.20200302231442

/var/log/pki/pki-tomcat/ca/debug 相同：

[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: getConn: mNumConns now 4
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: returnConn: mNumConns now 5
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: In LdapBoundConnFactory::getConn()
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: masterConn is connected: true
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: getConn: conn is connected true
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: getConn: mNumConns now 4
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: returnConn: mNumConns now 5
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: CMSServlet.java: renderTemplate
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: CMSServlet.java: xml parameter detected, returning xml
[02/Mar/2020:23:25:00][http-bio-8080-exec-14]: CMSServlet: curDate=Mon Mar 02 23:25:00 UTC 2020 id=caDisplayCertFromRequest time=144

/var/log/pki/pki-tomcat/ca/system 有一些错误，但在 23:25 之后没有：

0.localhost-startStop-1 - [02/Mar/2020:23:15:08 UTC] [13] [3] authz instance DirAclAuthz initialization failed and skipped, error=Property internaldb.ldapconn.port missing value
0.http-bio-8443-exec-3 - [02/Mar/2020:23:17:53 UTC] [3] [3] CASigningUnit: Object certificate not found. Error Certificate object not found
0.http-bio-8443-exec-3 - [02/Mar/2020:23:17:54 UTC] [11] [3] UGSubsystem: Get User Error netscape.ldap.LDAPException: error result (32); matchedDN = ou=People,o=ipaca
0.Thread-16 - [02/Mar/2020:23:25:00 UTC] [8] [3] Publishing: Could not publish certificate serial number 0x7. Error Failed to publish using rule: No rules enabled

我不知道是什么原因造成的。有任何想法吗？vagrant 文件和 hosts 文件都位于下面的 GitHub 存储库中：https ://github.com/davidov541/HadoopOnVagrant/tree/AnsibleRetrofit/FreeIPA

我正在尝试在 CentOS 7 节点上安装 FreeIPA 服务器。从一个干净的图像开始，我正在运行以下代码（不包括一些不相关的部分）：

        echo 'LANG=en_US.utf-8' >> /etc/environment
        echo 'LC_ALL=en_US.utf-8' >> /etc/environment

        yum -y install epel-release npm wget net-tools patch sbt python36u python36u-devel krb5-devel
        yum -y install python36u-pip

        yum install -y ipa-server

        systemctl start named
        systemctl enable named

        ln -s /bin/pip3.6 /bin/pip
        pip install --upgrade pip
        pip install kdcproxy ipaplatform gssapi ipalib

        ipa-server-install -p directoryManagerAdmin -a kerberosAdmin --ip-address=$ipaddress -n test.hadoop.com -r TEST.HADOOP.COM --mkhomedir -U

ipa-server-install 正常工作，直到它开始尝试使用 Web API 的部分。此时，由于内部服务器错误，它失败了。查看 /var/log/httpd/error_log 的日志，我发现以下错误重复了多次。

[Thu Jul 25 19:26:30.952879 2019] [wsgi:error] [pid 2934] mod_wsgi (pid=2934): Failed to exec Python script file '/usr/share/ipa/wsgi.py'.
[Thu Jul 25 19:26:30.952929 2019] [wsgi:error] [pid 2934] mod_wsgi (pid=2934): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Thu Jul 25 19:26:30.953372 2019] [wsgi:error] [pid 2934] Traceback (most recent call last):
[Thu Jul 25 19:26:30.953402 2019] [wsgi:error] [pid 2934]   File "/usr/share/ipa/wsgi.py", line 48, in <module>
[Thu Jul 25 19:26:30.953406 2019] [wsgi:error] [pid 2934]     api.bootstrap(context='server', confdir=paths.ETC_IPA, log=None)
[Thu Jul 25 19:26:30.953414 2019] [wsgi:error] [pid 2934]   File "/lib/python3.6/site-packages/ipalib/plugable.py", line 494, in bootstrap
[Thu Jul 25 19:26:30.953417 2019] [wsgi:error] [pid 2934]     raise errors.SystemEncodingError(encoding=fse)
[Thu Jul 25 19:26:30.953432 2019] [wsgi:error] [pid 2934] ipalib.errors.SystemEncodingError: System encoding must be UTF-8, 'ascii' is not supported. Set LC_ALL="C.UTF-8", or LC_ALL="" and LC_CTYPE="C.UTF-8".

我已经尝试设置 LC_ALL 和 LANG（如脚本中所示），但它仍然出现。我需要做些什么来解决这个问题，以便服务器的 Web API 能够正常工作？

编辑：根据@abbra @michael-hampton 的建议，我恢复了对 Python 问题的修复。请参阅下文了解我正在运行的新命令集，以及我在 httpd/error_log 中看到的错误之一。请注意，我也看到其他包丢失，但它们都相似。

        yum -y install epel-release npm wget net-tools patch sbt krb5-devel

        yum install -y ipa-server

        systemctl start named
        systemctl enable named

/var/log/httpd/error_log 中的输出：

[Fri Jul 26 14:20:03.334411 2019] [wsgi:error] [pid 2894] mod_wsgi (pid=2894): Failed to exec Python script file '/usr/share/ipa/wsgi.py'.
[Fri Jul 26 14:20:03.334456 2019] [wsgi:error] [pid 2894] mod_wsgi (pid=2894): Exception occurred processing WSGI script '/usr/share/ipa/wsgi.py'.
[Fri Jul 26 14:20:03.334675 2019] [wsgi:error] [pid 2894] Traceback (most recent call last):
[Fri Jul 26 14:20:03.334697 2019] [wsgi:error] [pid 2894]   File "/usr/share/ipa/wsgi.py", line 43, in <module>
[Fri Jul 26 14:20:03.334701 2019] [wsgi:error] [pid 2894]     from ipaplatform.paths import paths
[Fri Jul 26 14:20:03.334716 2019] [wsgi:error] [pid 2894] ModuleNotFoundError: No module named 'ipaplatform'

我正在尝试自动化一些配置，作为其中的一部分，我们需要通过脚本添加 ODBC DSN。我尝试使用的驱动程序是 Cloudera Impala ODBC 连接器，从这里下载。它将运行的所有机器都将运行 Windows，其中大多数是 Windows 8.1 或 10。我已经在 Windows 7（如果可能）和 Windows 10 上测试了以下所有内容，结果相同。我可以在这台机器上手动创建一个 DSN，所以驱动程序似乎安装正确。我还用用户 DSN 和系统 DSN 尝试了所有这些，但没有运气。

根据这里，有三种方法可以做到这一点。第一个是直接弄乱注册表，如果可能的话，我想避免这种情况。

第二个是使用odbcconf。问题是，当我在 Windows 7 和 Windows 10 上运行以下命令时，它会出现一个 ODBC 管理员的配置窗口，但我指定的值都没有填写。如果我为 SQL Server 创建一个 DSN，这个但是，确实有效，因此它似乎是特定于驱动程序的。我已经仔细检查过我设置正确，但甚至名称都没有设置。请参阅下面的屏幕截图以了解它的外观。

odbcconf CONFIGSYSDSN "Cloudera ODBC Driver for Impala" "DSN=Testing|Server=server"

打开的窗口的屏幕截图

第三种是使用Powershell CmdLet，Add-OdbcDsn。当我为 SQL Server 或 Cloudera Impala 运行以下命令时，它只是挂起，即使 10 分钟后也不会返回。Powershell 的资源使用量基本上为 0，而且我没有看到系统上有任何活动。没有 DSN 显示在 ODBC 管理器中。

Add-OdbcDsn -Name "testing" -Driver "SQL Server" -DsnType "System"

关于如何解决其中任何一个问题以便我继续前进的任何想法？