in Linux

FreeIPA安装后Named service无法启动 – RHEL6.5

在RHEL6.5的环境下,安装FreeIPA后Named service无法启动。错误如下:

Configuring DNS (named)
  [1/9]: adding DNS container
  [2/9]: setting up our zone
  [3/9]: setting up reverse zone
  [4/9]: setting up our own record
  [5/9]: setting up kerberos principal
  [6/9]: setting up named.conf
  [7/9]: restarting named
named service failed to start
  [8/9]: configuring named to start on boot
  [9/9]: changing resolv.conf to point to ourselves
Done configuring DNS (named).

检查/var/log/message, 显示如下:

Oct 24 19:15:46 ipa named-sdb[10721]: Failed to parse the principal name DNS/ipa.xionghuilin.com (Configuration file does not specify default realm)
Oct 24 19:15:46 ipa named-sdb[10721]: loading configuration: failure
Oct 24 19:15:46 ipa named-sdb[10721]: exiting (due to fatal error)

参考这个链接, 这个问题的原因可能是chroot导致的某些文件无法正确读取, 标准的解决方案是Howto/FreeIPA with integrated BIND inside chroot,简单的解决方案是卸载bind-chroot软件包。

[root@ipa ~]# yum remove bind-chroot
Loaded plugins: fastestmirror, product-id, subscription-manager
[Errno -2] Name or service not known
Setting up Remove Process
Resolving Dependencies
--> Running transaction check
---> Package bind-chroot.i686 32:9.8.2-0.23.rc1.el6_5.1 will be erased
--> Finished Dependency Resolution
http://vault.centos.org/6.5/os/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'vault.centos.org'"
Trying other mirror.
http://vault.centos.org/6.5/extras/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'vault.centos.org'"
Trying other mirror.
http://vault.centos.org/6.5/updates/i386/repodata/repomd.xml: [Errno 14] PYCURL ERROR 6 - "Couldn't resolve host 'vault.centos.org'"
Trying other mirror.

Dependencies Resolved

=============================================================================================================================================================================================
 Package                                     Arch                                 Version                                                      Repository                               Size
=============================================================================================================================================================================================
Removing:
 bind-chroot                                 i686                                 32:9.8.2-0.23.rc1.el6_5.1                                    @update                                 0.0

Transaction Summary
=============================================================================================================================================================================================
Remove        1 Package(s)

Installed size: 0
Is this ok [y/N]: y
Downloading Packages:
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
  Erasing    : 32:bind-chroot-9.8.2-0.23.rc1.el6_5.1.i686                                                                                                                                1/1
Loading mirror speeds from cached hostfile
  Verifying  : 32:bind-chroot-9.8.2-0.23.rc1.el6_5.1.i686                                                                                                                                1/1

Removed:
  bind-chroot.i686 32:9.8.2-0.23.rc1.el6_5.1

Complete!

卸载bind-chroot软件包后重新启动named

[root@ipa ~]# service named status
rndc: connect failed: 127.0.0.1#953: connection refused
named-sdb is stopped
[root@ipa ~]# service named start
Starting named:                                            [  OK  ]
[root@ipa ~]# service named status
version: 9.8.2rc1-RedHat-9.8.2-0.23.rc1.el6_5.1
CPUs found: 2
worker threads: 2
number of zones: 21
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
recursive clients: 0/0/1000
tcp clients: 0/100
server is up and running
named-sdb (pid  658) is running...
[root@ipa ~]# cat /etc/redhat-release
Red Hat Enterprise Linux Server release 6.5 (Santiago)
[root@ipa ~]#
[root@ipa ~]# ipactl status
Directory Service: RUNNING
KDC Service: RUNNING
KPASSWD Service: RUNNING
DNS Service: RUNNING
MEMCACHE Service: RUNNING
HTTP Service: RUNNING
CA Service: RUNNING
[root@ipa ~]#

Reference

freeipa(1)服务器搭建
Bug 742875 – named fails to start after installing ipa server when short hostname preceeds fqdn in /etc/hosts.
RedHat搭建IPA-Server
Re: [Freeipa-users] RHEL 6.4 , IPA 3.0 and bind-chroot
Howto/FreeIPA with integrated BIND inside chroot

Write a Comment

Comment