大家好,又见面了,我是你们的朋友全栈君。
zabbix是基于WEB界面提供分布式系统监视以及网络监视功能的企业级开源解决方案,能监视各种网络参数,保证服务器系统的安全运营;并提供灵活的通知机制以让系统管理员快速定位/解决存在的各种问题。
做为开源用户的支持者,我们大部分环境用的软件包含监控软件、数据库、继承应用、操作系统等都是用开源的,例如centos、PG、zabbix、openshift等,但是开源的在成熟度上是不错,但是安装软件有时比较麻烦,例如centos的安全开关,默认情况下会导致我们在安装openshift、zabbix等导致失败,而错误日志提示往往与实际十万三千里,但是有经验的在安装完系统后会有意识性的去修改配置,避免不必要的问题,
如下问题:
在安装配置好zabbix后无法正常启动,原因是SELINUX设置问题导致启动失败,
故障分析:
[root@localhost zabbix]# systemctl start zabbix-server.service
Job for zabbix-server.service failed because a configured resource limit was exceeded. See “systemctl status zabbix-server.service” and “journalctl -xe” for details.
[root@localhost zabbix]# journalctl -xe
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit zabbix-server.service has begun starting up.
1月 07 15:21:17 localhost.localdomain systemd[1]: PID file /run/zabbix/zabbix_server.pid not readable (yet?) after start.
1月 07 15:21:17 localhost.localdomain systemd[1]: zabbix-server.service never wrote its PID file. Failing.
1月 07 15:21:17 localhost.localdomain systemd[1]: Failed to start Zabbix Server.
— Subject: Unit zabbix-server.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit zabbix-server.service has failed.
—
— The result is failed.
1月 07 15:21:17 localhost.localdomain systemd[1]: Unit zabbix-server.service entered failed state.
1月 07 15:21:17 localhost.localdomain systemd[1]: zabbix-server.service failed.
1月 07 15:21:17 localhost.localdomain polkitd[804]: Unregistered Authentication Agent for unix-process:6787:8831344 (system bus name
1月 07 15:21:24 localhost.localdomain polkitd[804]: Registered Authentication Agent for unix-process:6797:8832061 (system bus name :
1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service holdoff time over, scheduling restart.
1月 07 15:21:27 localhost.localdomain systemd[1]: Starting Zabbix Server…
— Subject: Unit zabbix-server.service has begun start-up
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
— Unit zabbix-server.service has begun starting up.
1月 07 15:21:27 localhost.localdomain systemd[1]: PID file /run/zabbix/zabbix_server.pid not readable (yet?) after start.
1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service never wrote its PID file. Failing.
1月 07 15:21:27 localhost.localdomain systemd[1]: Failed to start Zabbix Server.
— Subject: Unit zabbix-server.service has failed
— Defined-By: systemd
— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
—
— Unit zabbix-server.service has failed.
—
— The result is failed.
1月 07 15:21:27 localhost.localdomain systemd[1]: Unit zabbix-server.service entered failed state.
1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service failed.
1月 07 15:21:27 localhost.localdomain polkitd[804]: Unregistered Authentication Agent for unix-process:6797:8832061 (system bus name
lines 1907-1944/1944 (END)
Last login: Tue Jan 7 23:24:43 2020 from 10.100.81.67
查看 zabbix 日志分析:
发现日志提示权限问题:
5966:20200107:145500.376 using configuration file: /etc/zabbix/zabbix_server.conf
5966:20200107:145500.376 cannot set resource limit: [13] Permission denied
5966:20200107:145500.376 cannot disable core dump, exiting…
5976:20200107:145506.314 Starting Zabbix Server. Zabbix 4.4.4 (revision 3131fdac04
问题根源分析:
[root@localhost logs]# getenforce
Enforcing——这时发现selinux的配置是Enforcing
[root@localhost logs]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@localhost logs]# cd /etc/selinux
[root@localhost selinux]# ls
config final semanage.conf targeted tmp
直接把selinux 关掉如下:
[root@localhost selinux]# vi config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing – SELinux security policy is enforced.
permissive – SELinux prints warnings instead of enforcing.
disabled – No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE= can take one of three two values:
targeted – Targeted processes are protected,
minimum – Modification of targeted policy. Only selected processes are protected.
mls – Multi Level Security protection.
SELINUXTYPE=targeted
优化修改SELINUX=disabled
[root@localhost selinux]# vi config
#This file controls the state of SELinux on the system.
#SELINUX= can take one of these three values:
#enforcing – SELinux security policy is enforced.
#permissive – SELinux prints warnings instead of enforcing.
#disabled – No SELinux policy is loaded.
SELINUX=disabled
#SELINUXTYPE= can take one of three two values:
#targeted – Targeted processes are protected,
#minimum – Modification of targeted policy. Only selected #processes are protected.
#mls – Multi Level Security protection.
SELINUXTYPE=targeted
重新启动:
[root@localhost ~]# systemctl start zabbix-server.service
[root@localhost ~]# systemctl status zabbix-server.service
● zabbix-server.service – Zabbix Server
Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; disabled; vendor preset: disabled)
Active: active (running) since 二 2020-01-07 15:26:56 CST; 6s ago
Process: 1529 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 1531 (zabbix_server)
CGroup: /system.slice/zabbix-server.service
└─1531 /usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf
1月 07 15:26:56 localhost.localdomain systemd[1]: Starting Zabbix Server…
1月 07 15:26:56 localhost.localdomain systemd[1]: zabbix-server.service: Supervising process 1531 which is not our child. …exits.
1月 07 15:26:56 localhost.localdomain systemd[1]: Started Zabbix Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#
因此,一般在安装一些开源软件,如MYSQL、POSTGRES、zabbix、openshift等,在安装前先检查下系统对应版本是否与需安装的软件兼容性、在检查下下,防火墙、安全等是否开启,如下:
1、iptables开启和关闭
2、SELinux开启和关闭
3、CentOS 6和CentOS 7 firewalld防火墙的开与关等
发布者:全栈程序员-用户IM,转载请注明出处:https://javaforall.cn/151184.html原文链接:https://javaforall.cn
【正版授权,激活自己账号】: Jetbrains全家桶Ide使用,1年售后保障,每天仅需1毛
【官方授权 正版激活】: 官方授权 正版激活 支持Jetbrains家族下所有IDE 使用个人JB账号...
