polkit启动失败_zabbix4.4 启动失败分析

zabbix是基于WEB界面提供分布式系统监视以及网络监视功能的企业级开源解决方案，能监视各种网络参数，保证服务器系统的安全运营；并提供灵活的通知机制以让系统管理员快速定位/解决存在的各种问题。

做为开源用户的支持者，我们大部分环境用的软件包含监控软件、数据库、继承应用、操作系统等都是用开源的，例如centos、PG、zabbix、openshift等，但是开源的在成熟度上是不错，但是安装软件有时比较麻烦，例如centos的安全开关，默认情况下会导致我们在安装openshift、zabbix等导致失败，而错误日志提示往往与实际十万三千里，但是有经验的在安装完系统后会有意识性的去修改配置，避免不必要的问题，

如下问题：

在安装配置好zabbix后无法正常启动，原因是SELINUX设置问题导致启动失败，

故障分析：

[root@localhost zabbix]# systemctl start zabbix-server.service

Job for zabbix-server.service failed because a configured resource limit was exceeded. See “systemctl status zabbix-server.service” and “journalctl -xe” for details.

[root@localhost zabbix]# journalctl -xe

— Defined-By: systemd

— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

—

— Unit zabbix-server.service has begun starting up.

1月 07 15:21:17 localhost.localdomain systemd[1]: PID file /run/zabbix/zabbix_server.pid not readable (yet?) after start.

1月 07 15:21:17 localhost.localdomain systemd[1]: zabbix-server.service never wrote its PID file. Failing.

1月 07 15:21:17 localhost.localdomain systemd[1]: Failed to start Zabbix Server.

— Subject: Unit zabbix-server.service has failed

— Defined-By: systemd

— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

—

— Unit zabbix-server.service has failed.

—

— The result is failed.

1月 07 15:21:17 localhost.localdomain systemd[1]: Unit zabbix-server.service entered failed state.

1月 07 15:21:17 localhost.localdomain systemd[1]: zabbix-server.service failed.

1月 07 15:21:17 localhost.localdomain polkitd[804]: Unregistered Authentication Agent for unix-process:6787:8831344 (system bus name

1月 07 15:21:24 localhost.localdomain polkitd[804]: Registered Authentication Agent for unix-process:6797:8832061 (system bus name :

1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service holdoff time over, scheduling restart.

1月 07 15:21:27 localhost.localdomain systemd[1]: Starting Zabbix Server…

— Subject: Unit zabbix-server.service has begun start-up

— Defined-By: systemd

— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

— Unit zabbix-server.service has begun starting up.

1月 07 15:21:27 localhost.localdomain systemd[1]: PID file /run/zabbix/zabbix_server.pid not readable (yet?) after start.

1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service never wrote its PID file. Failing.

1月 07 15:21:27 localhost.localdomain systemd[1]: Failed to start Zabbix Server.

— Subject: Unit zabbix-server.service has failed

— Defined-By: systemd

— Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel

—

— Unit zabbix-server.service has failed.

—

— The result is failed.

1月 07 15:21:27 localhost.localdomain systemd[1]: Unit zabbix-server.service entered failed state.

1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service failed.

1月 07 15:21:27 localhost.localdomain polkitd[804]: Unregistered Authentication Agent for unix-process:6797:8832061 (system bus name

lines 1907-1944/1944 (END)

Last login: Tue Jan 7 23:24:43 2020 from 10.100.81.67

查看 zabbix 日志分析：

发现日志提示权限问题：

5966:20200107:145500.376 using configuration file: /etc/zabbix/zabbix_server.conf

5966:20200107:145500.376 cannot set resource limit: [13] Permission denied

5966:20200107:145500.376 cannot disable core dump, exiting…

5976:20200107:145506.314 Starting Zabbix Server. Zabbix 4.4.4 (revision 3131fdac04

问题根源分析：

[root@localhost logs]# getenforce

Enforcing——这时发现selinux的配置是Enforcing

[root@localhost logs]# sestatus

SELinux status:                 enabled

SELinuxfs mount:                /sys/fs/selinux

SELinux root directory:         /etc/selinux

Loaded policy name:             targeted

Current mode:                   enforcing

Mode from config file:          enforcing

Policy MLS status:              enabled

Policy deny_unknown status:     allowed

Max kernel policy version:      28

[root@localhost logs]# cd /etc/selinux

[root@localhost selinux]# ls

config  final  semanage.conf  targeted  tmp

直接把selinux 关掉如下：

[root@localhost selinux]# vi config

This file controls the state of SELinux on the system.

SELINUX= can take one of these three values:

enforcing – SELinux security policy is enforced.

permissive – SELinux prints warnings instead of enforcing.

disabled – No SELinux policy is loaded.

SELINUX=disabled

SELINUXTYPE= can take one of three two values:

targeted – Targeted processes are protected,

minimum – Modification of targeted policy. Only selected processes are protected.

mls – Multi Level Security protection.

SELINUXTYPE=targeted

优化修改SELINUX=disabled

[root@localhost selinux]# vi config

#This file controls the state of SELinux on the system.

#SELINUX= can take one of these three values:

#enforcing – SELinux security policy is enforced.

#permissive – SELinux prints warnings instead of enforcing.

#disabled – No SELinux policy is loaded.

SELINUX=disabled

#SELINUXTYPE= can take one of three two values:

#targeted – Targeted processes are protected,

#minimum – Modification of targeted policy. Only selected #processes are protected.

#mls – Multi Level Security protection.

SELINUXTYPE=targeted

重新启动：

[root@localhost ~]# systemctl start zabbix-server.service

[root@localhost ~]# systemctl status zabbix-server.service

● zabbix-server.service – Zabbix Server

Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; disabled; vendor preset: disabled)

Active: active (running) since 二 2020-01-07 15:26:56 CST; 6s ago

Process: 1529 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS)

Main PID: 1531 (zabbix_server)

CGroup: /system.slice/zabbix-server.service

└─1531 /usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf

1月 07 15:26:56 localhost.localdomain systemd[1]: Starting Zabbix Server…

1月 07 15:26:56 localhost.localdomain systemd[1]: zabbix-server.service: Supervising process 1531 which is not our child. …exits.

1月 07 15:26:56 localhost.localdomain systemd[1]: Started Zabbix Server.

Hint: Some lines were ellipsized, use -l to show in full.

[root@localhost ~]#

因此，一般在安装一些开源软件，如MYSQL、POSTGRES、zabbix、openshift等，在安装前先检查下系统对应版本是否与需安装的软件兼容性、在检查下下，防火墙、安全等是否开启，如下：

1、iptables开启和关闭

2、SELinux开启和关闭

3、CentOS 6和CentOS 7 firewalld防火墙的开与关等