zabbix是一种基于WEB界面提供分布式系统监控和网络监控功能的企业级开源解决方案,可监控各种网络参数,确保服务器系统的安全运行; 它还提供了灵活的通知机制,以帮助系统管理员快速识别/解决问题。
作为开源用户,zydyd在开源环境中使用了大多数软件,包括监视软件、数据库、继承APP应用程序和操作系统。 例如centos、PG、zabbix、openshift等,虽然开源在成熟度方面很好,但安装软件可能会很麻烦。 例如,centos的安全开关。 默认情况下,openshift、zabbix等安装失败,但错误日志提示通常为实际的10万000英里。 但是,在安装系统后,我有过有意修改配置并避免不必要的问题的经验。
以下问题:
安装和配置zabbix后,由于SELINUX设置问题导致启动失败,无法正常启动。
故障诊断:
[ root @ localhost zabbix ] # systemctlstartzabbix-server.service
jobforzabbix-server.servicefailedbecauseaconfiguredresourcelimitwasexceeded.see ' systemctlstatuszabbbix-server.servier
[ root @ localhost zabbix ] # journal CTL-xe
--defined-by :系统
- support :http://lists.free desktop.org/mailman/listinfo/systemd-devel
--
- unit zabbix-server.servicehasbegunstartingup。
1月07日15336021336017 localhost.localdomainsystemd [1] : pidfile/run/zabbix/zabbix _ server.pidnotreadable (yet
1月07日15336021336017 localhost.localdomainsystemd [1] : zabbix-server.serviceneverwroteitspidfile.failing。
1月07日15336021336017 localhost.localdomainsystemd [1] : failedtostartzabbixserver。
- subject : unit zabbix-server.servicehasfailed
--defined-by :系统
- support :http://lists.free desktop.org/mailman/listinfo/systemd-devel
--
- unit zabbix-server.servicehasfailed。
--
-- The result is failed。
1月07日15336021336017 localhost.localdomainsystemd [1] : unit zabbix-server.serviceenteredfailedstate。
1月07日15336021336017 localhost.localdomainsystemd [1] : zabbix-server.service failed。
1月07日15336021336017 localhost.localdomainpolkitd [ 804 ] : unregisteredauthenticationagentforunix-process 3360678736000
1月07日15336021336024 localhost.localdomainpolkitd [ 804 ] : registeredauthenticationagentforunix-process 33606797360888
1月07日15336021:27 localhost.localdomainsystemd [1] : zabbix-server.serviceholdofftimeover,scheduling restart。
1月07日15336021:27 localhost.localdomainsystemd [1] : startingzabbixserver .
- subject : unit zabbix-server.servicehasbegunstart-up
--defined-by :系统
- support :http://lists.free desktop.org/mailman/listinfo/systemd-devel
/p>-- Unit zabbix-server.service has begun starting up.
1月 07 15:21:27 localhost.localdomain systemd[1]: PID file /run/zabbix/zabbix_server.pid not readable (yet?) after start.
1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service never wrote its PID file. Failing.
1月 07 15:21:27 localhost.localdomain systemd[1]: Failed to start Zabbix Server.
-- Subject: Unit zabbix-server.service has failed
-- Defined-By: systemd
-- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel
--
-- Unit zabbix-server.service has failed.
--
-- The result is failed.
1月 07 15:21:27 localhost.localdomain systemd[1]: Unit zabbix-server.service entered failed state.
1月 07 15:21:27 localhost.localdomain systemd[1]: zabbix-server.service failed.
1月 07 15:21:27 localhost.localdomain polkitd[804]: Unregistered Authentication Agent for unix-process:6797:8832061 (system bus name
lines 1907-1944/1944 (END)
Last login: Tue Jan 7 23:24:43 2020 from 10.100.81.67
查看 zabbix 日志分析:
发现日志提示权限问题:
5966:20200107:145500.376 using configuration file: /etc/zabbix/zabbix_server.conf
5966:20200107:145500.376 cannot set resource limit: [13] Permission denied
5966:20200107:145500.376 cannot disable core dump, exiting...
5976:20200107:145506.314 Starting Zabbix Server. Zabbix 4.4.4 (revision 3131fdac04
问题根源分析:
[root@localhost logs]# getenforce
Enforcing------这时发现selinux的配置是Enforcing
[root@localhost logs]# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 28
[root@localhost logs]# cd /etc/selinux
[root@localhost selinux]# ls
config final semanage.conf targeted tmp
直接把selinux 关掉如下:
[root@localhost selinux]# vi config
This file controls the state of SELinux on the system.
SELINUX= can take one of these three values:
enforcing - SELinux security policy is enforced.
permissive - SELinux prints warnings instead of enforcing.
disabled - No SELinux policy is loaded.
SELINUX=disabled
SELINUXTYPE= can take one of three two values:
targeted - Targeted processes are protected,
minimum - Modification of targeted policy. Only selected processes are protected.
mls - Multi Level Security protection.
SELINUXTYPE=targeted
优化修改SELINUX=disabled
[root@localhost selinux]# vi config
#This file controls the state of SELinux on the system.
#SELINUX= can take one of these three values:
#enforcing - SELinux security policy is enforced.
#permissive - SELinux prints warnings instead of enforcing.
#disabled - No SELinux policy is loaded.
SELINUX=disabled
#SELINUXTYPE= can take one of three two values:
#targeted - Targeted processes are protected,
#minimum - Modification of targeted policy. Only selected #processes are protected.
#mls - Multi Level Security protection.
SELINUXTYPE=targeted
重新启动:
[root@localhost ~]# systemctl start zabbix-server.service
[root@localhost ~]# systemctl status zabbix-server.service
● zabbix-server.service - Zabbix Server
Loaded: loaded (/usr/lib/systemd/system/zabbix-server.service; disabled; vendor preset: disabled)
Active: active (running) since 二 2020-01-07 15:26:56 CST; 6s ago
Process: 1529 ExecStart=/usr/sbin/zabbix_server -c $CONFFILE (code=exited, status=0/SUCCESS)
Main PID: 1531 (zabbix_server)
CGroup: /system.slice/zabbix-server.service
└─1531 /usr/sbin/zabbix_server -c /etc/zabbix/zabbix_server.conf
1月 07 15:26:56 localhost.localdomain systemd[1]: Starting Zabbix Server...
1月 07 15:26:56 localhost.localdomain systemd[1]: zabbix-server.service: Supervising process 1531 which is not our child. ...exits.
1月 07 15:26:56 localhost.localdomain systemd[1]: Started Zabbix Server.
Hint: Some lines were ellipsized, use -l to show in full.
[root@localhost ~]#
因此,一般在安装一些开源软件,如MYSQL、POSTGRES、zabbix、openshift等,在安装前先检查下系统对应版本是否与需安装的软件兼容性、在检查下下,防火墙、安全等是否开启,如下:
1、iptables开启和关闭
2、SELinux开启和关闭
3、CentOS 6和CentOS 7 firewalld防火墙的开与关等