##
揭秘导致MongoDB服务启动失败的幕后黑手
1、mongod 状态
[root@mydb ~]# systemctl status mongod
× mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; disabled; preset: disabled)
Active: failed (Result: exit-code) since Sun 2024-07-14 16:34:42 CST; 2s ago
Duration: 10ms
Docs: https://docs.mongodb.org/manual
Process: 1808 ExecStart=/mongodb/app/mongodb/bin/mongod $OPTIONS (code=exited, status=203/EXEC)
Main PID: 1808 (code=exited, status=203/EXEC)
CPU: 2ms
Jul 14 16:34:42 mydb systemd[1]: Started MongoDB Database Server.
Jul 14 16:34:42 mydb systemd[1808]: mongod.service: Failed to locate executable /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:34:42 mydb systemd[1808]: mongod.service: Failed at step EXEC spawning /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:34:42 mydb systemd[1]: mongod.service: Main process exited, code=exited, status=203/EXEC
Jul 14 16:34:42 mydb systemd[1]: mongod.service: Failed with result 'exit-code'.
2、日志信息
Jul 14 16:28:39 mydb systemd[1]: dbus-:1.1-org.fedoraproject.SetroubleshootPrivileged@4.service: Deactivated successfully.
Jul 14 16:28:39 mydb systemd[1]: dbus-:1.1-org.fedoraproject.SetroubleshootPrivileged@4.service: Consumed 1.019s CPU time.
Jul 14 16:28:42 mydb systemd[1]: setroubleshootd.service: Deactivated successfully.
Jul 14 16:28:42 mydb systemd[1]: setroubleshootd.service: Consumed 3.154s CPU time.
Jul 14 16:28:58 mydb systemd[1]: Started mongod.service.
Jul 14 16:28:58 mydb systemd[1613]: mongod.service: Failed to locate executable /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:28:58 mydb systemd[1613]: mongod.service: Failed at step EXEC spawning /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:28:58 mydb systemd[1]: mongod.service: Main process exited, code=exited, status=203/EXEC
Jul 14 16:28:58 mydb systemd[1]: mongod.service: Failed with result 'exit-code'.
Jul 14 16:28:58 mydb systemd[1]: Starting SETroubleshoot daemon for processing new SELinux denial logs...
Jul 14 16:28:59 mydb systemd[1]: Started SETroubleshoot daemon for processing new SELinux denial logs.
Jul 14 16:28:59 mydb systemd[1]: Started dbus-:1.1-org.fedoraproject.SetroubleshootPrivileged@5.service.
Jul 14 16:29:02 mydb setroubleshoot[1614]: SELinux is preventing /usr/lib/systemd/systemd from read access on the lnk_file mongodb. For complete SELinux messages run: sealert -l 0fdf4ad8-666d-4d14-90ea-8d0f61ad22b8
Jul 14 16:29:02 mydb setroubleshoot[1614]: SELinux is preventing /usr/lib/systemd/systemd from read access on the lnk_file mongodb.#012#012***** Plugin catchall_labels (83.8 confidence) suggests *******************#012#012If you want to allow systemd to have read access on the mongodb lnk_file#012Then you need to change the label on mongodb#012Do#012# semanage fcontext -a -t FILE_TYPE 'mongodb'#012where FILE_TYPE is one of the following:
3、处理并验证
[root@mydb ~]# vi /etc/selinux/config
[root@mydb ~]# setenforce 0
[root@mydb ~]#
[root@mydb ~]# systemctl start mongod
[root@mydb ~]# systemctl status mongod
● mongod.service - MongoDB Database Server
Loaded: loaded (/usr/lib/systemd/system/mongod.service; disabled; preset: disabled)
Active: active (running) since Sun 2024-07-14 16:40:30 CST; 3s ago
Docs: https://docs.mongodb.org/manual
Main PID: 1915 (mongod)
Memory: 171.5M
CPU: 1.162s
CGroup: /system.slice/mongod.service
└─1915 /mongodb/app/mongodb/bin/mongod -f /mongodb/data/mongod.conf
Jul 14 16:40:30 mydb systemd[1]: Started MongoDB Database Server.
Jul 14 16:40:30 mydb mongod[1915]: {"t":{"$date":"2024-07-14T08:40:30.052Z"},"s":"I", "c":"CONTROL", "id":7484500, "ctx":"main","msg":"Environment variable MONGODB_CONFIG_OVERRIDE_NOF>
lines 1-12/12 (END)
4、总结
验证了执行文件的权限,尝试PermissionsStartOnly均无疾而终。最后在日志中找到selinux。官网虽然有很详细的关于selinux的配置,但还是关了吧。
5、其它启动错误
还有一些权限导致的启动问题
Jul 14 17:25:46 mydb setroubleshoot[1261]: failed to retrieve rpm info for path '/mongodb/data/data/mongod.lock':
Jul 14 17:25:49 mydb setroubleshoot[1261]: SELinux is preventing /mongodb/app/mongodb-linux-x86_64-enterprise-rhel90-7.0.12/bin/mongod from lock access on the file /mongodb/data/data/mongod.lock. For complete SELinux messages run: sealert -l 77bb3298-bee6-4799-95ba-2e2db906ca16
Jul 14 17:25:49 mydb setroubleshoot[1261]: SELinux is preventing /mongodb/app/mongodb-linux-x86_64-enterprise-rhel90-7.0.12/bin/mongod from lock access on the file /mongodb/data/data/mongod.lock.#012#012***** Plugin catchall_labels (83.8 confidence) suggests *******************#012#012If you want to allow mongod to have lock access on the mongod.lock file#012Then you need to change the label on /mongodb/data/data/mongod.lock#012Do#012# semanage fcontext -a -t FILE_TYPE '/mongodb/data/data/mongod.lock'#012where FILE_TYPE is one of the following:
...
...
Jul 14 17:25:49 mydb setroubleshoot[1261]: failed to retrieve rpm info for path '/mongodb/data/data/WiredTiger.lock':
Jul 14 17:25:49 mydb systemd[1]: systemd-hostnamed.service: Deactivated successfully.
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"E", "c":"WT", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":"[1720949272:969865][1292:0x7fae6360cb80], wiredtiger_open: [WT_VERB_DEFAULT][ERROR]: __posix_open_file, 815: /mongodb/data/data/WiredTiger.turtle: handle-open: open: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"E", "c":"WT", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":"[1720949272:970344][1292:0x7fae6360cb80], wiredtiger_open: [WT_VERB_DEFAULT][ERROR]: __posix_open_file, 815: /mongodb/data/data/WiredTiger.turtle: handle-open: open: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"E", "c":"WT", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":"[1720949272:970650][1292:0x7fae6360cb80], wiredtiger_open: [WT_VERB_DEFAULT][ERROR]: __posix_open_file, 815: /mongodb/data/data/WiredTiger.turtle: handle-open: open: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"W", "c":"STORAGE", "id":22347, "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"F", "c":"STORAGE", "id":28595, "ctx":"initandlisten","msg":"Terminating.","attr":{"reason":"13: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"F", "c":"ASSERT", "id":23091, "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":28595,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":676}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"F", "c":"ASSERT", "id":23092, "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}
{"t":{"$date":"2024-07-14T17:30:23.332+08:00"},"s":"I", "c":"STORAGE", "id":22315, "ctx":"initandlisten","msg":"Opening WiredTiger","attr":{"config":"create,cache_size=3314M,session_max=33000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,remove=true,path=journal,compressor=snappy),builtin_extension_config=(zstd=(compression_level=6)),file_manager=(close_idle_time=600,close_scan_interval=10,close_handle_minimum=2000),statistics_log=(wait=0),json_output=(error,message),verbose=[recovery_progress:1,checkpoint_progress:1,compact_progress:1,backup:0,checkpoint:0,compact:0,evict:0,history_store:0,recovery:0,rts:0,salvage:0,tiered:0,timestamp:0,transaction:0,verify:0,log:0],"}}
{"t":{"$date":"2024-07-14T17:30:23.986+08:00"},"s":"E", "c":"WT", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":{"ts_sec":1720949423,"ts_usec":986815,"thread":"1384:0x7f7dfac47b80","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__posix_open_file:815:/mongodb/data/data/journal/WiredTigerLog.0000000012: handle-open: open","error_str":"Permission denied","error_code":13}}}
{"t":{"$date":"2024-07-14T17:30:23.994+08:00"},"s":"E", "c":"WT", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":{"ts_sec":1720949423,"ts_usec":994178,"thread":"1384:0x7f7dfac47b80","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__posix_open_file:815:/mongodb/data/data/journal/WiredTigerLog.0000000012: handle-open: open","error_str":"Permission denied","error_code":13}}}
{"t":{"$date":"2024-07-14T17:30:24.000+08:00"},"s":"E", "c":"WT", "id":22435, "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":{"ts_sec":1720949424,"ts_usec":736,"thread":"1384:0x7f7dfac47b80","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__posix_open_file:815:/mongodb/data/data/journal/WiredTigerLog.0000000012: handle-open: open","error_str":"Permission denied","error_code":13}}}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"W", "c":"STORAGE", "id":22347, "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"F", "c":"STORAGE", "id":28595, "ctx":"initandlisten","msg":"Terminating.","attr":{"reason":"13: Permission denied"}}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"F", "c":"ASSERT", "id":23091, "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":28595,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":676}}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"F", "c":"ASSERT", "id":23092, "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
