揭秘导致MongoDB服务启动失败的幕后黑手

##

揭秘导致MongoDB服务启动失败的幕后黑手

1、mongod 状态
[root@mydb ~]# systemctl status mongod
× mongod.service - MongoDB Database Server
     Loaded: loaded (/usr/lib/systemd/system/mongod.service; disabled; preset: disabled)
     Active: failed (Result: exit-code) since Sun 2024-07-14 16:34:42 CST; 2s ago
   Duration: 10ms
       Docs: https://docs.mongodb.org/manual
    Process: 1808 ExecStart=/mongodb/app/mongodb/bin/mongod $OPTIONS (code=exited, status=203/EXEC)
   Main PID: 1808 (code=exited, status=203/EXEC)
        CPU: 2ms

Jul 14 16:34:42 mydb systemd[1]: Started MongoDB Database Server.
Jul 14 16:34:42 mydb systemd[1808]: mongod.service: Failed to locate executable /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:34:42 mydb systemd[1808]: mongod.service: Failed at step EXEC spawning /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:34:42 mydb systemd[1]: mongod.service: Main process exited, code=exited, status=203/EXEC
Jul 14 16:34:42 mydb systemd[1]: mongod.service: Failed with result 'exit-code'.
2、日志信息
Jul 14 16:28:39 mydb systemd[1]: dbus-:1.1-org.fedoraproject.SetroubleshootPrivileged@4.service: Deactivated successfully.
Jul 14 16:28:39 mydb systemd[1]: dbus-:1.1-org.fedoraproject.SetroubleshootPrivileged@4.service: Consumed 1.019s CPU time.
Jul 14 16:28:42 mydb systemd[1]: setroubleshootd.service: Deactivated successfully.
Jul 14 16:28:42 mydb systemd[1]: setroubleshootd.service: Consumed 3.154s CPU time.
Jul 14 16:28:58 mydb systemd[1]: Started mongod.service.
Jul 14 16:28:58 mydb systemd[1613]: mongod.service: Failed to locate executable /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:28:58 mydb systemd[1613]: mongod.service: Failed at step EXEC spawning /mongodb/app/mongodb/bin/mongod: Permission denied
Jul 14 16:28:58 mydb systemd[1]: mongod.service: Main process exited, code=exited, status=203/EXEC
Jul 14 16:28:58 mydb systemd[1]: mongod.service: Failed with result 'exit-code'.
Jul 14 16:28:58 mydb systemd[1]: Starting SETroubleshoot daemon for processing new SELinux denial logs...
Jul 14 16:28:59 mydb systemd[1]: Started SETroubleshoot daemon for processing new SELinux denial logs.
Jul 14 16:28:59 mydb systemd[1]: Started dbus-:1.1-org.fedoraproject.SetroubleshootPrivileged@5.service.
Jul 14 16:29:02 mydb setroubleshoot[1614]: SELinux is preventing /usr/lib/systemd/systemd from read access on the lnk_file mongodb. For complete SELinux messages run: sealert -l 0fdf4ad8-666d-4d14-90ea-8d0f61ad22b8
Jul 14 16:29:02 mydb setroubleshoot[1614]: SELinux is preventing /usr/lib/systemd/systemd from read access on the lnk_file mongodb.#012#012*****  Plugin catchall_labels (83.8 confidence) suggests   *******************#012#012If you want to allow systemd to have read access on the mongodb lnk_file#012Then you need to change the label on mongodb#012Do#012# semanage fcontext -a -t FILE_TYPE 'mongodb'#012where FILE_TYPE is one of the following: 
3、处理并验证
[root@mydb ~]# vi /etc/selinux/config
[root@mydb ~]# setenforce 0
[root@mydb ~]#
[root@mydb ~]# systemctl start mongod
[root@mydb ~]# systemctl status mongod
● mongod.service - MongoDB Database Server
     Loaded: loaded (/usr/lib/systemd/system/mongod.service; disabled; preset: disabled)
     Active: active (running) since Sun 2024-07-14 16:40:30 CST; 3s ago
       Docs: https://docs.mongodb.org/manual
   Main PID: 1915 (mongod)
     Memory: 171.5M
        CPU: 1.162s
     CGroup: /system.slice/mongod.service
             └─1915 /mongodb/app/mongodb/bin/mongod -f /mongodb/data/mongod.conf

Jul 14 16:40:30 mydb systemd[1]: Started MongoDB Database Server.
Jul 14 16:40:30 mydb mongod[1915]: {"t":{"$date":"2024-07-14T08:40:30.052Z"},"s":"I",  "c":"CONTROL",  "id":7484500, "ctx":"main","msg":"Environment variable MONGODB_CONFIG_OVERRIDE_NOF>
lines 1-12/12 (END)

4、总结

验证了执行文件的权限,尝试PermissionsStartOnly均无疾而终。最后在日志中找到selinux。官网虽然有很详细的关于selinux的配置,但还是关了吧。

5、其它启动错误

还有一些权限导致的启动问题

Jul 14 17:25:46 mydb setroubleshoot[1261]: failed to retrieve rpm info for path '/mongodb/data/data/mongod.lock':
Jul 14 17:25:49 mydb setroubleshoot[1261]: SELinux is preventing /mongodb/app/mongodb-linux-x86_64-enterprise-rhel90-7.0.12/bin/mongod from lock access on the file /mongodb/data/data/mongod.lock. For complete SELinux messages run: sealert -l 77bb3298-bee6-4799-95ba-2e2db906ca16
Jul 14 17:25:49 mydb setroubleshoot[1261]: SELinux is preventing /mongodb/app/mongodb-linux-x86_64-enterprise-rhel90-7.0.12/bin/mongod from lock access on the file /mongodb/data/data/mongod.lock.#012#012*****  Plugin catchall_labels (83.8 confidence) suggests   *******************#012#012If you want to allow mongod to have lock access on the mongod.lock file#012Then you need to change the label on /mongodb/data/data/mongod.lock#012Do#012# semanage fcontext -a -t FILE_TYPE '/mongodb/data/data/mongod.lock'#012where FILE_TYPE is one of the following: 
...
...
Jul 14 17:25:49 mydb setroubleshoot[1261]: failed to retrieve rpm info for path '/mongodb/data/data/WiredTiger.lock':
Jul 14 17:25:49 mydb systemd[1]: systemd-hostnamed.service: Deactivated successfully.
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":"[1720949272:969865][1292:0x7fae6360cb80], wiredtiger_open: [WT_VERB_DEFAULT][ERROR]: __posix_open_file, 815: /mongodb/data/data/WiredTiger.turtle: handle-open: open: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":"[1720949272:970344][1292:0x7fae6360cb80], wiredtiger_open: [WT_VERB_DEFAULT][ERROR]: __posix_open_file, 815: /mongodb/data/data/WiredTiger.turtle: handle-open: open: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":"[1720949272:970650][1292:0x7fae6360cb80], wiredtiger_open: [WT_VERB_DEFAULT][ERROR]: __posix_open_file, 815: /mongodb/data/data/WiredTiger.turtle: handle-open: open: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"W",  "c":"STORAGE",  "id":22347,   "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"F",  "c":"STORAGE",  "id":28595,   "ctx":"initandlisten","msg":"Terminating.","attr":{"reason":"13: Permission denied"}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"F",  "c":"ASSERT",   "id":23091,   "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":28595,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":676}}
{"t":{"$date":"2024-07-14T17:27:52.970+08:00"},"s":"F",  "c":"ASSERT",   "id":23092,   "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}
{"t":{"$date":"2024-07-14T17:30:23.332+08:00"},"s":"I",  "c":"STORAGE",  "id":22315,   "ctx":"initandlisten","msg":"Opening WiredTiger","attr":{"config":"create,cache_size=3314M,session_max=33000,eviction=(threads_min=4,threads_max=4),config_base=false,statistics=(fast),log=(enabled=true,remove=true,path=journal,compressor=snappy),builtin_extension_config=(zstd=(compression_level=6)),file_manager=(close_idle_time=600,close_scan_interval=10,close_handle_minimum=2000),statistics_log=(wait=0),json_output=(error,message),verbose=[recovery_progress:1,checkpoint_progress:1,compact_progress:1,backup:0,checkpoint:0,compact:0,evict:0,history_store:0,recovery:0,rts:0,salvage:0,tiered:0,timestamp:0,transaction:0,verify:0,log:0],"}}
{"t":{"$date":"2024-07-14T17:30:23.986+08:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":{"ts_sec":1720949423,"ts_usec":986815,"thread":"1384:0x7f7dfac47b80","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__posix_open_file:815:/mongodb/data/data/journal/WiredTigerLog.0000000012: handle-open: open","error_str":"Permission denied","error_code":13}}}
{"t":{"$date":"2024-07-14T17:30:23.994+08:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":{"ts_sec":1720949423,"ts_usec":994178,"thread":"1384:0x7f7dfac47b80","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__posix_open_file:815:/mongodb/data/data/journal/WiredTigerLog.0000000012: handle-open: open","error_str":"Permission denied","error_code":13}}}
{"t":{"$date":"2024-07-14T17:30:24.000+08:00"},"s":"E",  "c":"WT",       "id":22435,   "ctx":"initandlisten","msg":"WiredTiger error message","attr":{"error":13,"message":{"ts_sec":1720949424,"ts_usec":736,"thread":"1384:0x7f7dfac47b80","session_name":"connection","category":"WT_VERB_DEFAULT","category_id":9,"verbose_level":"ERROR","verbose_level_id":-3,"msg":"__posix_open_file:815:/mongodb/data/data/journal/WiredTigerLog.0000000012: handle-open: open","error_str":"Permission denied","error_code":13}}}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"W",  "c":"STORAGE",  "id":22347,   "ctx":"initandlisten","msg":"Failed to start up WiredTiger under any compatibility version. This may be due to an unsupported upgrade or downgrade."}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"F",  "c":"STORAGE",  "id":28595,   "ctx":"initandlisten","msg":"Terminating.","attr":{"reason":"13: Permission denied"}}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"F",  "c":"ASSERT",   "id":23091,   "ctx":"initandlisten","msg":"Fatal assertion","attr":{"msgid":28595,"file":"src/mongo/db/storage/wiredtiger/wiredtiger_kv_engine.cpp","line":676}}
{"t":{"$date":"2024-07-14T17:30:24.002+08:00"},"s":"F",  "c":"ASSERT",   "id":23092,   "ctx":"initandlisten","msg":"\n\n***aborting after fassert() failure\n\n"}
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值