марионеточное ведущее устройство на CentOS 7 - перезагрузка, за которой Следуют,
Я развернул Марионеточный Основной и Марионеточный Агент на двух различных машинах CentOS.
Они оба раньше связывались через ssl, но после перезапуска Главного сервера, не стало вещей.
conf.d Httpd содержит puppetmaster.conf, следовательно мне нужен httpd сервис для выполнения.
Когда это работало, https://name:8140 показал, что "Среда должна быть чисто алфавитно-цифровой, не' '" значение, что это работало.
Я уверен, что работал
"$sudo chkconfig httpd on
Note: Forwarding request to 'systemctl enable httpd.service'."
сделать этот запуск на начальной загрузке.
Это привыкло для ошибки при не наличии доступных сокетов для слушания, но я решил его путем уничтожения марионеточного процесса, который поднимал порт.
Вот то, что я попробовал без удачи:
$sudo service httpd status
Redirecting to /bin/systemctl status httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Mon 2015-03-30 12:39:07 PDT; 2min 13s ago
Process: 4144 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 4155 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─4155 /usr/sbin/httpd -DFOREGROUND
├─4180 PassengerAgent watchdog
├─4186 PassengerAgent server
├─4192 PassengerAgent logger
├─4203 /usr/sbin/httpd -DFOREGROUND
├─4204 /usr/sbin/httpd -DFOREGROUND
├─4205 /usr/sbin/httpd -DFOREGROUND
├─4206 /usr/sbin/httpd -DFOREGROUND
└─4207 /usr/sbin/httpd -DFOREGROUND
Mar 30 12:39:07 vaio systemd[1]: Started The Apache HTTP Server.
Mar 30 12:39:07 vaio python[4146]: SELinux is preventing /usr/local/share/gems/gems/passenger-5.0.5/buildout/support-binar...bility.
***** Plugin sys_resource (37.5 confidence) suggests **********************...
Mar 30 12:40:49 vaio systemd[1]: Started The Apache HTTP Server.
Hint: Some lines were ellipsized, use -l to show in full.
$sudo service httpd start
Redirecting to /bin/systemctl start httpd.service
(IPtable)
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [0:0]
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
(SELinux Status)
sudo cat /etc/sysconfig/selinux
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
SELINUX=permissive
# SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
(HTTPD status -l)
sudo service httpd status -l
Redirecting to /bin/systemctl status -l httpd.service
httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled)
Active: active (running) since Mon 2015-03-30 12:39:07 PDT; 20min ago
Main PID: 4155 (httpd)
Status: "Total requests: 0; Current requests/sec: 0; Current traffic: 0 B/sec"
CGroup: /system.slice/httpd.service
├─4155 /usr/sbin/httpd -DFOREGROUND
├─4180 PassengerAgent watchdog
├─4186 PassengerAgent server
├─4192 PassengerAgent logger
├─4203 /usr/sbin/httpd -DFOREGROUND
├─4204 /usr/sbin/httpd -DFOREGROUND
├─4205 /usr/sbin/httpd -DFOREGROUND
├─4206 /usr/sbin/httpd -DFOREGROUND
└─4207 /usr/sbin/httpd -DFOREGROUND
Mar 30 12:39:07 vaio systemd[1]: Started The Apache HTTP Server.
Mar 30 12:39:07 vaio python[4146]: SELinux is preventing /usr/local/share/gems/gems/passenger-5.0.5/buildout/support-binaries/PassengerAgent from using the sys_resource capability.
***** Plugin sys_resource (37.5 confidence) suggests **********************
If you do not want processes to require capabilities to use up all the system resources on your system;
Then you need to diagnose why your system is running out of system resources and fix the problem.
According to /usr/include/linux/capability.h, sys_resource is required to:
/* Override resource limits. Set resource limits. */
/* Override quota limits. */
/* Override reserved space on ext2 filesystem */
/* Modify data journaling mode on ext3 filesystem (uses journaling
resources) */
/* NOTE: ext2 honors fsuid when checking for resource overrides, so
you can override using fsuid too */
/* Override size restrictions on IPC message queues */
/* Allow more than 64hz interrupts from the real-time clock */
/* Override max number of consoles on console allocation */
/* Override max number of keymaps */
/* Override resource limits. Set resource limits. */
/* Override quota limits. */
/* Override reserved space on ext2 filesystem */
/* Modify data journaling mode on ext3 filesystem (uses journaling
resources) */
/* NOTE: ext2 honors fsuid when checking for resource overrides, so
you can override using fsuid too */
/* Override size restrictions on IPC message queues */
/* Allow more than 64hz interrupts from the real-time clock */
/* Override max number of consoles on console allocation */
/* Override max number of keymaps */
/* Override resource limits. Set resource limits. */
/* Override quota limits. */
/* Override reserved space on ext2 filesystem */
/* Modify data journaling mode on ext3 filesystem (uses journaling
resources) */
/* NOTE: ext2 honors fsuid when checking for resource overrides, so
you can override using fsuid too */
/* Override size restrictions on IPC message queues */
/* Allow more than 64hz interrupts from the real-time clock */
/* Override max number of consoles on console allocation */
/* Override max number of keymaps */
Do
fix the cause of the SYS_RESOURCE on your system.
***** Plugin catchall_boolean (30.1 confidence) suggests ******************
If you want to allow httpd to run stickshift
Then you must tell SELinux about this by enabling the 'httpd_run_stickshift' boolean.
You can read 'None' man page for more details.
Do
setsebool -P httpd_run_stickshift 1
***** Plugin catchall_boolean (30.1 confidence) suggests ******************
If you want to allow httpd to setrlimit
Then you must tell SELinux about this by enabling the 'httpd_setrlimit' boolean.
You can read 'None' man page for more details.
Do
setsebool -P httpd_setrlimit 1
***** Plugin catchall (4.20 confidence) suggests **************************
If you believe that PassengerAgent should have the sys_resource capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# grep PassengerAgent /var/log/audit/audit.log | audit2allow -M mypol
# semodule -i mypol.pp
Mar 30 12:40:49 vaio systemd[1]: Started The Apache HTTP Server.
Mar 30 12:52:58 vaio systemd[1]: Started The Apache HTTP Server.
0
задан mutuallybeneficial
30 March 2015 в 23:06
Ссылка
2 ответа
Убедитесь, что в iptables указано «-A INPUT -m state --state NEW -m tcp -p tcp --dport 8140 -j ACCEPT».
После подключения он будет скажите: "Среда должна быть исключительно буквенно-цифровой, а не" "", что НЕ является ошибкой.
0
Ниже показано, как шаги проб и ошибок возвращают Хозяина Марионеток к жизни. Спасибо Шейну Мэддену за руководство.
$ sudo service iptables restart
Redirecting to /bin/systemctl restart iptables.service
$ sudo service httpd start
Redirecting to /bin/systemctl start httpd.service
$ sudo chkconfig httpd on
Note: Forwarding request to 'systemctl enable httpd.service'.
$ sudo service httpd start
Redirecting to /bin/systemctl start httpd.service
$ sudo setenforce permissive
$ sudo sed -i 's\=enforcing\=permissive\g' /etc/sysconfig/selinux
$ sudo getenforce
0