确定问题
所有网站都返回“连接数据库时出错”错误。
首先,我查看了 MariaDB/MySQL 是否正在运行。
[jack@onitroad centos]# systemctl status mysql
â mysql.service - LSB: start and stop MySQL
Loaded: loaded (/etc/rc.d/init.d/mysql; bad; vendor preset: disabled)
Active: failed (Result: exit-code) since Sat 2015-01-14 10:17:09 UTC; 4s ago
Docs: man:systemd-sysv-generator(8)
Process: 14010 ExecStop=/etc/rc.d/init.d/mysql stop (code=exited, status=0/SUCCESS)
Process: 14016 ExecStart=/etc/rc.d/init.d/mysql start (code=exited, status=1/FAILURE)
Jan 14 10:17:08 server systemd[1]: Starting LSB: start and stop MySQL...
Jan 14 10:17:08 server mysql[14016]: Starting MySQL.170114 10:17:08 mysqld_safe Logging to '/var/lib/mysql/server.err'.
Jan 14 10:17:08 server mysql[14016]: 170114 10:17:08 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql
Jan 14 10:17:08 server mysql[14016]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1)
Jan 14 10:17:09 server mysql[14016]: ERROR!
Jan 14 10:17:09 server systemd[1]: mysql.service: control process exited, code=exited status=1
Jan 14 10:17:09 server systemd[1]: Failed to start LSB: start and stop MySQL.
Jan 14 10:17:09 server systemd[1]: Unit mysql.service entered failed state.
Jan 14 10:17:09 server systemd[1]: mysql.service failed.
不,数据库确实死了。
我们可以看到该错误似乎与 mysqld_safe_helper 尝试按照此错误行更改 UID/GID 相关:
/usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1)
让我们尝试重新启动服务。
[jack@onitroad centos]# systemctl restart mysql -l Jan 14 10:21:36 server systemd[1]: Starting LSB: start and stop MySQL... Jan 14 10:21:36 server mysql[14399]: Starting MySQL.170114 10:21:36 mysqld_safe Logging to '/var/lib/mysql/server.err'. Jan 14 10:21:36 server mysql[14399]: 170114 10:21:36 mysqld_safe Starting mysqld daemon with databases from /var/lib/mysql Jan 14 10:21:36 server mysql[14399]: /usr/bin/mysqld_safe_helper: Cannot change uid/gid (errno: 1) Jan 14 10:21:37 server mysql[14399]: ERROR! Jan 14 10:21:37 server systemd[1]: mysql.service: control process exited, code=exited status=1 Jan 14 10:21:37 server systemd[1]: Failed to start LSB: start and stop MySQL. Jan 14 10:21:37 server systemd[1]: Unit mysql.service entered failed state. Jan 14 10:21:37 server systemd[1]: mysql.service failed.
不能启动,我尝试按照建议运行 journalctl -xe,输出如下:
[jack@onitroad mysql]# journalctl -xe
Jan 14 10:21:38 server setroubleshoot[14484]: SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability. For complete SELinux messages. run sealert -l 640a7d54-35ab-43b5-9267-db6f159e1449
Jan 14 10:21:38 server python[14484]: SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability.
* Plugin catchall (100. confidence) suggests **
If you believe that mysqld_safe_helper should have the setgid capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel
# semodule -i my-mysqldsafehel.pp
我将此服务器设置为每 24 小时自动执行一次“yum update -y”,以使其自动保持最新状态。
在 CentOS 7.3 中最新的 MariaDB 更新到版本 10.0.29-1.el7.centos 后,我发现它无法正确启动备份,以下是修复它的方法。
解决问题
所以这是一个 SELinux 问题。
要获取完整信息,我运行“sealert -a /var/log/audit/audit.log”,如下所示。
[jack@onitroad mysql]# sealert -a /var/log/audit/audit.log
SELinux is preventing /usr/bin/mysqld_safe_helper from using the setuid capability.
* Plugin catchall (100. confidence) suggests **
If you believe that mysqld_safe_helper should have the setuid capability by default.
Then you should report this as a bug.
You can generate a local policy module to allow this access.
Do
allow this access for now by executing:
# ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel
# semodule -i my-mysqldsafehel.pp
Additional Information:
Source Context system_u:system_r:mysqld_safe_t:s0
Target Context system_u:system_r:mysqld_safe_t:s0
Target Objects Unknown [ capability ]
Source mysqld_safe_hel
Source Path /usr/bin/mysqld_safe_helper
Port <Unknown>
Host <Unknown>
Source RPM Packages MariaDB-server-10.0.29-1.el7.centos.x86_64
Target RPM Packages
Policy RPM selinux-policy-3.13.1-102.el7_3.7.noarch
Selinux Enabled True
Policy Type targeted
Enforcing Mode Enforcing
Host Name server
Platform Linux server
3.10.0-514.2.2.el7.x86_64 #1 SMP Tue Dec 6
23:06:41 UTC 2014 x86_64 x86_64
...
Hash: mysqld_safe_hel,mysqld_safe_t,mysqld_safe_t,capability,setuid
现在我已经按照建议完成了,并运行如下所示的建议命令来创建本地策略。
ausearch -c 'mysqld_safe_hel' --raw | audit2allow -M my-mysqldsafehel semodule -i my-mysqldsafehel.pp
执行此操作并尝试重新启动“mysql”服务后,我记录了另一条 SELinux 消息,这次是“setgid”,如下所示。
SELinux is preventing /usr/bin/mysqld_safe_helper from using the setgid capability.
然后我只需再次运行建议的命令。
在此之后,可以启动 MariaDB,如下所示。
[jack@onitroad ~]# systemctl restart mysql [jack@onitroad ~]# systemctl status mysql.service -l â mysql.service - LSB: start and stop MySQL Loaded: loaded (/etc/rc.d/init.d/mysql; bad; vendor preset: disabled) Active: active (running) since Sat 2015-01-14 10:24:03 UTC; 29min ago
当然,我们也可以使用“setenforce 0”暂时禁用 SELinux。
日期:2020-07-07 20:56:19 来源:oir作者:oir