firewalld启动失败问题排查
今天需要在防火墙上添加端口策略发现起不来了
# systemctl restart firewalld 报错如下
Authorization not available. Check if polkit service is running or see debug message for more information.Failed to restart firewalld.service: 连接超时See system logs and 'systemctl status firewalld.service' for details.
#根据提示,查看polkit是否是运行中
# systemctl status polkit
● polkit.service - Authorization Manager
Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
Active: inactive (dead) since 三 2022-08-24 11:09:44 CST; 14min ago
Docs: man:polkit(8)
Process: 28915 ExecStart=/usr/lib/polkit-1/polkitd --no-debug (code=killed, signal=TERM)
Main PID: 28915 (code=killed, signal=TERM)
8月 24 11:09:31 host-192-124-16-121 systemd[1]: Starting Authorization Manager...
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Started polkitd version 0.112
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Loading rules from directory /etc/polkit-1/rules.d
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Loading rules from directory /usr/share/polkit-1/rules.d
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Finished loading, compiling and executing 2 rules
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
8月 24 11:09:31 host-192-124-16-121 systemd[1]: Started Authorization Manager.
8月 24 11:09:44 host-192-124-16-121 polkitd[28915]: Registered Authentication Agent for unix-process:29059:7437719496 (system bus name :1.1933508 [/usr/bin/pkttyagen..._CN.UTF-8)
Hint: Some lines were ellipsized, use -l to show in full.
看到polkit(是linux系统中的一个身份认证管理工具 (Authorization Manager ) 没有运行,由此可能会导致其他一些服务也不能正常启动。
使用 /usr/lib/polkit-1/polkitd --no-debug & 启动polkit服务
# /usr/lib/polkit-1/polkitd --no-debug & 启动
# ps aux |grep polkit 查看进程
polkitd 13021 0.0 0.0 612228 12268 pts/0 Sl 11:01 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 13105 0.0 0.0 112724 992 pts/0 S+ 11:01 0:00 grep --color=auto polkit
# systemctl restart dbus 然后重启下dbus
[1]+ 已终止 /usr/lib/polkit-1/polkitd --no-debug
# systemctl status dbus 重启后查看
● dbus.service - D-Bus System Message Bus
Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: disabled)
Active: active (running) since 三 2022-08-24 11:23:22 CST; 7s ago
Docs: man:dbus-daemon(1)
Main PID: 851 (dbus-daemon)
CGroup: /system.slice/dbus.service
└─851 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation
8月 24 11:23:22 host-192-124-16-121 systemd[1]: Started D-Bus System Message Bus.
# systemctl restart firewalld 再次重启防火墙
# systemctl status firewalld 查看
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 三 2022-08-24 11:24:06 CST; 18min ago
Docs: man:firewalld(1)
Main PID: 1009 (firewalld)
CGroup: /system.slice/firewalld.service
└─1009 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid
8月 24 11:24:05 host-192-124-16-121 systemd[1]: Starting firewalld - dynamic firewall daemon...
8月 24 11:24:06 host-192-124-16-121 systemd[1]: Started firewalld - dynamic firewall daemon.
此时防火墙就可以正常启动了
# systemctl status polkit 再次查看polkit,发现已经自动运行了
● polkit.service - Authorization Manager
Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
Active: active (running) since 三 2022-08-24 11:24:05 CST; 18min ago
Docs: man:polkit(8)
Main PID: 998 (polkitd)
CGroup: /system.slice/polkit.service
└─998 /usr/lib/polkit-1/polkitd --no-debug
8月 24 11:24:05 host-192-124-16-121 systemd[1]: Starting Authorization Manager...
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Started polkitd version 0.112
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Loading rules from directory /etc/polkit-1/rules.d
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Loading rules from directory /usr/share/polkit-1/rules.d
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Finished loading, compiling and executing 2 rules
8月 24 11:24:05 host-192-124-16-121 systemd[1]: Started Authorization Manager.
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Registered Authentication Agent for unix-process:993:7437805618 (system bus name :1.1 [/usr/bin/pkttyagent --notify..._CN.UTF-8)
8月 24 11:24:06 host-192-124-16-121 polkitd[998]: Unregistered Authentication Agent for unix-process:993:7437805618 (system bus name :1.1, object path /org/freedeskt... from bus)
Hint: Some lines were ellipsized, use -l to show in full.
测试防火墙指令
# firewall-cmd --reload 防火墙加载
success
# firewall-cmd --list-port 查看端口都正常了
9952/tcp 2181/tcp 2888/tcp 3888/tcp