firewalld启动失败问题排查

今天需要在防火墙上添加端口策略发现起不来了

# systemctl restart firewalld　　报错如下

Authorization not available. Check if polkit service is running or see debug message for more information.Failed to restart firewalld.service: 连接超时See system logs and 'systemctl status firewalld.service' for details.

#根据提示，查看polkit是否是运行中

# systemctl status polkit
● polkit.service - Authorization Manager
Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
Active: inactive (dead) since 三 2022-08-24 11:09:44 CST; 14min ago
Docs: man:polkit(8)
Process: 28915 ExecStart=/usr/lib/polkit-1/polkitd --no-debug (code=killed, signal=TERM)
Main PID: 28915 (code=killed, signal=TERM)

8月 24 11:09:31 host-192-124-16-121 systemd[1]: Starting Authorization Manager...
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Started polkitd version 0.112
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Loading rules from directory /etc/polkit-1/rules.d
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Loading rules from directory /usr/share/polkit-1/rules.d
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Finished loading, compiling and executing 2 rules
8月 24 11:09:31 host-192-124-16-121 polkitd[28915]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
8月 24 11:09:31 host-192-124-16-121 systemd[1]: Started Authorization Manager.
8月 24 11:09:44 host-192-124-16-121 polkitd[28915]: Registered Authentication Agent for unix-process:29059:7437719496 (system bus name :1.1933508 [/usr/bin/pkttyagen..._CN.UTF-8)
Hint: Some lines were ellipsized, use -l to show in full.

看到polkit（是linux系统中的一个身份认证管理工具 (Authorization Manager ) 没有运行，由此可能会导致其他一些服务也不能正常启动。

使用 /usr/lib/polkit-1/polkitd --no-debug & 启动polkit服务

 

# /usr/lib/polkit-1/polkitd --no-debug &　　 启动

# ps aux |grep polkit　　　　　　　　　　查看进程

polkitd 13021 0.0 0.0 612228 12268 pts/0 Sl 11:01 0:00 /usr/lib/polkit-1/polkitd --no-debug
root 13105 0.0 0.0 112724 992 pts/0 S+ 11:01 0:00 grep --color=auto polkit

 

# systemctl restart dbus　　　　然后重启下dbus

[1]+ 已终止 /usr/lib/polkit-1/polkitd --no-debug

# systemctl status dbus　　　　　重启后查看　　　
● dbus.service - D-Bus System Message Bus
Loaded: loaded (/usr/lib/systemd/system/dbus.service; static; vendor preset: disabled)
Active: active (running) since 三 2022-08-24 11:23:22 CST; 7s ago
Docs: man:dbus-daemon(1)
Main PID: 851 (dbus-daemon)
CGroup: /system.slice/dbus.service
└─851 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activation

8月 24 11:23:22 host-192-124-16-121 systemd[1]: Started D-Bus System Message Bus.

 

# systemctl restart firewalld　　再次重启防火墙

# systemctl status firewalld　　查看
● firewalld.service - firewalld - dynamic firewall daemon
Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active (running) since 三 2022-08-24 11:24:06 CST; 18min ago
Docs: man:firewalld(1)
Main PID: 1009 (firewalld)
CGroup: /system.slice/firewalld.service
└─1009 /usr/bin/python -Es /usr/sbin/firewalld --nofork --nopid

8月 24 11:24:05 host-192-124-16-121 systemd[1]: Starting firewalld - dynamic firewall daemon...
8月 24 11:24:06 host-192-124-16-121 systemd[1]: Started firewalld - dynamic firewall daemon.

此时防火墙就可以正常启动了

# systemctl status polkit　　再次查看polkit，发现已经自动运行了
● polkit.service - Authorization Manager
Loaded: loaded (/usr/lib/systemd/system/polkit.service; static; vendor preset: enabled)
Active: active (running) since 三 2022-08-24 11:24:05 CST; 18min ago
Docs: man:polkit(8)
Main PID: 998 (polkitd)
CGroup: /system.slice/polkit.service
└─998 /usr/lib/polkit-1/polkitd --no-debug

8月 24 11:24:05 host-192-124-16-121 systemd[1]: Starting Authorization Manager...
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Started polkitd version 0.112
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Loading rules from directory /etc/polkit-1/rules.d
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Loading rules from directory /usr/share/polkit-1/rules.d
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Finished loading, compiling and executing 2 rules
8月 24 11:24:05 host-192-124-16-121 systemd[1]: Started Authorization Manager.
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Acquired the name org.freedesktop.PolicyKit1 on the system bus
8月 24 11:24:05 host-192-124-16-121 polkitd[998]: Registered Authentication Agent for unix-process:993:7437805618 (system bus name :1.1 [/usr/bin/pkttyagent --notify..._CN.UTF-8)
8月 24 11:24:06 host-192-124-16-121 polkitd[998]: Unregistered Authentication Agent for unix-process:993:7437805618 (system bus name :1.1, object path /org/freedeskt... from bus)
Hint: Some lines were ellipsized, use -l to show in full.

 

测试防火墙指令

# firewall-cmd --reload　　　　防火墙加载
success
# firewall-cmd --list-port　　　　查看端口都正常了
9952/tcp 2181/tcp 2888/tcp 3888/tcp