Mongodb
Ubuntu 上的審計外掛:CONTROL我___米一種一世nmain全域初始化失敗:FileNotOpen:無法打開“/path”:退出狀態 1
我們使用 MongoDB 3.2.11 並嘗試啟用Audit。
2.6 版中的新功能。
MongoDB Enterprise 包括對 mongod 和 mongos 實例的審計功能。審計工具允許管理員和使用者跟踪具有多個使用者和應用程序的部署的系統活動。
這是我們的啟動配置
mongodb.confauditLog: destination: file filter: '{ atype: { $in: [ "createCollection", "dropCollection", "createDatabase", "createIndex", "renameCollection", "dropDatabase", "dropIndex", "createUser", "dropUser", "dropAllUsersFromDatabase", "updateUser", "grantRolesToUser", "revokeRolesFromUser", "createRole", "updateRole", "dropRole", "dropAllRolesFromDatabase", "grantRolesToRole", "revokeRolesFromRole", "grantPrivilegesToRole", "revokePrivilegesFromRole", "enableSharding", "shardCollection", "addShard", "removeShard", "shutdown", "applicationMessage", "authCheck" ] } }' format: BSON path: /opt/mongouser/store/mongodb-audit net: port: 27000 operationProfiling: {} processManagement: fork: "true" replication: replSetName: rs-testname security: authorization: enabled keyFile: /opt/mongouser/store/auto-mms/keyfile storage: dbPath: /opt/mongouser/store/mongodb-data/rs-testname_1 directoryPerDB: true engine: wiredTiger wiredTiger: engineConfig: directoryForIndexes: true systemLog: destination: file path: /opt/mongouser/store/mongodb-data/rs-testname_1/mongodb.log
mongodb.log(唯一的條目)。這裡是啟動時的strace輸出。2017-02-23T16:20:54.430+0000 F CONTROL [main] Failed global initialization: FileNotOpen: Failed to open "/opt/mongouser/store/mongodb-audit/" : exit status 1輸出(標準輸出/標準錯誤):
about to fork child process, waiting until server is ready for connections. forked process: 56468 ERROR: child process failed, exited with error number 1目錄權限。數據目錄和審計目錄具有相同的權限。數據目錄有效。
# ls -ald mongodb-* drwxrwxrwx 2 mongouser mongouser 17 Feb 23 16:19 mongodb-audit drwxrwxrwx 3 mongouser mongouser 37 Dec 7 11:14 mongodb-data drwxr-xr-x 6 mongouser mongouser 4096 Dec 7 11:24 auto-mms我添加了最大的詳細程度,但仍然只有一行
mongodb.logsystemLog: destination: file path: /path/mongodb.log verbosity: 5關於 Linux 盒子。使用搜尋引擎,您只會發現基於 Windows 的系統的類似錯誤。
$ cat /etc/lsb-release DISTRIB_ID=Ubuntu DISTRIB_RELEASE=14.04 DISTRIB_CODENAME=trusty DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"知道有什麼問題嗎?
我追踪
strace和-f從手冊
-f Trace child processes as they are created by currently traced processes as a result of the fork(2), vfork(2) and clone(2) system calls. Note that -p PID -f will attach all threads of process PID if it is multi-threaded, not only thread with thread_id = PID.輸出
[pid 26580] open("/etc/sasl2/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 26580] open("/etc/sasl/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 26580] open("/usr/lib/x86_64-linux-gnu/sasl2/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 26580] open("/usr/lib/sasl2/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory) [pid 26580] openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/sasl2", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5 [pid 26580] getdents(5, /* 5 entries */, 32768) = 160 [pid 26580] getdents(5, /* 0 entries */, 32768) = 0 [pid 26580] close(5) = 0 [pid 26580] openat(AT_FDCWD, "/usr/lib/sasl2", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5 [pid 26580] getdents(5, /* 2 entries */, 32768) = 48 [pid 26580] getdents(5, /* 0 entries */, 32768) = 0 [pid 26580] close(5) = 0 [pid 26580] open("/dev/urandom", O_RDONLY) = 5 [pid 26580] read(5, "\300\7&&\345\375\210\7}\\\23&\361\371\271\323\370\22\244 \177\213\23\322A\230s\253ACi\275"..., 8191) = 8191 [pid 26580] open("/dev/urandom", O_RDONLY) = 6 [pid 26580] read(6, "\5\231\332\351\32\2@L\362\202\354\350?|\207\340\241\271\222#\26\366Xuc\215\360FT\363N\236"..., 8191) = 8191 [pid 26580] close(6) = 0 [pid 26580] open("/dev/urandom", O_RDONLY) = 6 [pid 26580] open("/var/vcap/store/mongodb-audit", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1 EISDIR (Is a directory) [pid 26580] write(4, "2017-02-27T08:32:41.623+0000 F C"..., 137) = 137 [pid 26580] exit_group(1) = ? [pid 26580] +++ exited with 1 +++ [pid 26579] <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 26580 [pid 26579] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26580, si_status=1, si_utime=0, si_stime=0} --- [pid 26579] exit_group(1) = ? [pid 26579] +++ exited with 1 +++ <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 26579 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26579, si_status=1, si_utime=0, si_stime=0} --- write(1, "ERROR: child process failed, exi"..., 56ERROR: child process failed, exited with error number 1 ) = 56 exit_group(1) = ? +++ exited with 1 +++
path: /opt/mongouser/store/mongodb-audit是一個目錄,但應該是一個帶有bson副檔名的正常文件。auditLog: destination: file filter: '{ atype: { $in: [ "createCollection", "dropCollection", "createDatabase", "createIndex", "renameCollection", "dropDatabase", "dropIndex", "createUser", "dropUser", "dropAllUsersFromDatabase", "updateUser", "grantRolesToUser", "revokeRolesFromUser", "createRole", "updateRole", "dropRole", "dropAllRolesFromDatabase", "grantRolesToRole", "revokeRolesFromRole", "grantPrivilegesToRole", "revokePrivilegesFromRole", "enableSharding", "shardCollection", "addShard", "removeShard", "shutdown", "applicationMessage", "authCheck" ] } }' format: BSON path: /opt/mongouser/store/mongodb-audit/log.bson
您可以嘗試使用以下更改(不帶尾隨 /):
path: /opt/mongouser/store/mongodb-audit代替:
path: /opt/mongouser/store/mongodb-audit/