web-dev-qa-db-ja.com

グレイログサーバーがポート12900でバインドされていません

ここでは、何をしても、graylog-serverがポート12900にバインドされない状況があります。 github.com/graylog2/graylog-ansible-roleを使用して、graylog-server-1.1.6-1.noarch、elasticsearch-1.6.2-1.noarch、mongodb-org-server-2.6.10のrpmをインストールしました-1.x86_64、nginx-1.8.0-1.el7.ngx.x86_64(2つのCentOS 7 VM)。グレイログサーバーが起動し、/ var/log/graylog/server.logにエラーを記録しませんが、ポート12900へのバインドに失敗します。

[root@doru2 deploy]# ps -eaf | grep graylog-server
graylog   26140  26137  7 19:01 ?        00:02:50 Java -Xms1g -Xmx1g -XX:NewRatio=1 -server -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -jar -Dlog4j.configuration=file:///etc/graylog/server/log4j.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar /usr/share/graylog-server/graylog.jar server -f /etc/graylog/server/server.conf -np

[root@doru2 deploy]# netstat -tunelp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       User       Inode      PID/Program name    
tcp        0      0 127.0.0.1:27017         0.0.0.0:*               LISTEN      991        100234     25747/mongod        
tcp        0      0 0.0.0.0:111             0.0.0.0:*               LISTEN      0          16996      820/rpcbind         
tcp        0      0 0.0.0.0:80              0.0.0.0:*               LISTEN      0          22667      1563/nginx: master  
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      0          22086      1504/sshd           
tcp        0      0 127.0.0.1:25            0.0.0.0:*               LISTEN      0          24601      1994/master         
tcp6       0      0 :::111                  :::*                    LISTEN      0          16999      820/rpcbind         
tcp6       0      0 10.1.10.134:9200        :::*                    LISTEN      990        53978      10878/Java          
tcp6       0      0 10.1.10.134:9300        :::*                    LISTEN      990        52910      10878/Java          
tcp6       0      0 :::22                   :::*                    LISTEN      0          22088      1504/sshd           
tcp6       0      0 ::1:25                  :::*                    LISTEN      0          24602      1994/master         
udp        0      0 0.0.0.0:111             0.0.0.0:*                           0          16934      820/rpcbind         
udp        0      0 0.0.0.0:123             0.0.0.0:*                           0          17863      813/chronyd         
udp        0      0 127.0.0.1:323           0.0.0.0:*                           0          17865      813/chronyd         
udp        0      0 0.0.0.0:18893           0.0.0.0:*                           0          21509      1311/dhclient       
udp        0      0 0.0.0.0:53726           0.0.0.0:*                           70         18826      793/avahi-daemon: r 
udp        0      0 0.0.0.0:973             0.0.0.0:*                           0          16995      820/rpcbind         
udp        0      0 0.0.0.0:5353            0.0.0.0:*                           70         18825      793/avahi-daemon: r

[root@doru2 deploy]# firewall-cmd --list-all
public (default, active)
  interfaces: eno16777736
  sources: 
  services: dhcpv6-client ssh
  ports: 9200/tcp 9300/udp 12900/tcp 9300/tcp
  masquerade: no
  forward-ports: 
  icmp-blocks: 
  rich rules: 

[root@doru2 deploy]# systemctl status iptables
iptables.service - IPv4 firewall with iptables
   Loaded: loaded (/usr/lib/systemd/system/iptables.service; disabled)
   Active: inactive (dead)

[root@doru2 deploy]# semanage port -l | grep 12900
http_port_t                    tcp      12900, 80, 81, 443, 488, 8008, 8009, 8443, 9000

SElinux監査ログには、関連する例外は示されていません。

[root@doru2 deploy]# grep -v -w graylog-web /var/log/audit/audit.log | grep -v -w crond_t
type=MAC_POLICY_LOAD msg=audit(1438973046.052:25205): policy loaded auid=1001 ses=2
type=SYSCALL msg=audit(1438973046.052:25205): Arch=c000003e syscall=1 success=yes exit=3770462 a0=4 a1=7f7f2403e010 a2=39885e a3=7ffeb5dd0760 items=0 ppid=69239 pid=69302 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=MAC_POLICY_LOAD msg=audit(1438973101.674:25222): policy loaded auid=1001 ses=2
type=SYSCALL msg=audit(1438973101.674:25222): Arch=c000003e syscall=1 success=yes exit=3770418 a0=4 a1=7f41b3048010 a2=398832 a3=7ffde8b85280 items=0 ppid=69492 pid=69562 auid=1001 uid=0 gid=0 euid=0 suid=0 fsuid=0 egid=0 sgid=0 fsgid=0 tty=pts0 ses=2 comm="load_policy" exe="/usr/sbin/load_policy" subj=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023 key=(null)
type=USER_AVC msg=audit(1438973169.169:25243): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=2)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=USER_AVC msg=audit(1438973169.169:25244): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='avc:  received policyload notice (seqno=3)  exe="/usr/lib/systemd/systemd" sauid=0 hostname=? addr=? terminal=?'
type=SERVICE_STOP msg=audit(1438973169.174:25245): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="graylog-server" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'
type=SERVICE_START msg=audit(1438973169.195:25246): pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg=' comm="graylog-server" exe="/usr/lib/systemd/systemd" hostname=? addr=? terminal=? res=success'

グレイログサーバーログは、ユニキャストアドレスのみを使用するように構成されている場合でも、zenマルチキャストトランスポートハンドラーを登録し続けることを示しています。

2015-08-06T18:42:36.749-07:00 INFO  [CmdLineTool] Loaded plugins: [Anonymous Usage Statistics 1.1.1 [org.graylog.plugins.usagestatistics.UsageStatsPlugin]]
2015-08-06T18:42:36.879-07:00 INFO  [CmdLineTool] Running with JVM arguments: -Xms256m -Xmx1g -XX:NewRatio=1 -XX:+ResizeTLAB -XX:+UseConcMarkSweepGC -XX:+CMSConcurrentMTEnabled -XX:+CMSClassUnloadingEnabled -XX:+UseParNewGC -XX:-OmitStackTraceInFastThrow -Dlog4j.configuration=file:///etc/graylog/server/log4j.xml -Djava.library.path=/usr/share/graylog-server/lib/sigar
2015-08-06T18:42:40.871-07:00 INFO  [InputBufferImpl] Message journal is enabled.
2015-08-06T18:42:41.234-07:00 INFO  [LogManager] Loading log 'messagejournal-0'
2015-08-06T18:42:41.304-07:00 INFO  [KafkaJournal] Initialized Kafka based journal at /var/lib/graylog-server/journal
2015-08-06T18:42:41.316-07:00 INFO  [InputBufferImpl] Initialized InputBufferImpl with ring size <65536> and wait strategy <BlockingWaitStrategy>, running 2 parallel message handlers.
2015-08-06T18:42:41.486-07:00 INFO  [NodeId] Node ID: 22261716-e535-47eb-a02b-395b2f2983ee
2015-08-06T18:42:41.713-07:00 INFO  [node] [doru2] version[1.6.2], pid[17622], build[6220391/2015-07-29T09:24:47Z]
2015-08-06T18:42:41.713-07:00 INFO  [node] [doru2] initializing ...
2015-08-06T18:42:41.782-07:00 INFO  [plugins] [doru2] loaded [graylog2-monitor], sites []
2015-08-06T18:42:43.988-07:00 WARN  [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@171228a4, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@292a32d1
2015-08-06T18:42:44.727-07:00 WARN  [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@22e2821f, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@171228a4
2015-08-06T18:42:44.729-07:00 WARN  [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@7ff210cf, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@22e2821f
2015-08-06T18:42:44.731-07:00 WARN  [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@6d2dc7a8, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@7ff210cf
2015-08-06T18:42:44.743-07:00 WARN  [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@4099f1f0, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@6d2dc7a8
2015-08-06T18:42:44.744-07:00 WARN  [transport] [doru2] Registered two transport handlers for action internal:discovery/zen/multicast, handlers: org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@3adae4b2, org.elasticsearch.discovery.zen.ping.multicast.MulticastZenPing$MulticastPingResponseRequestHandler@4099f1f0

20分の期間に2300件の警告が記録されました。 /etc/graylog/server/server.confの本質は次のとおりです。

[root@doru2 deploy]# grep -v ^\# /etc/graylog/server/server.conf | sort -u
allow_highlighting = false
allow_leading_wildcard_searches = false
dead_letters_enabled = false
elasticsearch_analyzer = standard
elasticsearch_cluster_discovery_timeout = 5000
elasticsearch_cluster_name = graylog-cluster
elasticsearch_config_file = /etc/graylog/server/elasticsearch.yml
elasticsearch_discovery_zen_ping_multicast_enabled = False
elasticsearch_discovery_zen_ping_unicast_hosts = ['10.1.10.133:9300', '10.1.10.134:9300']
elasticsearch_http_enabled = false
elasticsearch_index_prefix = graylog2
elasticsearch_max_docs_per_index = 20000000
elasticsearch_max_number_of_indices = 20
elasticsearch_network_bind_Host = 
elasticsearch_network_Host = 
elasticsearch_network_publish_Host = 
elasticsearch_node_data = false
elasticsearch_node_master = false
elasticsearch_node_name = doru2
elasticsearch_replicas = 0
elasticsearch_shards = 4
elasticsearch_transport_tcp_port = 9300
is_master = false
lb_recognition_period_seconds = 3
message_journal_dir = /var/lib/graylog-server/journal
message_journal_enabled = true
message_journal_max_age = 12h
message_journal_max_size = 5gb
mongodb_max_connections = 100
mongodb_password = 
mongodb_replica_set = localhost:27017
mongodb_threads_allowed_to_block_multiplier = 5
mongodb_uri = mongodb://127.0.0.1:27017/graylog
mongodb_useauth = false
mongodb_user = 
node_id_file = /etc/graylog/server/node-id
output_batch_size = 25
outputbuffer_processors = 3
output_flush_interval = 1
password_secret = 2jueVqZpwLLjaWxV
plugin_dir = /usr/share/graylog-server/plugin
processbuffer_processors = 5
processor_wait_strategy = blocking
rest_enable_cors = true
rest_enable_gzip = true
rest_listen_uri = http://127.0.0.1:12900/
rest_transport_uri = http://127.0.0.1:12900/
retention_strategy = delete
root_email = 
root_password_sha2 = 8c6976e5b5410415bde908bd4dee15dfb167a9c873fc4bb8a81f6f2ab448a918
root_timezone = UTC
root_username = admin
rotation_strategy = count
stream_processing_max_faults = 3
stream_processing_timeout = 2000
telemetry_enabled = false
transport_email_auth_password = 
transport_email_auth_username = 
transport_email_enabled = false
transport_email_from_email = 
transport_email_hostname = 
transport_email_port = 587
transport_email_subject_prefix = [graylog]
transport_email_use_auth = true
transport_email_use_ssl = true
transport_email_use_tls = true
transport_email_web_interface_url = 

私が見る唯一のエラーは/ var/log/messagesにあります

Aug  7 12:32:59 localhost systemd: Started Graylog server.
Aug  7 12:37:20 localhost graylog-server: Exception in thread "main" Java.lang.OutOfMemoryError: Java heap space
Aug  7 12:37:20 localhost graylog-server: at Java.util.Arrays.copyOf(Arrays.Java:2367)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.AbstractStringBuilder.expandCapacity(AbstractStringBuilder.Java:130)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.AbstractStringBuilder.ensureCapacityInternal(AbstractStringBuilder.Java:114)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.AbstractStringBuilder.append(AbstractStringBuilder.Java:415)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.StringBuilder.append(StringBuilder.Java:132)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.StringBuilder.append(StringBuilder.Java:179)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.StringBuilder.append(StringBuilder.Java:72)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter$FormatSpecifier.print(Formatter.Java:2865)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter$FormatSpecifier.printString(Formatter.Java:2838)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter$FormatSpecifier.print(Formatter.Java:2718)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter.format(Formatter.Java:2488)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter.format(Formatter.Java:2423)
Aug  7 12:37:20 localhost graylog-server: at org.elasticsearch.common.inject.internal.Errors.format(Errors.Java:474)
Aug  7 12:37:20 localhost graylog-server: at org.elasticsearch.common.inject.CreationException.getMessage(CreationException.Java:55)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.Throwable.getLocalizedMessage(Throwable.Java:391)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.Throwable.toString(Throwable.Java:480)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter$FormatSpecifier.printString(Formatter.Java:2838)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter$FormatSpecifier.print(Formatter.Java:2718)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter.format(Formatter.Java:2488)
Aug  7 12:37:20 localhost graylog-server: at Java.util.Formatter.format(Formatter.Java:2423)
Aug  7 12:37:20 localhost graylog-server: at Java.lang.String.format(String.Java:2792)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.format(Errors.Java:556)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.addMessage(Errors.Java:539)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.errorInUserCode(Errors.Java:421)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.Errors.errorInProvider(Errors.Java:376)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.BoundProviderFactory.provision(BoundProviderFactory.Java:74)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.ProviderInternalFactory.circularGet(ProviderInternalFactory.Java:61)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.BoundProviderFactory.get(BoundProviderFactory.Java:62)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.ProviderToInternalFactoryAdapter$1.call(ProviderToInternalFactoryAdapter.Java:46)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.InjectorImpl.callInContext(InjectorImpl.Java:1103)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.ProviderToInternalFactoryAdapter.get(ProviderToInternalFactoryAdapter.Java:40)
Aug  7 12:37:20 localhost graylog-server: at com.google.inject.internal.SingletonScope$1.get(SingletonScope.Java:145)

私が使用しているVMには4GBのRAMがあり、JVMは1Gを使用するように構成されています。メモリ不足エラーは次の結果であるかどうか疑問に思います。大量のマルチキャストトランスポートハンドラーを開始します。何かアイデアはありますか?

1
Doru C.

これを/etc/graylog/server/server.confのelasticsearch_discovery_zen_ping_unicast_hosts値までさかのぼります。これはJavaプロパティファイルであるため、値は次のようにフォーマットする必要があります。

elasticsearch_discovery_zen_ping_unicast_hosts = 10.1.10.134:9300
elasticsearch_discovery_zen_ping_unicast_hosts = 10.1.10.134:9300,10.1.10.133:9300

このようなYAML形式は避けてください。 1.1.6のように、Graylogコードは、不適切にフォーマットされた値にフラグを立てません。

elasticsearch_discovery_zen_ping_unicast_hosts = "10.1.10.134:9300"
elasticsearch_discovery_zen_ping_unicast_hosts = [ "10.1.10.134:9300" ]
1
Doru C.