web-dev-qa-db-ja.com

Ubuntuの監査プラグイン:CONTROL [メイン]失敗したグローバル初期化:FileNotOpen: "/ path"を開けませんでした:終了ステータス1

MongoDB 3.2.11を使用して、 Audit を有効にします。

バージョン2.6の新機能。

MongoDB Enterpriseには、mongodおよびmongosインスタンスの監査機能が含まれています。監査機能により、管理者とユーザーは、複数のユーザーとアプリケーションを使用した展開のシステムアクティビティを追跡できます。

これが私たちのスタートアップ構成ですmongodb.conf

auditLog:
  destination: file
  filter: '{ atype: { $in: [ "createCollection", "dropCollection", "createDatabase",
    "createIndex", "renameCollection", "dropDatabase", "dropIndex", "createUser",
    "dropUser", "dropAllUsersFromDatabase", "updateUser", "grantRolesToUser", "revokeRolesFromUser",
    "createRole", "updateRole", "dropRole", "dropAllRolesFromDatabase", "grantRolesToRole",
    "revokeRolesFromRole", "grantPrivilegesToRole", "revokePrivilegesFromRole", "enableSharding",
    "shardCollection", "addShard", "removeShard", "shutdown", "applicationMessage",
    "authCheck" ] } }'
  format: BSON
  path: /opt/mongouser/store/mongodb-audit
net:
  port: 27000
operationProfiling: {}
processManagement:
  fork: "true"
replication:
  replSetName: rs-testname
security:
  authorization: enabled
  keyFile: /opt/mongouser/store/auto-mms/keyfile
storage:
  dbPath: /opt/mongouser/store/mongodb-data/rs-testname_1
  directoryPerDB: true
  engine: wiredTiger
  wiredTiger:
    engineConfig:
      directoryForIndexes: true
systemLog:
  destination: file
  path: /opt/mongouser/store/mongodb-data/rs-testname_1/mongodb.log

mongodb.log(唯一のエントリ)。ここでは、起動時の strace 出力です。

2017-02-23T16:20:54.430+0000 F CONTROL  [main] Failed global initialization: FileNotOpen: Failed to open "/opt/mongouser/store/mongodb-audit/"
 : exit status 1

出力(stdout/stderr):

about to fork child process, waiting until server is ready for connections.
forked process: 56468
ERROR: child process failed, exited with error number 1

ディレクトリ権限。データディレクトリと監査ディレクトリには同じ権限があります。データディレクトリが機能します。

 # ls -ald mongodb-*
drwxrwxrwx 2 mongouser mongouser   17 Feb 23 16:19 mongodb-audit
drwxrwxrwx 3 mongouser mongouser   37 Dec  7 11:14 mongodb-data
drwxr-xr-x 6 mongouser mongouser 4096 Dec  7 11:24 auto-mms

最大の冗長性を追加しましたが、mongodb.logにはまだ1行しかありません

systemLog:
  destination: file
  path: /path/mongodb.log
  verbosity: 5

linuxボックスについて。検索エンジンを使用すると、Windowsベースのシステムでのみ同様のエラーが見つかります。

$ cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=14.04
DISTRIB_CODENAME=trusty
DISTRIB_DESCRIPTION="Ubuntu 14.04.5 LTS"

何が悪いのですか?

mongodbpermissionssecurityauditmongodb-3.2
2
Ivanov

strace-f

マニュアルから

   -f          Trace child processes as they are created by currently traced processes as a result of the fork(2), vfork(2) and clone(2) system calls. Note that -p  PID  -f  will  attach  all  threads  of
               process PID if it is multi-threaded, not only thread with thread_id = PID.

出力

[pid 26580] open("/etc/sasl2/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 26580] open("/etc/sasl/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 26580] open("/usr/lib/x86_64-linux-gnu/sasl2/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 26580] open("/usr/lib/sasl2/mongodb.conf", O_RDONLY) = -1 ENOENT (No such file or directory)
[pid 26580] openat(AT_FDCWD, "/usr/lib/x86_64-linux-gnu/sasl2", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5
[pid 26580] getdents(5, /* 5 entries */, 32768) = 160
[pid 26580] getdents(5, /* 0 entries */, 32768) = 0
[pid 26580] close(5)                    = 0
[pid 26580] openat(AT_FDCWD, "/usr/lib/sasl2", O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC) = 5
[pid 26580] getdents(5, /* 2 entries */, 32768) = 48
[pid 26580] getdents(5, /* 0 entries */, 32768) = 0
[pid 26580] close(5)                    = 0
[pid 26580] open("/dev/urandom", O_RDONLY) = 5
[pid 26580] read(5, "\300\7&&\345\375\210\7}\\\23&\361\371\271\323\370\22\244 \177\213\23\322A\230s\253ACi\275"..., 8191) = 8191
[pid 26580] open("/dev/urandom", O_RDONLY) = 6
[pid 26580] read(6, "\5\231\332\351\32\2@L\362\202\354\350?|\207\340\241\271\222#\26\366Xuc\215\360FT\363N\236"..., 8191) = 8191
[pid 26580] close(6)                    = 0
[pid 26580] open("/dev/urandom", O_RDONLY) = 6
[pid 26580] open("/var/vcap/store/mongodb-audit", O_WRONLY|O_CREAT|O_APPEND, 0666) = -1 EISDIR (Is a directory)
[pid 26580] write(4, "2017-02-27T08:32:41.623+0000 F C"..., 137) = 137
[pid 26580] exit_group(1)               = ?
[pid 26580] +++ exited with 1 +++
[pid 26579] <... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 26580
[pid 26579] --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26580, si_status=1, si_utime=0, si_stime=0} ---
[pid 26579] exit_group(1)               = ?
[pid 26579] +++ exited with 1 +++
<... wait4 resumed> [{WIFEXITED(s) && WEXITSTATUS(s) == 1}], 0, NULL) = 26579
--- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=26579, si_status=1, si_utime=0, si_stime=0} ---
write(1, "ERROR: child process failed, exi"..., 56ERROR: child process failed, exited with error number 1
) = 56
exit_group(1)                           = ?
+++ exited with 1 +++

path: /opt/mongouser/store/mongodb-auditはディレクトリですが、bson拡張子の付いた通常のファイルである必要があります。

auditLog:
  destination: file
  filter: '{ atype: { $in: [ "createCollection", "dropCollection", "createDatabase",
    "createIndex", "renameCollection", "dropDatabase", "dropIndex", "createUser",
    "dropUser", "dropAllUsersFromDatabase", "updateUser", "grantRolesToUser", "revokeRolesFromUser",
    "createRole", "updateRole", "dropRole", "dropAllRolesFromDatabase", "grantRolesToRole",
    "revokeRolesFromRole", "grantPrivilegesToRole", "revokePrivilegesFromRole", "enableSharding",
    "shardCollection", "addShard", "removeShard", "shutdown", "applicationMessage",
    "authCheck" ] } }'
  format: BSON
  path: /opt/mongouser/store/mongodb-audit/log.bson
0
Ivanov

次の変更を使用して試してみることができます(末尾の/なし)。

path: /opt/mongouser/store/mongodb-audit

の代わりに:

path: /opt/mongouser/store/mongodb-audit/
0
Viorel Ciucu