事象内容
Redis サービスが起動しない。
[root@localhost ~]# systemctl status redis_1 ● redis_1.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis_1.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since 日 2019-01-20 03:55:50 JST; 2min 40s ago Process: 3299 ExecStop=/usr/libexec/redis-shutdown-1 (code=exited, status=1/FAILURE) Process: 3286 ExecStart=/usr/bin/redis-server /etc/redis/6381.conf --supervised systemd (code=exited, status=1/FAILURE) Main PID: 3286 (code=exited, status=1/FAILURE) 1月 20 03:55:50 localhost.localdomain systemd[1]: Starting Redis persistent... 1月 20 03:55:50 localhost.localdomain systemd[1]: Started Redis persistent ... 1月 20 03:55:50 localhost.localdomain systemd[1]: redis_1.service: main pro... 1月 20 03:55:50 localhost.localdomain systemd[1]: redis_1.service: control ... 1月 20 03:55:50 localhost.localdomain systemd[1]: Unit redis_1.service ente... 1月 20 03:55:50 localhost.localdomain systemd[1]: redis_1.service failed. Hint: Some lines were ellipsized, use -l to show in full. [root@localhost ~]#
Redis サービスのログ( /var/log/redis/redis_6381.log )には、下記のようなメッセージが出力されている。
Server can't set maximum open files to 10032 because of OS error: Operation not permitted.
Creating Server TCP listening socket 192.168.24.199:6381: bind: Permission denied
[root@localhost ~]# tail -F /var/log/redis/redis_6381.log 4429:C 20 Jan 03:21:43.313 * supervised by systemd, will signal readiness 4429:M 20 Jan 03:21:43.314 # You requested maxclients of 10000 requiring at least 10032 max file descriptors. 4429:M 20 Jan 03:21:43.314 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted. 4429:M 20 Jan 03:21:43.314 # Current maximum open files is 4096. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'. 4429:M 20 Jan 03:21:43.314 # Creating Server TCP listening socket 192.168.24.199:6381: bind: Permission denied 4470:C 20 Jan 03:23:53.585 * supervised by systemd, will signal readiness 4470:M 20 Jan 03:23:53.586 # You requested maxclients of 10000 requiring at least 10032 max file descriptors. 4470:M 20 Jan 03:23:53.586 # Server can't set maximum open files to 10032 because of OS error: Operation not permitted. 4470:M 20 Jan 03:23:53.586 # Current maximum open files is 4096. maxclients has been reduced to 4064 to compensate for low ulimit. If you need higher maxclients increase 'ulimit -n'. 4470:M 20 Jan 03:23:53.586 # Creating Server TCP listening socket 192.168.24.199:6381: bind: Permission denied ^C [root@localhost ~]#
Audit ログ( /var/log/audit/audit.log )には、SELinux で拒否されているメッセージが出力されている。
[root@localhost ~]# tail -F /var/log/audit/audit.log type=AVC msg=audit(1547923138.496:3750): avc: denied { name_connect } for pid=4636 comm="redis-server" dest=6381 scontext=system_u:system_r:redis_t:s0 tcontext=system_u:object_r:unreserved_port_t:s0 tclass=tcp_socket
解決方法
SELinux にアクセスが拒否されていることが原因であるため、SELinux を無効化するか、もしくは SELinux でアクセスを許可する設定をします。
[root@localhost ~]# systemctl start redis_1 [root@localhost ~]# systemctl status redis_1 ● redis_1.service - Redis persistent key-value database Loaded: loaded (/usr/lib/systemd/system/redis_1.service; disabled; vendor preset: disabled) Active: active (running) since 日 2019-01-20 03:26:23 JST; 5s ago Process: 4471 ExecStop=/usr/libexec/redis-shutdown-1 (code=exited, status=1/FAILURE) Main PID: 4498 (redis-server) CGroup: /system.slice/redis_1.service └─4498 /usr/bin/redis-server 192.168.24.199:6381 1月 20 03:26:23 localhost.localdomain systemd[1]: Starting Redis persistent... 1月 20 03:26:23 localhost.localdomain systemd[1]: Started Redis persistent ... Hint: Some lines were ellipsized, use -l to show in full. [root@localhost ~]#