近日,协助台湾地区某伙伴解决某客户的服务器问题,该问题是我之前没有遇到的,特此记录,分享诸君。
1、环境
服务器:虚拟机
操作系统:Radhat 8.4
Tableau Server版本:2021.4.15
2、故障描述:
安装、激活、注册信息等各阶段一切正常,在初始化阶段,提示error 10,关键信息如下:
Unable to install service in parallel:
Error:TSM service returned status 10具体故障描述如下图所示:
3、问题分析
但从console的报错无法推测故障原因,进一步查看日志,可以看到报错的细节,核心概括几条:
- 报错前的工作项目是:Installing service appzookeeper in parallel
- 错误的关键细节是,Caused by: java.io.IOException: Cannot run program “/bin/chmod”: error=13, Permission denied
因此,可以推测问题出在用户权限上。
- 安装日志
app-install.log位于/var/opt/tableau/tableau_server/logs中。
- 升级日志
app-upgrade.log位于/var/opt/tableau/tableau_server/logs中
完整的app-install.log日志如下:
2023-02-11 03:51:48.292 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.builder.BootstrapConfigurationBuilder - System processor count = 8
2023-02-11 03:51:48.292 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.builder.BootstrapConfigurationBuilder - System memory = 127185MB
2023-02-11 03:51:48.292 +0000 main : INFO com.tableausoftware.installer.UserSettingsManager - features.SecureSecretStorage is true in cluster config
2023-02-11 03:51:48.388 +0000 main : DEBUG com.tableausoftware.installer.CryptoConfigManager - Copying from /var/opt/tableau/tableau_server/data/tabsvc/crypto/keystores/tableauserver.jks to /var/opt/tableau/tableau_server/data/tabsvc/config/clientfileservice_0.20214.23.0112.0350/tabsvc/keystores/tableauserver.jks
2023-02-11 03:51:48.390 +0000 main : DEBUG com.tableausoftware.installer.CryptoConfigManager - Copying from /var/opt/tableau/tableau_server/data/tabsvc/crypto/keystores/tableauserver.tks to /var/opt/tableau/tableau_server/data/tabsvc/config/clientfileservice_0.20214.23.0112.0350/tabsvc/keystores/tableauserver.tks
2023-02-11 03:51:48.579 +0000 main : DEBUG com.tableausoftware.installer.CryptoConfigManager - Cluster crypto key already exists in service keystore, nothing to do.
2023-02-11 03:51:48.580 +0000 main : INFO com.tableausoftware.installer.UserSettingsManager - features.ParameterizedConfigOverrides is true in features.yml
2023-02-11 03:51:48.580 +0000 main : WARN com.tableausoftware.tabadmin.configuration.overrides.ConfigOverrideParameter - Not adding role override since role is not set for host.
2023-02-11 03:51:48.581 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.CryptoProviderFactory - Reading config settings from /var/opt/tableau/tableau_server/data/tabsvc/services/clientfileservice_0.20214.23.0112.0350/templates/features.yml.
2023-02-11 03:51:48.586 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.FreemarkerProcessor - Reading freemarker yml template: /var/opt/tableau/tableau_server/data/tabsvc/services/clientfileservice_0.20214.23.0112.0350/templates/config-defaults.yml.ftl
2023-02-11 03:51:48.698 +0000 main : INFO com.tableausoftware.installer.operations.AbstractBootstrapConfig - Successfully wrote user config yml to /var/opt/tableau/tableau_server/data/tabsvc/config/clientfileservice_0.20214.23.0112.0350/tabsvc.yml, feature flag features.SecureSecretStorage = true
2023-02-11 03:51:48.698 +0000 main : INFO com.tableausoftware.installer.InstallerMain - Running operation RegisterServicesWithStateSinkOperation
2023-02-11 03:51:48.699 +0000 main : DEBUG com.tableausoftware.tabadmin.agent.state.ServiceStateFileSinkBase - Creating new services state
2023-02-11 03:51:48.728 +0000 main : INFO com.tableausoftware.installer.InstallerMain - Running operation InstallServiceOperation
2023-02-11 03:51:48.730 +0000 pool-4-thread-1 : INFO com.tableausoftware.installer.operations.InstallServiceOperation - Installing service appzookeeper in parallel
2023-02-11 03:51:48.730 +0000 pool-4-thread-1 : INFO com.tableausoftware.service.deploy.ServiceConstructor - Installing service appzookeeper_0.20214.23.0112.0350
2023-02-11 03:51:48.733 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.exec.TabProcessRunner - Executing command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]"
2023-02-11 03:51:48.736 +0000 Thread-0 : DEBUG com.tableausoftware.exec.TabProcessRunner - Starting to process output from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]"
2023-02-11 03:51:48.736 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.exec.TabProcessRunner - Waiting for process from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]" to finish for 650 SECONDS
2023-02-11 03:51:51.630 +0000 Thread-0 : DEBUG com.tableausoftware.exec.TabProcessRunner - Finished processing output from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]"
2023-02-11 03:51:51.631 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.exec.TabProcessRunner - Waiting for line processing thread from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]" to finish...
2023-02-11 03:51:51.631 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.service.deploy.ServiceConstructor - Caused by: java.io.IOException: Cannot run program "/bin/chmod": error=13, Permission denied
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1128) ~[?:?]
at java.lang.ProcessBuilder.start(ProcessBuilder.java:1071) ~[?:?]
at com.tableausoftware.exec.TabProcessRunner.executeAsync(TabProcessRunner.java:332) ~[exec-utils-20214.0.10.jar:?]
at com.tableausoftware.exec.TabProcessRunner.execute(TabProcessRunner.java:300) ~[exec-utils-20214.0.10.jar:?]
at com.tableausoftware.exec.TabProcessRunner.execute(TabProcessRunner.java:287) ~[exec-utils-20214.0.10.jar:?]
at com.tableausoftware.tabadmin.security.linux.LinuxFilePermissions.chmodRecursively(LinuxFilePermissions.java:89) ~[tab-tabadmin-security-linux-latest.jar:?]
at com.tableausoftware.tabadmin.security.linux.LinuxFilePermissions.applyFilePermissions(LinuxFilePermissions.java:42) ~[tab-tabadmin-security-linux-latest.jar:?]
at com.tableausoftware.zookeeper.Zookeeper$Commands.install(Zookeeper.java:322) ~[control-appzookeeper.jar:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
at com.tableausoftware.commandline.SwitchCommand$1.run(SwitchCommand.java:174) ~[tab-commandline-jewel-cli-latest.jar:?]
... 4 more
Caused by: java.io.IOException: error=13, Permission denied
关于权限问题的几个可能性:
1、环境问题
虚拟环境特别容易出现 非固定IP,或者hostname设置错误的问题。固定IP容易设置,hostname错误通常出现在多节点安装时(相互之间通信由于hostname文件而失败)
因此,这两个推测最容易先被证伪。
2、管理员中帐号没有权限
个人常用admin帐号安装,admin需要加入sudoer权限,加入wheel组。
没有对应的权限。
[admin@ljbbj home]$ sudo yum install …………
[sudo] admin 的密码:
admin 不在 sudoers 文件中。此事将被报告。
[admin@ljbbj home]$ su
密码:
[root@ljbbj home]# usermod -aG wheel admin
[root@ljbbj home]# chmod u+w /etc/sudoers由于之前已经sudo 安装Tableau Server程序,因此排除sudo权限问题。
如果admin帐号没有添加到wheel,通常会在/etc/pam.d/su中出现如下报错信息(参考附近2):
auth required pam_wheel.so use_uid
本次故障首先排除了安装账号的问题。
3、特权账号的权限问题
Tableau安装过程中自动创建的特权账号tsmadmin和tableau,除非特殊情况,此类账号不应该手动处理。
由于初始化过程中,使用的admin帐号会切换到特权账号完成文件写入、运行,因此一些系统文件的权限限制,会阻碍特权账号的运行。
仔细查看日志文件会发现,有一个非常明显的提示:
Caused by: java.io.IOException: Cannot RUN program “/bin/chmod”: error=13, Permission denied
因此,就需要检查/bin/chmod的默认权限情况(运行权限对应的是x_execute)。
需要调整/bin/chmod的权限为 -rwsr-xr-x,后面是 两个r-x的组合,即群组和其他用户的权限。最常见的755的权限对应的权限分类如下图所示:
本次事故处理由于缺乏客户的真实环境,因此特意在自有的环境中做了模拟。
当手动调整/bin/chmod权限,减去了最后的x权限时,变成了754,此时就会出现出现了上述的错误;而当权限调整为755时,初始化则正常。
关联文章:
1、「tableau KB」Initialize Tsm On Tableau Server Linux Fails With Error Code 10
官方此文中介绍了一个极其相似的场景,也是出现了error 10的报错,只是权限问题的路径不同。 /tmp/.tableau_installfnp_lockfile权限问题,导致无法安装许可证进程。
官方的方案如下:
【喜乐君】切换到tmp路径并查看文件权限:
cd /tmp
ls -al【喜乐君】.tableau_installfnp_lockfile应该对于tableau组和tableau用户有写W和运行R权限;如果权限不足,改为660;如果所属组不对,改为tableau
.tableau_installfnp_lockfile should have group tableau, owner tableau and have permissions -rw-rw—-
If the permissions are wrong:
sudo chmod 660 .tableau_installfnp_lockfileIf the owner or group owner is wrong:
sudo chown tableau:tableau .tableau_installfnp_lockfileThen attempt the tsm-initialize command again.
2、【tableau KB】Authentication error: ‘Incorrect username or password, or username not member of administrative group?’ Using ‘tsm login -u username’
在本文中,提到了一个 tableau没有su权限的问题,因此需要检查/bin/su的默认权限。
- To ensure tableau has su permissions, verify file mode of
/bin/su is -rwsr-xr-x.- For example, -rwsr-xr-x. 1 root root 30092 Jun 22 2012 /bin/su
- If not, run
chmod 4755 /bin/su
作为特权账号,需要具有su的权限从来运行和写入很多文件。