【故障解读】Tableau Server初始化现error 10,且/bin/chmod权限受限

作者喜乐君发表在Tableau Server标签:

近日,协助台湾地区某伙伴解决某客户的服务器问题,该问题是我之前没有遇到的,特此记录,分享诸君。

1、环境

服务器:虚拟机

操作系统:Radhat 8.4

Tableau Server版本:2021.4.15

2、故障描述:

安装、激活、注册信息等各阶段一切正常,在初始化阶段,提示error 10,关键信息如下:

Unable  to install service in parallel: 

Error:TSM service returned status 10

具体故障描述如下图所示:

3、问题分析

但从console的报错无法推测故障原因,进一步查看日志,可以看到报错的细节,核心概括几条:

  • 报错前的工作项目是:Installing service appzookeeper in parallel
  • 错误的关键细节是,Caused by: java.io.IOException: Cannot run program “/bin/chmod”: error=13, Permission denied

因此,可以推测问题出在用户权限上。

  • 安装日志 app-install.log 位于 /var/opt/tableau/tableau_server/logs 中。
  • 升级日志 app-upgrade.log 位于 /var/opt/tableau/tableau_server/logs 中

完整的app-install.log日志如下:


2023-02-11 03:51:48.292 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.builder.BootstrapConfigurationBuilder - System processor count = 8
2023-02-11 03:51:48.292 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.builder.BootstrapConfigurationBuilder - System memory = 127185MB
2023-02-11 03:51:48.292 +0000 main : INFO  com.tableausoftware.installer.UserSettingsManager - features.SecureSecretStorage is true in cluster config
2023-02-11 03:51:48.388 +0000 main : DEBUG com.tableausoftware.installer.CryptoConfigManager - Copying from /var/opt/tableau/tableau_server/data/tabsvc/crypto/keystores/tableauserver.jks to /var/opt/tableau/tableau_server/data/tabsvc/config/clientfileservice_0.20214.23.0112.0350/tabsvc/keystores/tableauserver.jks
2023-02-11 03:51:48.390 +0000 main : DEBUG com.tableausoftware.installer.CryptoConfigManager - Copying from /var/opt/tableau/tableau_server/data/tabsvc/crypto/keystores/tableauserver.tks to /var/opt/tableau/tableau_server/data/tabsvc/config/clientfileservice_0.20214.23.0112.0350/tabsvc/keystores/tableauserver.tks
2023-02-11 03:51:48.579 +0000 main : DEBUG com.tableausoftware.installer.CryptoConfigManager - Cluster crypto key already exists in service keystore, nothing to do.
2023-02-11 03:51:48.580 +0000 main : INFO  com.tableausoftware.installer.UserSettingsManager - features.ParameterizedConfigOverrides is true in features.yml
2023-02-11 03:51:48.580 +0000 main : WARN  com.tableausoftware.tabadmin.configuration.overrides.ConfigOverrideParameter - Not adding role override since role is not set for host.
2023-02-11 03:51:48.581 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.CryptoProviderFactory - Reading config settings from /var/opt/tableau/tableau_server/data/tabsvc/services/clientfileservice_0.20214.23.0112.0350/templates/features.yml.
2023-02-11 03:51:48.586 +0000 main : DEBUG com.tableausoftware.tabadmin.configuration.FreemarkerProcessor - Reading freemarker yml template: /var/opt/tableau/tableau_server/data/tabsvc/services/clientfileservice_0.20214.23.0112.0350/templates/config-defaults.yml.ftl
2023-02-11 03:51:48.698 +0000 main : INFO  com.tableausoftware.installer.operations.AbstractBootstrapConfig - Successfully wrote user config yml to /var/opt/tableau/tableau_server/data/tabsvc/config/clientfileservice_0.20214.23.0112.0350/tabsvc.yml, feature flag features.SecureSecretStorage = true
2023-02-11 03:51:48.698 +0000 main : INFO  com.tableausoftware.installer.InstallerMain - Running operation RegisterServicesWithStateSinkOperation
2023-02-11 03:51:48.699 +0000 main : DEBUG com.tableausoftware.tabadmin.agent.state.ServiceStateFileSinkBase - Creating new services state
2023-02-11 03:51:48.728 +0000 main : INFO  com.tableausoftware.installer.InstallerMain - Running operation InstallServiceOperation
2023-02-11 03:51:48.730 +0000 pool-4-thread-1 : INFO  com.tableausoftware.installer.operations.InstallServiceOperation - Installing service appzookeeper in parallel
2023-02-11 03:51:48.730 +0000 pool-4-thread-1 : INFO  com.tableausoftware.service.deploy.ServiceConstructor - Installing service appzookeeper_0.20214.23.0112.0350
2023-02-11 03:51:48.733 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.exec.TabProcessRunner - Executing command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]"
2023-02-11 03:51:48.736 +0000 Thread-0 : DEBUG com.tableausoftware.exec.TabProcessRunner - Starting to process output from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]"
2023-02-11 03:51:48.736 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.exec.TabProcessRunner - Waiting for process from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]" to finish for 650 SECONDS
2023-02-11 03:51:51.630 +0000 Thread-0 : DEBUG com.tableausoftware.exec.TabProcessRunner - Finished processing output from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]"
2023-02-11 03:51:51.631 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.exec.TabProcessRunner - Waiting for line processing thread from command "[/var/opt/tableau/tableau_server/data/tabsvc/services/appzookeeper_0.20214.23.0112.0350/appzookeeper/control-appzookeeper, install]" to finish...
2023-02-11 03:51:51.631 +0000 pool-4-thread-1 : DEBUG com.tableausoftware.service.deploy.ServiceConstructor - Caused by: java.io.IOException: Cannot run program "/bin/chmod": error=13, Permission denied
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1128) ~[?:?]
	at java.lang.ProcessBuilder.start(ProcessBuilder.java:1071) ~[?:?]
	at com.tableausoftware.exec.TabProcessRunner.executeAsync(TabProcessRunner.java:332) ~[exec-utils-20214.0.10.jar:?]
	at com.tableausoftware.exec.TabProcessRunner.execute(TabProcessRunner.java:300) ~[exec-utils-20214.0.10.jar:?]
	at com.tableausoftware.exec.TabProcessRunner.execute(TabProcessRunner.java:287) ~[exec-utils-20214.0.10.jar:?]
	at com.tableausoftware.tabadmin.security.linux.LinuxFilePermissions.chmodRecursively(LinuxFilePermissions.java:89) ~[tab-tabadmin-security-linux-latest.jar:?]
	at com.tableausoftware.tabadmin.security.linux.LinuxFilePermissions.applyFilePermissions(LinuxFilePermissions.java:42) ~[tab-tabadmin-security-linux-latest.jar:?]
	at com.tableausoftware.zookeeper.Zookeeper$Commands.install(Zookeeper.java:322) ~[control-appzookeeper.jar:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ~[?:?]
	at jdk.internal.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:62) ~[?:?]
	at jdk.internal.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ~[?:?]
	at java.lang.reflect.Method.invoke(Method.java:566) ~[?:?]
	at com.tableausoftware.commandline.SwitchCommand$1.run(SwitchCommand.java:174) ~[tab-commandline-jewel-cli-latest.jar:?]
	... 4 more
Caused by: java.io.IOException: error=13, Permission denied

关于权限问题的几个可能性:

1、环境问题

虚拟环境特别容易出现 非固定IP,或者hostname设置错误的问题。固定IP容易设置,hostname错误通常出现在多节点安装时(相互之间通信由于hostname文件而失败)

因此,这两个推测最容易先被证伪。

2、管理员中帐号没有权限

个人常用admin帐号安装,admin需要加入sudoer权限,加入wheel组。

没有对应的权限。

[admin@ljbbj home]$ sudo yum install …………
[sudo] admin 的密码:
admin 不在 sudoers 文件中。此事将被报告。
[admin@ljbbj home]$ su 
密码:
[root@ljbbj home]# usermod -aG wheel admin
[root@ljbbj home]# chmod u+w /etc/sudoers

由于之前已经sudo 安装Tableau Server程序,因此排除sudo权限问题。

如果admin帐号没有添加到wheel,通常会在/etc/pam.d/su中出现如下报错信息(参考附近2):

auth required pam_wheel.so use_uid

本次故障首先排除了安装账号的问题。

3、特权账号的权限问题

Tableau安装过程中自动创建的特权账号tsmadmin和tableau,除非特殊情况,此类账号不应该手动处理。

由于初始化过程中,使用的admin帐号会切换到特权账号完成文件写入、运行,因此一些系统文件的权限限制,会阻碍特权账号的运行。

仔细查看日志文件会发现,有一个非常明显的提示:

Caused by: java.io.IOException: Cannot RUN program “/bin/chmod”: error=13, Permission denied

因此,就需要检查/bin/chmod的默认权限情况(运行权限对应的是x_execute)。

需要调整/bin/chmod的权限为 -rwsr-xr-x,后面是 两个r-x的组合,即群组和其他用户的权限。最常见的755的权限对应的权限分类如下图所示:

本次事故处理由于缺乏客户的真实环境,因此特意在自有的环境中做了模拟。

当手动调整/bin/chmod权限,减去了最后的x权限时,变成了754,此时就会出现出现了上述的错误;而当权限调整为755时,初始化则正常。

关联文章:

1、「tableau KB」Initialize Tsm On Tableau Server Linux Fails With Error Code 10

官方此文中介绍了一个极其相似的场景,也是出现了error 10的报错,只是权限问题的路径不同。 /tmp/.tableau_installfnp_lockfile权限问题,导致无法安装许可证进程。

官方的方案如下:

【喜乐君】切换到tmp路径并查看文件权限:
cd /tmp
ls -al

【喜乐君】.tableau_installfnp_lockfile应该对于tableau组和tableau用户有写W和运行R权限;如果权限不足,改为660;如果所属组不对,改为tableau

.tableau_installfnp_lockfile should have group tableau, owner tableau and have permissions -rw-rw—- 

If the permissions are wrong:

 sudo chmod 660 .tableau_installfnp_lockfile

If the owner or group owner is wrong:

sudo chown tableau:tableau .tableau_installfnp_lockfile

Then attempt the tsm-initialize command again.

2、【tableau KB】Authentication error: ‘Incorrect username or password, or username not member of administrative group?’ Using ‘tsm login -u username’

在本文中,提到了一个 tableau没有su权限的问题,因此需要检查/bin/su的默认权限。

  • To ensure tableau has su permissions, verify file mode of /bin/su is -rwsr-xr-x.
    • For example, -rwsr-xr-x. 1 root root 30092 Jun 22 2012 /bin/su
  • If not, run chmod 4755 /bin/su

作为特权账号,需要具有su的权限从来运行和写入很多文件。

发布者:喜乐君

喜乐君 | Tableau Partner,Tableau Desktop and Server QA Certification

发表评论

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com 徽标

您正在使用您的 WordPress.com 账号评论。 注销 /  更改 )

Twitter picture

您正在使用您的 Twitter 账号评论。 注销 /  更改 )

Facebook photo

您正在使用您的 Facebook 账号评论。 注销 /  更改 )

取消

Connecting to %s

%d 博主赞过: