Cacti Graphing 无法正常工作

Cacti Graphing 无法正常工作

我尝试在 CentOS 6 上使用 mariadb、nginx 1.4、php 5.4.x 设置 Cacti

我无法更新图表

我的 cacti 文件全部归用户 nginx 所有,所以我的 crontab 文件 /etc/cron.d/cacti 有

*/5 * * * *     nginx       /usr/bin/php -q /usr/share/nginx/html/cacti/poller.php > /var/local/log/poller.log 2>&1

但是,我看到它在 cron 日志中运行,但它没有在 poller.log 中产生任何输出,也没有更新 cacti.log。

Oct 13 12:20:01 srv CROND[14644]: (nginx) CMD (      /usr/bin/php -q usr/share/nginx/html/cacti/poller.php > /var/local/log/poller.log 2>&1)

我可以运行sudo -u nginx /usr/bin/php -q /usr/share/nginx/html/cacti/poller.php并查看输出,它似乎更新了.rrd文件。此外,我运行过一次sudo -u nginx php -q cli/rebuild_poller_cache.php,不知怎么地我在图表上得到了一个数据点,但我甚至无法再手动更新图表了。

cacti.log 中似乎没有任何有用的信息(仅在手动运行时才会更新)。我也没有在/var/log/secure有关 SELinux 的文件中看到任何信息,但我可能错过了(不确定要查找什么)。

我应该在哪里修复这个问题?为什么 cronjob 正在运行却不起作用?我怎样才能让图表再次更新?

更新:我觉得我明白问题所在了。我没有查看实际 rra 文件夹的权限,只查看了它的符号链接。我会尝试修复它。

相关rra文件的权限:

$ lll /usr/share/nginx/html/cacti/rra
lrwxrwxrwx. 1 nginx nginx 18 Oct 12 23:21 /usr/share/nginx/html/cacti/rra -> /var/lib/cacti/rra
$ lll /usr/share/nginx/html/cacti/rra/
total 340
drwxr-xr-x. 2 cacti root    4096 Oct 13 00:32 .
drwxr-xr-x. 5 root  root    4096 Oct 12 23:21 ..
-rw-r--r--. 1 nginx nginx 141640 Oct 13 12:12 localhost_load_1min_5.rrd
-rw-r--r--. 1 nginx nginx  47992 Oct 13 12:12 localhost_mem_buffers_3.rrd
-rw-r--r--. 1 nginx nginx  47992 Oct 13 12:12 localhost_mem_swap_4.rrd
-rw-r--r--. 1 nginx nginx  47992 Oct 13 12:12 localhost_proc_7.rrd
-rw-r--r--. 1 nginx nginx  47992 Oct 13 12:12 localhost_users_6.rrd
$ lll /var/lib/cacti/
total 20
drwxr-xr-x.  5 root  root 4096 Oct 12 23:21 .
drwxr-xr-x. 38 root  root 4096 Oct 12 23:21 ..
drwxr-xr-x.  2 root  root 4096 Oct 12 23:21 cli
lrwxrwxrwx.  1 root  root   24 Oct 12 23:21 include -> /usr/share/cacti/include
lrwxrwxrwx.  1 root  root   20 Oct 12 23:21 lib -> /usr/share/cacti/lib
drwxr-xr-x.  2 cacti root 4096 Oct 13 00:32 rra
drwxr-xr-x.  2 root  root 4096 Oct 12 23:21 scripts

这是我的部分audit.log(非常重复)

[matt@srv ~]$ sudo cat /var/log/audit/audit.log | grep denied
type=AVC msg=audit(1381785901.286:31729): avc:  denied  { getattr } for  pid=22067 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381786201.333:31742): avc:  denied  { getattr } for  pid=22087 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381786501.374:31749): avc:  denied  { getattr } for  pid=22114 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381786801.418:31762): avc:  denied  { getattr } for  pid=22134 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381787101.450:31769): avc:  denied  { getattr } for  pid=22151 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381787401.493:31782): avc:  denied  { getattr } for  pid=22171 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381787701.543:31789): avc:  denied  { getattr } for  pid=22188 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file
type=AVC msg=audit(1381788001.595:31800): avc:  denied  { getattr } for  pid=22208 comm="postdrop" path="/var/spool/postfix/public/pickup" dev=dm-0 ino=2224026 scontext=system_u:system_r:postfix_postdrop_t:s0-s0:c0.c1023 tcontext=unconfined_u:object_r:postfix_public_t:s0 tclass=sock_file

答案1

我必须修复符号链接目录的父级权限

/var/lib/cacti/rra

/var/log/cacti

注意:

$ ll /usr/share/cacti/
total 868
...
lrwxrwxrwx. 1 nginx nginx    18 Oct 12 23:21 cli -> /var/lib/cacti/cli
...
lrwxrwxrwx. 1 nginx nginx    15 Oct 12 23:21 log -> /var/log/cacti/
...
lrwxrwxrwx. 1 nginx nginx    18 Oct 12 23:21 rra -> /var/lib/cacti/rra
...
lrwxrwxrwx. 1 nginx nginx    22 Oct 12 23:21 scripts -> /var/lib/cacti/scripts

固定的:

chown -R nginx:nginx /var/log/cacti/
chown -R nginx:nginx /var/lib/cacti/rra

相关内容