我有一个新的 Rocky 8.6 系统,遇到了一个我从未见过的问题。当我尝试启动/重新启动时,ypbind.service 超时,但如果我以 root 身份运行 ypbind,它就会正常启动。客户端位于 ypserver 的安全网络中。防火墙已打开。SELinux 已禁用。
[root@ypclient ~]# ypbind -d
296044: parsing config file
296044: Trying entry: domain ypdom server 10.xxx.xx.xx
296044: parsed domain 'ypdom' server '10.xxx.xx.xx'
296044: add_server() domain: ypdom, host: 10.xxx.xx.xx, slot: 0
296044: [Welcome to ypbind-mt, version 2.5]
296044: ping interval is 300 seconds
296044: Register ypbind for inet,udp
296044: Register ypbind for inet,tcp
296044: Register ypbind for inet6,udp
296044: Register ypbind for inet6,tcp
296044: ypbindproc_domain_3_svc (ypdom) from 127.0.0.1 port 694
296044: Ping active server for 'ypdom'
^C
[root@ypclient ~]# systemctl restart ypbind.service
Job for ypbind.service failed because a timeout was exceeded.
See "systemctl status ypbind.service" and "journalctl -xe" for details.
Sep 13 12:53:11 ypclient systemd[1]: Starting NIS/YP (Network Information Service) Clients to NIS Domain Binder...
Sep 13 12:53:11 ypclient setsebool[294999]: Could not change active booleans: Invalid boolean
Sep 13 12:54:41 ypclient systemd[1]: ypbind.service: Start-post operation timed out. Stopping.
Sep 13 12:54:41 ypclient systemd[1]: ypbind.service: Failed with result 'timeout'.
Sep 13 12:54:41 ypclient systemd[1]: Failed to start NIS/YP (Network Information Service) Clients to NIS Domain Binder.
当我尝试启动 ypbind 时,我可以从服务器获取 rpcinfo:
[root@ypserv ~]# rpcinfo 10.xxx.xx.xxx |grep ypbind
100007 3 udp 0.0.0.0.3.228 ypbind superuser
100007 2 udp 0.0.0.0.3.228 ypbind superuser
100007 1 udp 0.0.0.0.3.228 ypbind superuser
100007 3 tcp 0.0.0.0.3.228 ypbind superuser
100007 2 tcp 0.0.0.0.3.228 ypbind superuser
100007 1 tcp 0.0.0.0.3.228 ypbind superuser
100007 3 udp6 ::.3.228 ypbind superuser
100007 3 tcp6 ::.3.228 ypbind superuser
但超时后,rpcinfo 中没有显示任何内容。从客户端 rpcinfo -p 看,一切正常:
[root@ypclient ~]# rpcinfo -p ypserv
program vers proto port service
100000 4 tcp 111 portmapper
100000 3 tcp 111 portmapper
100000 2 tcp 111 portmapper
100000 4 udp 111 portmapper
100000 3 udp 111 portmapper
100000 2 udp 111 portmapper
100005 1 udp 20048 mountd
100005 1 tcp 20048 mountd
100005 2 udp 20048 mountd
100005 2 tcp 20048 mountd
100005 3 udp 20048 mountd
100005 3 tcp 20048 mountd
100003 3 tcp 2049 nfs
100003 4 tcp 2049 nfs
100227 3 tcp 2049 nfs_acl
100021 1 udp 49486 nlockmgr
100021 3 udp 49486 nlockmgr
100021 4 udp 49486 nlockmgr
100021 1 tcp 32977 nlockmgr
100021 3 tcp 32977 nlockmgr
100021 4 tcp 32977 nlockmgr
100024 1 udp 59518 status
100024 1 tcp 42633 status
100004 2 udp 695 ypserv
100004 1 udp 695 ypserv
100004 2 tcp 695 ypserv
100004 1 tcp 695 ypserv
100009 1 udp 918 yppasswdd
100009 1 tcp 918 yppasswdd
100007 3 udp 882 ypbind
100007 2 udp 882 ypbind
100007 1 udp 882 ypbind
100007 3 tcp 882 ypbind
100007 2 tcp 882 ypbind
100007 1 tcp 882 ypbind
我唯一能想到的是 nsswitch.conf 已经改变。我正在使用集群其余部分正在使用的那个,但我注意到默认的那个有其他问题,我不得不移动一些东西才能让它解决 ypserv。
nsswitch.conf
passwd: files nis
shadow: files nis
group: files nis
hosts: files nis dns
services: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
bootparams: nis [NOTFOUND=return] files
netgroup: nis
publickey: nis
automount: files nis
aliases: files nis
答案1
好吧,经过反复尝试,我发现我的想法是正确的。它是 nsswitch.conf。它有效:
aliases: files nis
automount: files nis
ethers: files nis
group: files nis systemd
hosts: files nis dns myhostname
initgroups: files nis
netgroup: files nis
networks: files nis
passwd: files nis systemd
protocols: files nis
publickey: files nis
rpc: files nis
services: files nis
shadow: files nis