我的一台虚拟机在 Azure 中运行 RHEL8,停机了几分钟。结果它重新启动了。遥测和日志显示没有问题。没有 dnf 更新,也没有计划的更新窗口。Azure 服务运行状况没什么可说的。官方故障排除文档适用。那么虚拟机为什么会重新启动?
我不能 100% 确定事件的顺序,但唯一的线索指向 Azure 发起的重启。Azure 门户上的活动日志报告了一个“健康事件”,即重启本身,不到 10 秒后标记为已解决。
"submissionTimestamp": "2024-01-24T05:14:50.701Z",
"properties": {
"title": "Reboot initiated from inside the machine",
"details": "The Virtual Machine is undergoing a reboot as requested by a restart action triggered by an authorized user or process from within the Virtual Machine. No other action is required at this time.",
"currentHealthStatus": "Unavailable",
"previousHealthStatus": "Unavailable",
"type": "Downtime",
"cause": "UserInitiated"
},
该事件被标记为已解决几秒钟后,虚拟机启动了:
[Wed Jan 24 05:15:01 2024] Linux version 4.18.0-513.11.1.el8_9.x86_64 ([email protected]) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-20) (GCC)) #1 SMP Thu Dec 7 03:06:13 EST 2023
约20秒之后,日志显示使用 sudo 的 OMI/omsagent:
Jan 24 07:15:19 <redacted> sudo[39861]: omsagent : TTY=unknown ; PWD=/opt/microsoft/omsconfig/Scripts/3.x ; USER=root ; COMMAND=/opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh
审计日志 ( ausearch --format text -if /var/log/audit/audit.log) 显示了 omsagent 在之前和之后一分钟内的一系列活动,其中包括以下内容:
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:13 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:16 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:15:16 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as root, successfully changed-login-id-to root
At 05:10:17 01/24/2024 root successfully triggered-unknown-audit-rule using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 root successfully started-session ? using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 system, acting as root, successfully started-service user@0 using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully negotiated-crypto-key SHA256:<redacted> using /usr/sbin/sshd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 root successfully changed-auditd-configuration using signal
At 05:14:25 01/24/2024 unloaded-bpf-program 118
At 05:14:25 01/24/2024 system, acting as root, successfully started-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 unloaded-bpf-program 15
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/system
At 05:14:25 01/24/2024 system, acting as root, successfully started-service gcd using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service gcd using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully started-service mdatp using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully stopped-service mdatp using /usr/lib/systemd/systemd