Landscape 16.06 security_update_db.sh 错误

tag-icon tag-icon 16.04 server proxy landscape
Landscape 16.06 security_update_db.sh 错误

我知道 cron 作业无法通过代理运行,但是当我尝试通过此处概述的命令手动运行 security_update_db.sh 时https://help.landscape.canonical.com/LDS/ValidationGuide

sudo -u landscape bash -x /opt/canonical/landscape/scripts/update_security_db.sh

文件已下载,但当脚本经过下载部分时出现错误。

+ output='  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                             Dload  Upload   Total   Spent    Left  Speed
100 11.1M  100 11.1M    0     0   355k      0  0:00:32  0:00:32 --:--:--  315k'
+ '[' 0 -ne 0 ']'
+ mv -f /var/lib/landscape/usndb.pickle.bz2-new /var/lib/landscape/usndb.pickle.bz2
+ cd /opt/canonical/landscape
+ set -o pipefail
+ bzcat /var/lib/landscape/usndb.pickle.bz2
+ ./process-usns /dev/stdin
+ pipe_to_syslog update-security-db
+ tag=update-security-db
++ get_logger_arguments
++ echo /dev/log
++ grep -q :
++ '[' -n /dev/log ']'
++ '[' /dev/log '!=' /dev/log ']'
++ echo ''
+ args=
+ logger -s -p user.error -t update-security-db
<11>Feb  3 22:11:31 update-security-db: Traceback (most recent call last):
<11>Feb  3 22:11:31 update-security-db:   File "./process-usns", line 7, in <module>
<11>Feb  3 22:11:31 update-security-db:     canonical.landscape.scripts.usn.run()
<11>Feb  3 22:11:31 update-security-db:   File "/opt/canonical/landscape/canonical/landscape/scripts/batch.py", line 66, in __call__
<11>Feb  3 22:11:31 update-security-db:     code = self.run()
<11>Feb  3 22:11:31 update-security-db:   File "/opt/canonical/landscape/canonical/landscape/scripts/usn.py", line 40, in run
<11>Feb  3 22:11:31 update-security-db:     changeset = update_from_usn_tool_db(db)
<11>Feb  3 22:11:31 update-security-db:   File "/opt/canonical/landscape/canonical/landscape/model/package/usn.py", line 195, in update_from_usn_tool_db
<11>Feb  3 22:11:31 update-security-db:     added=added_package_usns_map, removed=removed_package_usns_map)
<11>Feb  3 22:11:31 update-security-db:   File "/opt/canonical/landscape/canonical/landscape/model/package/client.py", line 38, in query
<11>Feb  3 22:11:31 update-security-db:     return self._query(method, params)
<11>Feb  3 22:11:31 update-security-db:   File "/opt/canonical/landscape/canonical/landscape/model/package/client.py", line 60, in _query
<11>Feb  3 22:11:31 update-security-db:     raise PackageSearchRequestError(loads(error.body)["Error"])
<11>Feb  3 22:11:31 update-security-db:   File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
<11>Feb  3 22:11:31 update-security-db:     return _default_decoder.decode(s)
<11>Feb  3 22:11:31 update-security-db:   File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
<11>Feb  3 22:11:31 update-security-db:     obj, end = self.raw_decode(s, idx=_w(s, 0).end())
<11>Feb  3 22:11:31 update-security-db:   File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
<11>Feb  3 22:11:31 update-security-db:     raise ValueError("No JSON object could be decoded")
<11>Feb  3 22:11:31 update-security-db: ValueError: No JSON object could be decoded
+ '[' 1 -ne 0 ']'
+ alert_admin update_security_db.sh
+ echo 'Error running /opt/canonical/landscape/scripts/update_security_db.sh: 0'
Error running /opt/canonical/landscape/scripts/update_security_db.sh: 0
+ echo 'Check out the syslog output for script update_security_db.sh.'
Check out the syslog output for script update_security_db.sh.
+ exit 1
+ release_lock update_security_db.sh
+ get_distributed_lock update_security_db.sh --release
+ local command=/opt/canonical/landscape/get-distributed-lock
+ /opt/canonical/landscape/get-distributed-lock update_security_db.sh --release
+ rm -f /var/lock/update_security.lock

/var/log/landscape-server/security_update_db.log 的输出只是一遍又一遍地重复这一点:

Feb  3 16:11:38 update-security-db ERR  Traceback (most recent call last):
Feb  3 16:11:38 update-security-db ERR    File "./process-usns", line 7, in <module>
Feb  3 16:11:38 update-security-db ERR      canonical.landscape.scripts.usn.run()
Feb  3 16:11:38 update-security-db ERR    File "/opt/canonical/landscape/canonical/landscape/scripts/batch.py", line 66, in __call__
Feb  3 16:11:38 update-security-db ERR      code = self.run()
Feb  3 16:11:38 update-security-db ERR    File "/opt/canonical/landscape/canonical/landscape/scripts/usn.py", line 40, in run
Feb  3 16:11:38 update-security-db ERR      changeset = update_from_usn_tool_db(db)
Feb  3 16:11:38 update-security-db ERR    File "/opt/canonical/landscape/canonical/landscape/model/package/usn.py", line 195, in update_from_usn_tool_db
Feb  3 16:11:38 update-security-db ERR      added=added_package_usns_map, removed=removed_package_usns_map)
Feb  3 16:11:38 update-security-db ERR    File "/opt/canonical/landscape/canonical/landscape/model/package/client.py", line 38, in query
Feb  3 16:11:38 update-security-db ERR      return self._query(method, params)
Feb  3 16:11:38 update-security-db ERR    File "/opt/canonical/landscape/canonical/landscape/model/package/client.py", line 60, in _query
Feb  3 16:11:38 update-security-db ERR      raise PackageSearchRequestError(loads(error.body)["Error"])
Feb  3 16:11:38 update-security-db ERR    File "/usr/lib/python2.7/json/__init__.py", line 339, in loads
Feb  3 16:11:38 update-security-db ERR      return _default_decoder.decode(s)
Feb  3 16:11:38 update-security-db ERR    File "/usr/lib/python2.7/json/decoder.py", line 364, in decode
Feb  3 16:11:38 update-security-db ERR      obj, end = self.raw_decode(s, idx=_w(s, 0).end())
Feb  3 16:11:38 update-security-db ERR    File "/usr/lib/python2.7/json/decoder.py", line 382, in raw_decode
Feb  3 16:11:38 update-security-db ERR      raise ValueError("No JSON object could be decoded")
Feb  3 16:11:38 update-security-db ERR  ValueError: No JSON object could be decoded

我确实有一个代理设置,并配置了环境变量,将代理信息添加到 /etc/environment、/etc/apt/apt.conf、/etc/wgetrc 以及 ~/curlrc

这让我真正下载https://usn.ubuntu.com/usn-db/database.pickle.bz2但当它尝试解析时似乎失败了。有人能解决这个问题吗?

答案1

我找到了一个解决方法。脚本https://usn.ubuntu.com/usn-db/database.pickle.bz2通过代理下载后,脚本将通过管道传输到本地主机上的 Web 服务HTTP: POST http://localhost:9099/UpdateUsns HTTP/1.1

这个在代理上失败,因为代理服务器无法访问你的本地主机接口。解决方案是仅为此调用禁用代理。即

编辑

/opt/canonical/landscape/canonical/landscape/model/package/client.py

在第 56 行左右

response = self.fetch(url, post=True, data=data, total_timeout=60")


response = self.fetch(url, post=True, data=data, total_timeout=60, proxy="")

欢呼 / 托尔

答案2

作为不改变 LDS 源的替代解决方案,将 localhost 设置(或附加)到变量NO_PROXY/etc/environment

HTTP_PROXY="..."
HTTPS_PROXY="..."
NO_PROXY="localhost"

/opt/canonical/landscape/scripts/landscape-env.py所有三个变量都将由脚本update_security_db.sh(以及所有其他 cron 作业脚本)引用来获取和导出。

(在 Landscape 专用服务器 18.03 上测试。)

答案3

检查 rabbitmq 是否正常,因为当它关闭时,当它尝试处理下载的文件时也会收到 111 错误。

当 rabbitmq 运行不正常时我也遇到过同样的情况,并且rabbitmqctl status显示

Status of node rabbit@landscape
Error: unable to connect to node rabbit@landscape: nodedown

DIAGNOSTICS
===========

attempted to contact: [rabbit@landscape]

rabbit@landscape:
  * connected to epmd (port 4369) on landscape
  * epmd reports: node 'rabbit' not running at all
                  other nodes on landscape: ['rabbitmq-cli-55']
  * suggestion: start the node

但是该命令rabbitmqctl start_app没有启动它并给出错误:

Starting node rabbit@landscape
Error: unable to connect to node rabbit@landscape: nodedown

我在一个论坛上找到了一份报告,报告显示清除 RabbitMQ 日志是有效的。我尝试了以下方法:

sudo service rabbitmq-server stop
sudo rm -rf /var/log/rabbitmq/*
sudo service rabbitmq-server start

之后,我可以rabbitmqctl start_app启动节点了。sudo -u landscape bash -x /opt/canonical/landscape/scripts/update_security_db.sh现在手动调用 update_security_db 脚本就可以了

相关内容