Uma máquina virtual minha, executando RHEL8 no Azure, ficou inativa por alguns minutos. Acontece que ele foi reiniciado. A telemetria e os registros não mostram problemas. Não houve atualizações DNF e nenhuma janela de atualização agendada.Integridade do serviço Azurenão tem nada a dizer. Nada nodocumentos oficiais de solução de problemasse aplica. Então, por que a máquina virtual foi reinicializada?
Não tenho 100% de certeza da sequência de eventos, mas as únicas dicas apontam para uma reinicialização iniciada pelo Azure. O registo de atividades no portal do Azure reporta um "evento de saúde", que é o próprio reinício, marcado como resolvido menos de 10 segundos depois.
"submissionTimestamp": "2024-01-24T05:14:50.701Z",
"properties": {
"title": "Reboot initiated from inside the machine",
"details": "The Virtual Machine is undergoing a reboot as requested by a restart action triggered by an authorized user or process from within the Virtual Machine. No other action is required at this time.",
"currentHealthStatus": "Unavailable",
"previousHealthStatus": "Unavailable",
"type": "Downtime",
"cause": "UserInitiated"
},
A VM foi inicializada alguns segundos depois que o evento foi marcado como resolvido:
[Wed Jan 24 05:15:01 2024] Linux version 4.18.0-513.11.1.el8_9.x86_64 ([email protected]) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-20) (GCC)) #1 SMP Thu Dec 7 03:06:13 EST 2023
Cerca de 20 segundosmais tarde, os logs mostram OMI/omsagent usando sudo:
Jan 24 07:15:19 <redacted> sudo[39861]: omsagent : TTY=unknown ; PWD=/opt/microsoft/omsconfig/Scripts/3.x ; USER=root ; COMMAND=/opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh
O log de auditoria ( ausearch --format text -if /var/log/audit/audit.log) mostra uma enxurrada de atividades do omsagent no minuto anterior e posterior, com linhas como:
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:13 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:16 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:15:16 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as root, successfully changed-login-id-to root
At 05:10:17 01/24/2024 root successfully triggered-unknown-audit-rule using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 root successfully started-session ? using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 system, acting as root, successfully started-service user@0 using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully negotiated-crypto-key SHA256:<redacted> using /usr/sbin/sshd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 root successfully changed-auditd-configuration using signal
At 05:14:25 01/24/2024 unloaded-bpf-program 118
At 05:14:25 01/24/2024 system, acting as root, successfully started-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 unloaded-bpf-program 15
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/system
At 05:14:25 01/24/2024 system, acting as root, successfully started-service gcd using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service gcd using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully started-service mdatp using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully stopped-service mdatp using /usr/lib/systemd/systemd