Моя виртуальная машина, работающая под управлением RHEL8 в Azure, была отключена на пару минут. Оказалось, что она перезагрузилась. Телеметрия и журналы не показывают никаких проблем. Не было никаких обновлений dnf и не было запланированного окна обновления.Состояние службы Azureнечего сказать. Ничего вофициальные документы по устранению неполадокприменимо. Так почему же виртуальная машина перезагрузилась?
Я не уверен на 100 % в последовательности событий, но единственные намеки указывают на перезагрузку, инициированную Azure. Журнал активности на портале Azure сообщает о «событии работоспособности», которое является самой перезагрузкой, помеченной как разрешенной менее чем через 10 секунд.
"submissionTimestamp": "2024-01-24T05:14:50.701Z",
"properties": {
"title": "Reboot initiated from inside the machine",
"details": "The Virtual Machine is undergoing a reboot as requested by a restart action triggered by an authorized user or process from within the Virtual Machine. No other action is required at this time.",
"currentHealthStatus": "Unavailable",
"previousHealthStatus": "Unavailable",
"type": "Downtime",
"cause": "UserInitiated"
},
Виртуальная машина загрузилась через пару секунд после того, как событие было отмечено как решенное:
[Wed Jan 24 05:15:01 2024] Linux version 4.18.0-513.11.1.el8_9.x86_64 ([email protected]) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-20) (GCC)) #1 SMP Thu Dec 7 03:06:13 EST 2023
Около 20 секундпозже, журналы показывают, что OMI/omsagent использует sudo:
Jan 24 07:15:19 <redacted> sudo[39861]: omsagent : TTY=unknown ; PWD=/opt/microsoft/omsconfig/Scripts/3.x ; USER=root ; COMMAND=/opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh
Журнал аудита ( ausearch --format text -if /var/log/audit/audit.log) показывает всплеск активности со стороны omsagent в течение минуты до и после, со строками вроде:
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:13 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:16 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:15:16 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as root, successfully changed-login-id-to root
At 05:10:17 01/24/2024 root successfully triggered-unknown-audit-rule using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 root successfully started-session ? using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 system, acting as root, successfully started-service user@0 using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully negotiated-crypto-key SHA256:<redacted> using /usr/sbin/sshd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 root successfully changed-auditd-configuration using signal
At 05:14:25 01/24/2024 unloaded-bpf-program 118
At 05:14:25 01/24/2024 system, acting as root, successfully started-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 unloaded-bpf-program 15
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/system
At 05:14:25 01/24/2024 system, acting as root, successfully started-service gcd using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service gcd using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully started-service mdatp using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully stopped-service mdatp using /usr/lib/systemd/systemd