我的一台虛擬機器在 Azure 中執行 RHEL8,宕機了幾分鐘。結果又重啟了遙測和日誌顯示沒有問題。沒有 dnf 更新,也沒有預定的更新視窗。Azure 服務運作狀況無話可說。裡面什麼也沒有官方故障排除文檔適用。那為什麼虛擬機會重啟呢?
我無法 100% 確定事件的順序,但唯一的提示指向 Azure 啟動的重新啟動。 Azure 入口網站上的活動日誌會報告了一個“執行狀況事件”,即重新啟動本身,在不到 10 秒後標記為已解決。
"submissionTimestamp": "2024-01-24T05:14:50.701Z",
"properties": {
"title": "Reboot initiated from inside the machine",
"details": "The Virtual Machine is undergoing a reboot as requested by a restart action triggered by an authorized user or process from within the Virtual Machine. No other action is required at this time.",
"currentHealthStatus": "Unavailable",
"previousHealthStatus": "Unavailable",
"type": "Downtime",
"cause": "UserInitiated"
},
該事件標記為已解決後幾秒鐘,虛擬機器啟動:
[Wed Jan 24 05:15:01 2024] Linux version 4.18.0-513.11.1.el8_9.x86_64 ([email protected]) (gcc version 8.5.0 20210514 (Red Hat 8.5.0-20) (GCC)) #1 SMP Thu Dec 7 03:06:13 EST 2023
約20秒之後,日誌顯示使用 sudo 的 OMI/omsagent:
Jan 24 07:15:19 <redacted> sudo[39861]: omsagent : TTY=unknown ; PWD=/opt/microsoft/omsconfig/Scripts/3.x ; USER=root ; COMMAND=/opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh
審核日誌 ( ausearch --format text -if /var/log/audit/audit.log) 顯示了 omsagent 在前後一分鐘內的一系列活動,其中包含以下行:
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:13 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:15:16 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:15:16 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSYumUpdates.sh using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully was-authorized omsagent using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as omsagent, successfully ran-command /opt/microsoft/omsconfig/Scripts/OMSAuditdPlugin.sh get /var/opt/microsoft/omsagent/87230cd3-6635-446c-bfc0-00e4fd6f2a13/tmp using /usr/bin/sudo
At 05:10:17 01/24/2024 system, acting as root, successfully changed-login-id-to root
At 05:10:17 01/24/2024 root successfully triggered-unknown-audit-rule using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 root successfully started-session ? using /usr/lib/systemd/systemd
At 05:10:17 01/24/2024 system, acting as root, successfully started-service user@0 using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully negotiated-crypto-key SHA256:<redacted> using /usr/sbin/sshd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service libstoragemgmt using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully started-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 system, acting as root, successfully stopped-service waagent using /usr/lib/systemd/systemd
At 05:14:24 01/24/2024 root successfully changed-auditd-configuration using signal
At 05:14:25 01/24/2024 unloaded-bpf-program 118
At 05:14:25 01/24/2024 system, acting as root, successfully started-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service dracut-shutdown using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 unloaded-bpf-program 15
At 05:14:25 01/24/2024 system, acting as root, successfully started-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service omsagent-87230cd3-6635-446c-bfc0-00e4fd6f2a13 using /usr/lib/systemd/system
At 05:14:25 01/24/2024 system, acting as root, successfully started-service gcd using /usr/lib/systemd/systemd
At 05:14:25 01/24/2024 system, acting as root, successfully stopped-service gcd using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully started-service mdatp using /usr/lib/systemd/systemd
At 05:14:26 01/24/2024 system, acting as root, successfully stopped-service mdatp using /usr/lib/systemd/systemd