2021年CentOS7关于Firewalld防火墙失效报错问题处理

2023-09-12 04:47| 来源: 网络整理| 查看: 265

今天发现了一个问题，就是在我进行firewalld防火墙增加指定端口访问的策略时出现了报错问题，firewalld命令用不了，提示什么没有GI模块:

Traceback (most recent call last): File "/usr/bin/firewall-cmd", line 24, in from gi.repository import GObject ImportError: No module named repository

咱也不知道是什么原因使用了systemctl status firewalld.service 命令提示让我使用"journalctl -xe"查看具体的报错信息

[root@local ~]# systemctl restart firewalld.service Job for firewalld.service failed because the control process exited with error code. See "systemctl status firewalld.service" and "journalctl -xe" for details.

于是我使用journalctl -xe查看了一下信息:

[root@local ~]# journalctl -xe -- -- Unit session-739379.scope has begun starting up. 2月 23 11:42:01 local CROND[139925]: (root) CMD ( python /usr/sbin/qemu-ga_check.py) 2月 23 11:42:03 local node_exporter[85654]: level=error ts=2021-02-23T03:42:03.119Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=3.9051e-05 err="failed to retrieve pressure s 2月 23 11:42:18 local node_exporter[85654]: level=error ts=2021-02-23T03:42:18.118Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=4.5741e-05 err="failed to retrieve pressure s 2月 23 11:42:33 local node_exporter[85654]: level=error ts=2021-02-23T03:42:33.116Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=0.000106178 err="failed to retrieve pressure 2月 23 11:42:48 local node_exporter[85654]: level=error ts=2021-02-23T03:42:48.117Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=4.5471e-05 err="failed to retrieve pressure s 2月 23 11:43:01 local systemd[1]: Started Session 739380 of user root. -- Subject: Unit session-739380.scope has finished start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-739380.scope has finished starting up. -- -- The start-up result is done. 2月 23 11:43:01 local systemd[1]: Starting Session 739380 of user root. -- Subject: Unit session-739380.scope has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit session-739380.scope has begun starting up. 2月 23 11:43:01 local CROND[140519]: (root) CMD ( python /usr/sbin/qemu-ga_check.py) 2月 23 11:43:03 local node_exporter[85654]: level=error ts=2021-02-23T03:43:03.116Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=2.5102e-05 err="failed to retrieve pressure s 2月 23 11:43:18 local node_exporter[85654]: level=error ts=2021-02-23T03:43:18.119Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=6.0881e-05 err="failed to retrieve pressure s 2月 23 11:43:31 local polkitd[937]: Registered Authentication Agent for unix-process:140847:3963471907 (system bus name :1.1480956 [/usr/bin/pkttyagent --notify-fd 5 --fallback], object path /org/freedesktop 2月 23 11:43:31 local systemd[1]: Starting firewalld - dynamic firewall daemon... -- Subject: Unit firewalld.service has begun start-up -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewalld.service has begun starting up. 2月 23 11:43:31 local systemd[1]: firewalld.service: main process exited, code=exited, status=1/FAILURE 2月 23 11:43:31 local systemd[1]: Failed to start firewalld - dynamic firewall daemon. -- Subject: Unit firewalld.service has failed -- Defined-By: systemd -- Support: http://lists.freedesktop.org/mailman/listinfo/systemd-devel -- -- Unit firewalld.service has failed. -- -- The result is failed. 2月 23 11:43:31 local systemd[1]: Unit firewalld.service entered failed state. 2月 23 11:43:31 local systemd[1]: firewalld.service failed. 2月 23 11:43:31 local polkitd[937]: Unregistered Authentication Agent for unix-process:140847:3963471907 (system bus name :1.1480956, object path /org/freedesktop/PolicyKit1/AuthenticationAgent, locale zh_CN 2月 23 11:43:33 local node_exporter[85654]: level=error ts=2021-02-23T03:43:33.117Z caller=collector.go:161 msg="collector failed" name=pressure duration_seconds=2.6909e-05 err="failed to retrieve pressure s lines 3909-3952/3952 (END)

里面有一行提示Failed to start firewalld - dynamic firewall daemon. 翻译出来为:无法启动firewalld-动态防火墙守护程序。这是为啥呢？？？看到了网上的人说和系统本地的Python有关，网上说CentOS7的firewalld防火墙默认指向的是Python2的版本，于是我查看了一下我的电脑本身的Python版本，发现有Python2.7和Python3.7两种:

[root@local ~]# python python python2.7 python2-config python3.7 python3.7m python3-config python-config python2 python2.7-config python3 python3.7-config python3.7m-config python.bak

诶？是不是因为firewalld本身的python指向有问题了？我查看了一下firewalld的启动文件查看了一下第一行的python指向路径:

[root@local ~]# vim /usr/sbin/firewalld #!/usr/bin/python -Es # -*- coding: utf-8 -*- # # Copyright (C) 2010-2016 Red Hat, Inc. # Authors: # Thomas Woerner # # This program is free software; you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by # the Free Software Foundation; either version 2 of the License, or # (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program. If not, see . # # python fork magic derived from setroubleshoot # Copyright (C) 2006,2007,2008,2009 Red Hat, Inc. # Authors: # John Dennis # Dan Walsh import os import sys import dbus import traceback import argparse from firewall import config from firewall.functions import firewalld_is_active from firewall.core.logger import log, FileLog def parse_cmdline(): parser = argparse.ArgumentParser() parser.add_argument('--debug', nargs='?', const=1, default=0, type=int, choices=range(1, log.DEBUG_MAX+1), help="""Enable logging of debug messages. Additional argument in range 1..%s can be used to specify log level.""" % log.DEBUG_MAX, "/usr/sbin/firewalld" 176L, 6310C 1,1 顶端

发现了第一行的Python指向的路径，我查看了该路径下的Python版本发现为3.7版本: 发现不对了网上说的firewalld应当指向Python2.0版本而不是3.0版本，于是我到/usr/bin/下查看相关的Python版本，找到了Python2.7 这次需要VIM工具修改/usr/bin/firewall-offline-cmd和/usr/sbin/firewalld 里面的第一行Python指向，将两个文件第一行的 #!/usr/bin/python -Es 改成 #!/usr/bin/python2.7 -Es

#!/usr/bin/python2.7 -Es # -*- coding: utf-8 -*-

然后执行 systemctl status firewalld.service 命令还是提示错误，我已经修改了Python了还是出错？我直接敲firewalld命令看看是什么意思:

[root@local ~]# firewalld Traceback (most recent call last): File "/usr/sbin/firewalld", line 29, in import dbus ImportError: No module named dbus

他跟我说没有什么什么DBUS的模块。？？？？没有？那我就还得安装这个模块呗？于是我就网上继续找，发现应该是需要安装python-gobject 有位老哥说安装了python-gobject后还需要再安装python-firewall 于是乎我就 yum install python-gobject -y 和yum install python-firewall -y

[root@local ~]# yum install python-firewall =========================================================================================================== Package 架构版本源大小 =========================================================================================================== 正在安装: python-firewall noarch 0.4.4.4-6.el7 LocalISO 325 k 为依赖而安装: dbus-python x86_64 1.1.1-9.el7 LocalISO 206 k libselinux-python x86_64 2.5-11.el7 LocalISO 234 k python-decorator noarch 3.4.0-3.el7 LocalISO 27 k python-slip noarch 0.4.0-2.el7 LocalISO 30 k python-slip-dbus noarch 0.4.0-2.el7 LocalISO 31 k 事务概要 =========================================================================================================== 安装 1 软件包 (+5 依赖软件包) 已安装: python-gobject.x86_64 0:3.22.0-1.el7 作为依赖被安装: cairo.x86_64 0:1.14.8-2.el7 cairo-gobject.x86_64 0:1.14.8-2.el7 libXdamage.x86_64 0:1.1.4-4.1.el7 libXfixes.x86_64 0:5.0.3-1.el7 libXxf86vm.x86_64 0:1.1.4-1.el7 libxshmfence.x86_64 0:1.2-1.el7 mesa-libEGL.x86_64 0:17.0.1-6.20170307.el7 mesa-libGL.x86_64 0:17.0.1-6.20170307.el7 mesa-libgbm.x86_64 0:17.0.1-6.20170307.el7 mesa-libglapi.x86_64 0:17.0.1-6.20170307.el7 pycairo.x86_64 0:1.8.10-8.el7 python-gobject-base.x86_64 0:3.22.0-1.el7 完毕！ [root@local ~]# yum install python-firewall -y =========================================================================================================== Package 架构版本源大小 =========================================================================================================== 正在安装: python-firewall noarch 0.4.4.4-6.el7 LocalISO 325 k 为依赖而安装: dbus-python x86_64 1.1.1-9.el7 LocalISO 206 k libselinux-python x86_64 2.5-11.el7 LocalISO 234 k python-decorator noarch 3.4.0-3.el7 LocalISO 27 k python-slip noarch 0.4.0-2.el7 LocalISO 30 k python-slip-dbus noarch 0.4.0-2.el7 LocalISO 31 k 事务概要 =========================================================================================================== 安装 1 软件包 (+5 依赖软件包) 已安装: python-firewall.noarch 0:0.4.4.4-6.el7 作为依赖被安装: dbus-python.x86_64 0:1.1.1-9.el7 libselinux-python.x86_64 0:2.5-11.el7 python-decorator.noarch 0:3.4.0-3.el7 python-slip.noarch 0:0.4.0-2.el7 python-slip-dbus.noarch 0:0.4.0-2.el7 完毕！

再次重启firewalld防火墙试试:

[root@local ~]# firewall firewall-cmd firewalld firewall-offline-cmd [root@local ~]# systemctl status firewalld.service ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since 二 2021-02-23 11:43:31 CST; 21min ago Docs: man:firewalld(1) Process: 140855 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=1/FAILURE) Main PID: 140855 (code=exited, status=1/FAILURE) 2月 23 11:43:31 local systemd[1]: Starting firewalld - dynamic firewall daemon... 2月 23 11:43:31 local systemd[1]: firewalld.service: main process exited, code=exited, status=1/FAILURE 2月 23 11:43:31 local systemd[1]: Failed to start firewalld - dynamic firewall daemon. 2月 23 11:43:31 local systemd[1]: Unit firewalld.service entered failed state. 2月 23 11:43:31 local systemd[1]: firewalld.service failed. [root@local ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: failed (Result: exit-code) since 二 2021-02-23 11:43:31 CST; 22min ago Docs: man:firewalld(1) Process: 140855 ExecStart=/usr/sbin/firewalld --nofork --nopid $FIREWALLD_ARGS (code=exited, status=1/FAILURE) Main PID: 140855 (code=exited, status=1/FAILURE) 2月 23 11:43:31 local systemd[1]: Starting firewalld - dynamic firewall daemon... 2月 23 11:43:31 local systemd[1]: firewalld.service: main process exited, code=exited, status=1/FAILURE 2月 23 11:43:31 local systemd[1]: Failed to start firewalld - dynamic firewall daemon. 2月 23 11:43:31 local systemd[1]: Unit firewalld.service entered failed state. 2月 23 11:43:31 local systemd[1]: firewalld.service failed. [root@local ~]# systemctl restart firewalld [root@local ~]# systemctl status firewalld ● firewalld.service - firewalld - dynamic firewall daemon Loaded: loaded (/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled) Active: active (running) since 二 2021-02-23 12:05:37 CST; 3s ago Docs: man:firewalld(1) Main PID: 7159 (firewalld) CGroup: /system.slice/firewalld.service └─7159 /usr/bin/python2.7 -Es /usr/sbin/firewalld --nofork --nopid 2月 23 12:05:37 local systemd[1]: Starting firewalld - dynamic firewall daemon... 2月 23 12:05:37 local systemd[1]: Started firewalld - dynamic firewall daemon. 2月 23 12:05:37 local firewalld[7159]: WARNING: ICMP type 'beyond-scope' is not supported by the ke...pv6. 2月 23 12:05:37 local firewalld[7159]: WARNING: beyond-scope: INVALID_ICMPTYPE: No supported ICMP t...ime. 2月 23 12:05:37 local firewalld[7159]: WARNING: ICMP type 'failed-policy' is not supported by the k...pv6. 2月 23 12:05:37 local firewalld[7159]: WARNING: failed-policy: INVALID_ICMPTYPE: No supported ICMP ...ime. 2月 23 12:05:37 local firewalld[7159]: WARNING: ICMP type 'reject-route' is not supported by the ke...pv6. 2月 23 12:05:37 local firewalld[7159]: WARNING: reject-route: INVALID_ICMPTYPE: No supported ICMP t...ime. Hint: Some lines were ellipsized, use -l to show in full.

OK！解决了！我的天！就是这样本地Python指向出现了问题。

【本文地址】

公司简介

联系我们