可能原因:SELinux限制了Apache的端口设置
# semanage port -l | grep http
-bash: semanage: command not found
如果出现semanage: command not found信息,则需要安装semanage
yum -y install policycoreutils-python
semanage port -l | grep http
http_cache_port_t tcp 8080, 8118, 8123, 10001-10010
http_cache_port_t udp 3130
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
pegasus_http_port_t tcp 5988
pegasus_https_port_t tcp 5989
可以从列表中看到,需要绑定的端口不在允许范围内.
这是 SELinux 安全机制导致的.
将88端口加入SELinux
# semanage port -a -t http_port_t -p tcp 88
ValueError: Port tcp/88 already defined
添加88端口绑定失败.查询是否已经被其他应用设置绑定了?
从以下结果中可以看出,88端口被分配给了K8S.
# semanage port -l | grep 88
http_port_t tcp 80, 81, 443, 488, 8008, 8009, 8443, 9000
kerberos_port_t tcp 88, 750, 4444
kerberos_port_t udp 88, 750, 4444
milter_port_t tcp 8890, 8891, 8893
pegasus_http_port_t tcp 5988
pki_ra_port_t tcp 12888-12889
pki_tps_port_t tcp 7888-7889
zookeeper_election_port_t tcp 3888
zookeeper_leader_port_t tcp 2888
查看端口是否已经监听?
从以下结果中,可以看到,端口只是配分配了,但是没有被监听.
# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1245/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1662/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1088/sshd
tcp6 0 0 ::1:25 :::* LISTEN 1245/master
tcp6 0 0 :::22 :::* LISTEN 1088/sshd
尝试删除:
# semanage port -d -t kerberos_port_t -p tcp 88
ValueError: Port tcp/88 is defined in policy, cannot be deleted
不允许删除...好恶心,为了安全,不能"妥协"...反正我是测试环境.
关闭SELinux
# sestatus
SELinux status: enabled
SELinuxfs mount: /sys/fs/selinux
SELinux root directory: /etc/selinux
Loaded policy name: targeted
Current mode: enforcing
Mode from config file: enforcing
Policy MLS status: enabled
Policy deny_unknown status: allowed
Max kernel policy version: 31
临时关闭
# setenforce 0
永久关闭
# vi /etc/selinux/config
# This file controls the state of SELinux on the system.
# SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded.
# SELINUX=enforcing
SELINUX=disabled
# SELINUXTYPE= can take one of three values:
# targeted - Targeted processes are protected,
# minimum - Modification of targeted policy. Only selected processes are protected.
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
reboot
# sestatus
SELinux status: disabled
再查看Apache运行信息
# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
Active: active (running) since Tue 2021-06-15 10:35:19 EDT; 1min 16s ago
Docs: man:httpd(8)
man:apachectl(8)
Process: 1575 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=0/SUCCESS)
Main PID: 1580 (httpd)
# netstat -ntlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name
tcp 0 0 127.0.0.1:25 0.0.0.0:* LISTEN 1425/master
tcp 0 0 0.0.0.0:3306 0.0.0.0:* LISTEN 1327/mysqld
tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1050/sshd
tcp6 0 0 :::88 :::* LISTEN 1580/httpd
tcp6 0 0 ::1:25 :::* LISTEN 1425/master
tcp6 0 0 :::80 :::* LISTEN 1580/httpd
tcp6 0 0 :::22 :::* LISTEN 1050/sshd
问题解决.