Networking

有哪些選項可以正確關閉手動埠或釋放 rhel 機器上的埠?

  • July 22, 2020

我們有 redhat 7.5 伺服器

我們懷疑埠 50070 沒有被服務正確關閉,(我們通過 netstat 和 PID 未找到)但是從日誌中我們可以看到埠正在使用中

因此我們嘗試執行以下操作,例如

ss --kill state listening src :50070
ss: unrecognized option '--kill'
Usage: ss [ OPTIONS ]
      ss [ OPTIONS ] [ FILTER ]
  -h, --help          this message
  -V, --version       output version information
  -n, --numeric       don't resolve service names
  -r, --resolve       resolve host names
  -a, --all           display all sockets
  -l, --listening     display listening sockets
  -o, --options       show timer information
  -e, --extended      show detailed socket information
  -m, --memory        show socket memory usage
  -p, --processes     show process using socket
  -i, --info          show internal TCP information
  -s, --summary       show socket usage summary
  -b, --bpf           show bpf filter socket information
  -Z, --context       display process SELinux security contexts
  -z, --contexts      display process and socket SELinux security contexts
  -N, --net           switch to the specified network namespace name

  -4, --ipv4          display only IP version 4 sockets
  -6, --ipv6          display only IP version 6 sockets
  -0, --packet        display PACKET sockets
  -t, --tcp           display only TCP sockets
  -u, --udp           display only UDP sockets
  -d, --dccp          display only DCCP sockets
  -w, --raw           display only RAW sockets
  -x, --unix          display only Unix domain sockets
  -f, --family=FAMILY display sockets of type FAMILY

  -A, --query=QUERY, --socket=QUERY
      QUERY := {all|inet|tcp|udp|raw|unix|unix_dgram|unix_stream|unix_seqpacket|packet|netlink}[,QUERY]

但 ss 不包括殺戮標誌

什麼是正確關閉埠或釋放 rhel 機器上的埠的選項?

日誌是:

2020-07-18 21:26:22,753 INFO  impl.MetricsSystemImpl (MetricsSystemImpl.java:shutdown(606)) - NameNode metrics system shutdown complete.
2020-07-18 21:26:22,753 ERROR namenode.NameNode (NameNode.java:main(1783)) - Failed to start namenode.
java.net.BindException: Port in use: linux.gg.com:50070
       at org.apache.hadoop.http.HttpServer2.constructBindException(HttpServer2.java:1001)
       at org.apache.hadoop.http.HttpServer2.bindForSinglePort(HttpServer2.java:1023)
       at org.apache.hadoop.http.HttpServer2.openListeners(HttpServer2.java:1080)
       at org.apache.hadoop.http.HttpServer2.start(HttpServer2.java:937)
       at org.apache.hadoop.hdfs.server.namenode.NameNodeHttpServer.start(NameNodeHttpServer.java:170)
       at org.apache.hadoop.hdfs.server.namenode.NameNode.startHttpServer(NameNode.java:942)
       at org.apache.hadoop.hdfs.server.namenode.NameNode.initialize(NameNode.java:755)
       at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:1001)
       at org.apache.hadoop.hdfs.server.namenode.NameNode.<init>(NameNode.java:985)
       at org.apache.hadoop.hdfs.server.namenode.NameNode.createNameNode(NameNode.java:1710)
       at org.apache.hadoop.hdfs.server.namenode.NameNode.main(NameNode.java:1778)
Caused by: java.net.BindException: Address already in use
       at sun.nio.ch.Net.bind0(Native Method)
       at sun.nio.ch.Net.bind(Net.java:433)
       at sun.nio.ch.Net.bind(Net.java:425)
       at sun.nio.ch.ServerSocketChannelImpl.bind(ServerSocketChannelImpl.java:223)
       at sun.nio.ch.ServerSocketAdaptor.bind(ServerSocketAdaptor.java:74)
       at org.mortbay.jetty.nio.SelectChannelConnector.open(SelectChannelConnector.java:216)
       at org.apache.hadoop.http.HttpServer2.bindListener(HttpServer2.java:988)
       at org.apache.hadoop.http.HttpServer2.bindForSinglePort(HttpServer2.java:1019)
       ... 9 more
2020-07-18 21:26:22,755 INFO  util.ExitUtil (ExitUtil.java:terminate(124)) - Exiting with status 1
2020-07-18 21:26:22,757 INFO  namenode.NameNode (LogAdapter.java:info(47)) - SHUTDOWN_MSG:
/************************************************************
SHUTDOWN_MSG: Shutting down NameNode at 
************************************************************/
[root@linux hdfs]#
[root@linux hdfs]#
[root@linux hdfs]# netstat -tulpn | grep 50070 ( no PID number is returned ) 

一個開放的網路套接字就像一個文件句柄:一旦持有該句柄的程序退出,該套接字肯定是關閉的。所以我建議以下(以root身份執行):

ss -tulpn | grep ":50070"

查看結果(如果有的話),看起來與此類似:

Netid  State      Recv-Q Send-Q Local Address:Port               Peer Address:Port              
udp    UNCONN     0      0      0.0.0.0:68                 0.0.0.0:*                   users:(("dhclient",pid=1670,fd=6))
udp    UNCONN     0      0      127.0.0.1:323                0.0.0.0:*                   users:(("chronyd",pid=1540,fd=1))
udp    UNCONN     0      0         [::1]:323                [::]:*                   users:(("chronyd",pid=1540,fd=2))
tcp    LISTEN     0      128    0.0.0.0:22                 0.0.0.0:*                   users:(("sshd",pid=1583,fd=3))

如果您發現一個程序保持埠打開,請使用 kill 命令將其殺死:

kill <pid>

但是由於持有開放埠的程序是一個服務,我真的建議你考慮其他關閉埠的方法:

  • systemctl stop <service>- 停止服務,一旦它退出,打開的埠也消失了……
  • 修改服務的配置不打開有問題的埠
  • 使用防火牆拒絕訪問此埠

引用自:https://serverfault.com/questions/1026236