[ZBX-17483] Zabbix services cannot access PID file, cannot create folder Created: 2020 Mar 19  Updated: 2024 Apr 10  Resolved: 2020 Oct 09

Status: Closed
Project: ZABBIX BUGS AND ISSUES
Component/s: Packages (C)
Affects Version/s: 4.4.5, 4.4.6
Fix Version/s: 5.2 (plan)

Type: Problem report Priority: Trivial
Reporter: Matej Kotras Assignee: Jurijs Klopovskis
Resolution: Fixed Votes: 0
Labels: None
Remaining Estimate: Not Specified
Time Spent: Not Specified
Original Estimate: Not Specified
Environment:

Oracle Linux 7, CIS hardening policy applied

Team: Team I
Sprint: Sprint 63 (Apr 2020), Sprint 64 (May 2020), Sprint 65 (Jun 2020), Sprint 66 (Jul 2020), Sprint 67 (Aug 2020), Sprint 68 (Sep 2020)
Story Points: 0.5

 Description   

Problems started with OracleLinux7 - ol7 (RHEL basically), services weren't able to start with error, that PID folder/file location does not exist. I've been figuring this issue for quite some time. As there are few that are similar. It seems that service does not have rights to create 

I've figured to make it work, by editing /lib/systemd/system/zabbix-proxy.service
Default zabbix-proxy.service file:

[Unit]
Description=Zabbix Proxy
After=syslog.target
After=network.target
After=mysql.service
After=mysqld.service
After=mariadb.service
After=postgresql.service[Service]
Environment="CONFFILE=/etc/zabbix/zabbix_proxy.conf"
EnvironmentFile=-/etc/sysconfig/zabbix-proxy
Type=forking
Restart=on-failure
PIDFile=/run/zabbix/zabbix_proxy.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_proxy -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID
RestartSec=10s
TimeoutSec=0[Install]
WantedBy=multi-user.target

What works for me (adding RuntimeDirectory and RuntimeDirectoryMode

[Unit]
Description=Zabbix Proxy
After=syslog.target
After=network.target
After=mysql.service
After=mysqld.service
After=mariadb.service
After=postgresql.service

[Service]
PermissionsStartOnly=True
User=zabbix
Group=zabbix
RuntimeDirectory=zabbix
RuntimeDirectoryMode=0755
Environment="CONFFILE=/etc/zabbix/zabbix_proxy.conf" EnvironmentFile=-/etc/sysconfig/zabbix-proxy
Type=forking
Restart=on-failure
PIDFile=/run/zabbix/zabbix_proxy.pid
KillMode=control-group
ExecStart=/usr/sbin/zabbix_proxy -c $CONFFILE
ExecStop=/bin/kill -SIGTERM $MAINPID RestartSec=10s TimeoutSec=0

[Install]
WantedBy=multi-user.target

Otherwise, service is not able to create zabbix folder in /run/ (/var/run/)

 

 

 Comments   
Comment by Matej Kotras [ 2020 Mar 19 ]

From journalctl -xe

zabbix_proxy[2698]: zabbix_proxy [2698]: Cannot initialize IPC services: Failed to stat the specified path "/run/zabbix": [2] No such file or directory.

this has happened to me when building 4.4.0, I've managed to fix this, but after every upgrade, the services won't start and I have to manually edit the systemd files

Comment by Matej Kotras [ 2020 Apr 27 ]

just found out, this does not work without 

User=zabbix
Group=zabbix

 

so all of these have to be added

User=zabbix
Group=zabbix
RuntimeDirectory=zabbix
RuntimeDirectoryMode=0755

 

Comment by Jurijs Klopovskis [ 2020 Apr 27 ]

Hi, mkotras

Currently Zabbix server and proxy rely on old builtin mechanism for switching user that they run under. Only Zabbix agent uses systemd for that.

The fact that proxy cannot create pid file is confusing. I'll have to check.
I wonder if there is some significant difference between RHEL/CentOS and Oracle Linux in this aspect.

but after every upgrade, the services won't start and I have to manually edit the systemd files

You should never modify service files under /usr/lib/systemd/system, these are overriden during package updates, instead you should add your modifications under /etc/systemd/system directory.
See https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/7/html/system_administrators_guide/chap-Managing_Services_with_systemd#tabl-Managing_Services_with_systemd-Introduction-Units-Locations

Sorry for late response.

Comment by Matej Kotras [ 2020 Apr 27 ]

Thanks for the comment, I was not aware of /etc/systemd/system directory that can override the settings, thank you for that, will give it a try.

Oracle linux should not be that much different, however it is important to note that we apply "CIS Hardening policy" on ou rlinux machines, it is CIS security standard for OS and some applications that some enterprises apply to their systems as trusted secure settings.
There is ansible playbook that can be checked here https://github.com/MindPointGroup/RHEL7-CIS

I could try to spin centos7 and ol7, try installing the proxy or server and then applying cis policy and let you know where the issue is present or is not. That might help getting the base line of where problem is.

Comment by Peter Kopshoff [ 2020 May 25 ]

For zabbix_agent:

When the file zabbix-agent.service includes:

User=zabbix
Group=zabbix
RuntimeDirectory=zabbix
RuntimeDirectoryMode=0755

then the file /etc/init.d/zabbix-agent must not include functionality to create a pid fil_e:_

...

DIR=/var/run/zabbix
PID=$DIR/$NAME.pid

...

[ -d "$DIR" ] || mkdir "$DIR"
chown -R zabbix:zabbix "$DIR"

 

Also the option "--pidfile $PID " must not be given in the start and stop directives. systemd takes care of the PID file. Also it is somewhat confusing when the pid file is defined twice in different directories.

 

Comment by Jurijs Klopovskis [ 2020 Sep 25 ]

Added User=zabbix and Group=zabbix for server, proxy and agent in pre 5.2.0beta1.

Not sure about adding RuntimeDirectory and RuntimeDirectoryMode.
Suggest overriding these setting in /etc/systemd/system* command if needed.

Generated at Fri Apr 25 07:57:53 EEST 2025 using Jira 9.12.4#9120004-sha1:625303b708afdb767e17cb2838290c41888e9ff0.