openstack安装过程遇到的坑
安装过程中的踩到的坑
问题⼀:安装软件包时报错
错误:
问题: package openstack-glance-1:21.0.arch requires python3-glance = 1:21.0.0-1.el8, but none of the providers can be installed
- cannot install the best candidate for the job
- nothing provides python3-httplib2 needed by python3-glance-1:21.0.arch
- nothing provides python3-pyxattr needed by python3-glance-1:21.0.arch
(尝试添加'--skip-broken'来跳过⽆法安装的软件包或'--nobest'来不只使⽤最佳选择的软件包)
解决办法:修改为国内的yum源或更换yum源,上⾯报错是在已使⽤阿⾥云yum源的情况下出现的,重新更换华为yum源后恢复正常,也可能是原yum源缓存未清理⼲净导致的,请尝试以上⽅法
华为 mirrors.huaweicloud/
清华 mirrors.tuna.tsinghua.edu/
阿⾥云 mirrors.aliyun/
⽹易 mirrors.163/
中科⼤ mirrors.ustc.edu/
问题⼆:启动mariadb服务失败
[root@controller ~]# systemctl start mariadb.service
Job for mariadb.service failed because the control process exited with error code.
See "Systemctl status mariadb.service" and "journalctl -xe"for details.
解决办法:执⾏命令Systemctl status mariadb.service或journalctl -xe查看报错信息,然后查看错误⽇志,⽐如此处报错
[root@controller ~]# tail -10f /var/log/mariadb/mariadb.log
2021-02-26 19:39:06 0 [Note] InnoDB: Buffer pool(s) load completed at 210226 19:19:06
2021-02-26 19:39:06 0 [Note] Plugin 'FEEDBACK' is disabled.exited
2021-02-26 19:39:06 0 [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/controller@' not found in keytab
2021-02-26 19:39:06 0 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093): gss_acquire_cred failed -Unspecified GSS failure.  Mi nor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty.
2021-02-26 19:39:06 0 [ERROR] Plugin 'gssapi' init function returned error.
2021-02-26 19:39:06 0 [Note] Server socket created on IP: '192.166.66.10'.
2021-02-26 19:39:06 0 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 98: Address already in use
2021-02-26 19:39:06 0 [ERROR] Do you already have another mysqld server running on port: 3306 ?
2021-02-26 19:39:06 0 [ERROR] Aborting
通过⽇志可以看到,服务地址已存在,端⼝被占⽤,未到keytab等信息,根据这些信息⼀步步排错,先结束再运⾏的数据库服务,检查并重新配置数据库⽂件等操作后再尝试启动mariadb数据库,直到问题排查完毕
问题三:执⾏openstack user list命令报错
You are not authorized to perform the requested action: identity:list_users. (HTTP 403)(Request-ID: req-66705aab-9473-47dc-9b0e-4f33e4421eb0)”
解决办法:环境脚本配置错误,或运⾏脚本环境错误,修改环境变量脚本,或加载已配置的管理员环境脚本
# 加载环境脚本,名称以配置的为准
source /admin-openrc.sh 或 ./admin-openrc.sh
问题四:执⾏nova-status upgrade check命令报错
[root@controller ~]# nova-status upgrade check
错误:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 483, in main
ret = fn(*fn_args, **fn_kwargs)
File "/usr/lib/python3.6/site-packages/oslo_upgradecheck/upgradecheck.py", line 102, in check
result = func(self)
File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 164, in _check_placement
versions = self._placement_get("/")
File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 154, in _placement_get
(path, raise_exc=True).json()
File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 395, in get
quest(url, 'GET', **kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 257, in request
return quest(url, method, **kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 976, in request
raise exceptions.from_response(resp, method, url)
解决⽅法:编辑vim /etc/httpd/conf.f⽂件,添加以下信息
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
问题五:httpd服务启动失败
[root@controller ~]# systemctl start httpd && systemctl enable httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe"for details.
[root@controller ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-02-26 21:00:41 CST; 6min ago
Docs: man:httpd.service(8)
Process: 117153 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 117153 (code=exited, status=1/FAILURE)
Status: ""
2⽉ 26 21:00:41 controller systemd[1]: Starting The Apache
2⽉ 26 21:00:41 controller httpd[117153]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000
2⽉ 26 21:00:41 controller httpd[117153]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000 2⽉ 26 21:00:41 controller httpd[117153]: no listening sockets available, shutting down
2⽉ 26 21:00:41 controller httpd[117153]: AH00015: Unable to open logs
2⽉ 26 21:00:41 controller systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
2⽉ 26 21:00:41 controller systemd[1]: httpd.service: Failed with result 'exit-code'.
2⽉ 26 21:00:41 controller systemd[1]: Failed to start The Apache HTTP Server.
这个错误是由于Selinux的安全策略引起的,为了主机安全,它不允许访问未在其策略中的端⼝
解决办法:应该是未安装openstack-selinux 导致的,安装openstack-selinux ,或者直接关闭Selinux
dnf install openstack-selinux -y
问题六:计算节点⽹桥启动失败,⽇志中显⽰”Permission denied“,权限被拒绝
2021-02-26 23:42:14.508 112737 ERROR neutron    self.start()
2021-02-26 23:42:14.508 112737 ERROR neutron  File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start
2021-02-26 23:42:14.508 112737 ERROR neutron    channel = daemon.RootwrapClientChannel(context=self)
2021-02-26 23:42:14.508 112737 ERROR neutron  File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 357, in __init__
2021-02-26 23:42:14.508 112737 ERROR neutron    listen_sock.bind(sockpath)
2021-02-26 23:42:14.508 112737 ERROR neutron PermissionError: [Errno 13] Permission denied
解决办法:关闭Selinux
# 编辑/etc/selinux/config⽂件
vim /etc/selinux/config
# 修改以下两条信息
SELINUX=permissive
SELINUXTYPE=targeted
#使配置⽴即⽣效
setenforce 0
问题七:dhcp、metadata服务启动失败,报Timed out,超时
tail -f /var/log/neutron/dhcp-agent.log
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent  File "/usr/lib/python3.6/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 531, in wait
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent    message = (msg_id, timeout=timeout)
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent  File "/usr/lib/python3.6/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 409, in get
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent    'to message ID %s' % msg_id)
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent ptions.MessagingTimeout: Timed out waiting for a reply to mes sage ID 130deaa01b3246d9b0238011e245e055
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent
2021-02-27 12:58:15.176 132270 INFO neutron.agent.dhcp.agent [-] Synchronizing state
2021-02-27 12:58:15.197 132270 INFO neutron.agent.dhcp.agent [req-34a30254-cb20-4f18-917b-f6d4174287a5 - - - - -] DHCP agent started
2021-02-27 12:58:15.354 132270 INFO neutron.agent.dhcp.agent [req-38251b68-0cb3-4e0b-9463-5bdd45ea7f75 - - - - -] All active networks have been f etched through RPC.
2021-02-27 12:58:15.355 132270 INFO neutron.agent.dhcp.agent [req-38251b68-0cb3-4e0b-9463-5bdd45ea7f75 - - - - -] Synchronizing state complete
解决办法:编辑vim /etc/f⽂件,修改配置项中超时时间
# 在页⾯搜索rpc_response_timeout,该项默认60,适当延长时间后保存退出
rpc_response_timeout=200
#然后重启服务
systemctl restart neutron-dhcp-agent neutron-metadata-agent
问题⼋:linuxbridge-agent服务启动失败,提⽰“oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)”
2021-02-27 14:38:42.330 29735 ERROR neutron    self.start()
2021-02-27 14:38:42.330 29735 ERROR neutron  File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start
2021-02-27 14:38:42.330 29735 ERROR neutron    channel = daemon.RootwrapClientChannel(context=self)
2021-02-27 14:38:42.330 29735 ERROR neutron  File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 367, in __init__
2021-02-27 14:38:42.330 29735 ERROR neutron    raise FailedToDropPrivileges(msg)
2021-02-27 14:38:42.330 29735 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2021-02-27 14:38:42.330 29735 ERROR neutron
2021-02-27 14:38:44.421 29759 fig [-] Logging enabled!
2021-02-27 14:38:44.422 29759 fig [-] /usr/bin/neutron-linuxbridge-agent version 17.1.0
2021-02-27 14:38:44.422 29759 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider':'ens33'} 2021-02-27 14:38:44.422 29759 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2021-02-27 14:38:44.424 29759 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/f', 'privsep-he lper', '--config-file', '/usr/share/f', '--config-file', '/etc/f', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent .ini', '--config-dir', '/etc/neutron/conf.d/neutron-linuxbridge-
agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmps9oryok9/ privsep.sock']
2021-02-27 14:38:45.065 29759 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
解决办法:
neutron privsep需要使⽤sudo权限,但安装后默认环境没有配置,所以,要添加sudoer权限
修改vim /etc/f⽂件,修改以下内容
[privsep]
user = neutron
helper_command =sudo privsep-helper
修改vim /etc/sudoers.d/neutron⽂件,添加以下内容后强制保存退出
neutron ALL =(root) NOPASSWD: ALL
问题九:⽇志中报错“Failed to restore old fd limit: Operation not permitted”
[root@controller ~]# tail -f /var/log/messages
Feb 27 23:59:28 localhost httpd[138667]: Server configured, listening on: port 5000, port 8778, port 80
Feb 28 00:00:08 localhost systemd[1]: Starting update of the root trust anchor for DNSSEC validation
Feb 28 00:00:10 localhost systemd[1]: unbound-anchor.service: Succeeded.
Feb 28 00:00:10 localhost systemd[1]: Started update of the root trust anchor for DNSSEC validation in unbound.
Feb 28 00:00:17 localhost dbus-daemon[991]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.171'(uid=0 pid=952 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0")(using servicehelper)
Feb 28 00:00:17 localhost dbus-daemon[139022]: [system] Failed to reset fd limit before activating s
ervice: org.freedesktop.DBus.Error.AccessDenied: Fail ed to restore old fd limit: Operation not permitted
Feb 28 00:00:18 localhost dbus-daemon[991]: [system] Successfully activated service'org.fedoraproject.Setroubleshootd'
Feb 28 00:00:19 localhost dbus-daemon[991]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.1148'(uid=9 86 pid=139022 comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" label="system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023")(using servicehel per)
Feb 28 00:00:19 localhost dbus-daemon[139034]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Fail ed to restore old fd limit: Operation not permitted
Feb 28 00:00:21 localhost dbus-daemon[991]: [system] Successfully activated service'org.fedoraproject.SetroubleshootPrivileged'
Feb 28 00:00:34 localhost setroubleshoot[139022]: SELinux is preventing /usr/lib64/erlang/erts-10.7.
2.1/bin/beam.smp from write access on the file f. For complete SELinux messages run: sealert -l f8a93ae0-9db5-48b1-b8a8-363b474f7a2c
Selinux配置问题
解决办法:关闭Selinux
# 编辑/etc/selinux/config⽂件
vim /etc/selinux/config
# 修改以下两条信息
SELINUX=permissive
SELINUXTYPE=targeted
#使配置⽴即⽣效
setenforce 0
问题⼗:Horizon安装后,通过浏览器访问仪表盘报404
NOt Found
The requested URL was not found on this server.
解决办法:重建apache的dashboard配置⽂件并建⽴策略⽂件(policy.json)的软链接
# 重建apache的dashboard配置⽂件,直接执⾏以下两条命令
cd /usr/share/openstack-dashboard
python3 manage.py make_web_conf --apache > /etc/httpd/conf.f
# 建⽴策略⽂件(policy.json)的软链接,执⾏以下命令
ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
问题⼗⼀:Dashboard登录失败“invalid credentials”,⽆效凭据
# 报错
invalid credentials
解决办法:/etc/openstack-dashboard/local_settings配置⽂件中,将启⽤⾝份API版本3配置⽅式修改为端⼝格式OPENSTACK_KEYSTONE_URL ="%s/identity/v3" % OPENSTACK_HOST
# 将上⾯identity改为:5000
OPENSTACK_KEYSTONE_URL ="%s:5000/v3" % OPENSTACK_HOST

版权声明:本站内容均来自互联网,仅供演示用,请勿用于商业和其他非法用途。如果侵犯了您的权益请与我们联系QQ:729038198,我们将在24小时内删除。