openstack-nova keystone endpoint配置错误处理方法

最新推荐文章于 2024-11-10 01:48:31 发布

原创最新推荐文章于 2024-11-10 01:48:31 发布 · 4.8k 阅读

5 ·

CC 4.0 BY-SA版权

文章标签：

#openstack #keystone #endpoint

openstack源码分析专栏收录该内容

17 篇文章

订阅专栏

当keystone配置错误时，会导致组件认证失败和初始化错误。错误包括创建endpoint异常、domain配置问题，表现为401异常。解决方法是查看keystone日志定位问题，然后在MySQL中删除错误的endpoint配置，并重新配置。

keystone endpoint错误处理方法

keystone创建异常，将会导致，后续各个组件认证失败的异常，各个组件初始化创建失败，下面是一次keystone创建有误后的处理办法：

例如：
错误配置：

keystone-manage bootstrap --bootstrap-password xxxxxxx --bootstrap-admin-url http://192.168.137.1:35357/v3/ --bootstrap-internal-url http://192.168.137.1:35357/v3/ --bootstrap-public-url http://192.168.137.1:5000/v3/ --bootstrap-region-id RegionOne

发现错误，重新执行，将不会覆盖前面的配置

keystone-manage bootstrap --bootstrap-password xxxxxxx --bootstrap-admin-url http://192.168.137.15:35357/v3/ --bootstrap-internal-url http://192.168.137.15:35357/v3/ --bootstrap-public-url http://192.168.137.15:5000/v3/ --bootstrap-region-id RegionOne

创建endpoint时错误，将会导致下面的创建domain出现一些异常

source admin-openrc.sh
openstack project create --domain default --description "Service Project" service

没有endpoint

[root@nova ~]# openstack project create --domain default --description "Service Project" service
admin endpoint for identity service not found

配置错误，则抛出401异常：

[root@nova ~]# openstack project create --domain default --description "Service Project" service
The request you have made requires authentication. (HTTP 401) (Request-ID: req-65a7168b-87ae-4bac-b3c6-b7024f128078)

需要到keystone日志： /var/log/keystone/keystone.log 中查看日志：

检查日志发现，更新配置没有成功，

2019-03-29 14:28:28.314 15304 INFO keystone.cmd.cli [req-038f5237-5517-477a-9d6f-1718f265a004 - - - - -] Created region RegionOne
2019-03-29 14:28:28.350 15304 INFO keystone.cmd.cli [req-038f5237-5517-477a-9d6f-1718f265a004 - - - - -] Created public endpoint http://192.168.137.5:5000/v3/
2019-03-29 14:28:28.353 15304 INFO keystone.assignment.core [req-038f5237-5517-477a-9d6f-1718f265a004 - - - - -] Creating the default role 9fe2ff9ee4384b1894a90878d3e92bab because it does not exist.
2019-03-29 14:29:30.288 15616 WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver config to automatically configure the same assignment driver has been deprecated, in the "O" release, the assignment driver will need to be expicitly configured if different than the default (SQL).
2019-03-29 14:29:30.497 15616 INFO keystone.cmd.cli [-] Domain default already exists, skipping creation.
2019-03-29 14:29:30.518 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] Project admin already exists, skipping creation.
2019-03-29 14:29:30.542 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] User admin already exists, skipping creation.
2019-03-29 14:29:30.576 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] Role admin exists, skipping creation.
2019-03-29 14:29:30.635 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] User admin already has admin on admin.
2019-03-29 14:29:30.641 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] Region RegionOne exists, skipping creation.
2019-03-29 14:29:30.651 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] Skipping admin endpoint as already created
2019-03-29 14:29:30.652 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] Skipping internal endpoint as already created
2019-03-29 14:29:30.652 15616 INFO keystone.cmd.cli [req-dd9d44b2-0472-41d4-8ece-e8a22a5cf1f0 - - - - -] Skipping public endpoint as already created
2019-03-29 14:40:52.356 19160 WARNING keystone.assignment.core [-] Deprecated: Use of the identity driver config to automatically configure the same assignment driver has been deprecated, in the "O" release, the assignment driver will need to be expicitly configured if different than the default (SQL).
2019-03-29 14:40:52.596 19160 INFO keystone.cmd.cli [-] Domain default already exists, skipping creation.
2019-03-29 14:40:52.618 19160 INFO keystone.cmd.cli [req-8a0a03d4-9e31-432c-90f9-47d2acec32f9 - - - - -] Project admin already exists, skipping creation.

处理办法：
在mysql中删除endpoint配置，重新配置：

MariaDB [keystone]> select * from endpoint;
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------+-------+---------+-----------+
| id                               | legacy_endpoint_id | interface | service_id                       | url                            | extra | enabled | region_id |
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------+-------+---------+-----------+
| 0b6dd3a784334f25838ffca8d64953e7 | NULL               | internal  | ad298720137740afb42dba7e3cd7cf1d | http://192.168.137.5:35357/v3/ | {}    |       1 | RegionOne |
| 4f7fdb8fc6904fbea869e06c2df483bc | NULL               | public    | ad298720137740afb42dba7e3cd7cf1d | http://192.168.137.5:5000/v3/  | {}    |       1 | RegionOne |
| 8451f154c77843bbbf4a84a623f97cee | NULL               | admin     | ad298720137740afb42dba7e3cd7cf1d | http://192.168.137.5:35357/v3/ | {}    |       1 | RegionOne |
+----------------------------------+--------------------+-----------+----------------------------------+--------------------------------+-------+---------+-----------+
3 rows in set (0.15 sec)
MariaDB [keystone]> delete from endpoint where url like '%137.5%';
Query OK, 3 rows affected (0.02 sec)
MariaDB [keystone]> commit;

处理完成后，重新配置:

keystone-manage bootstrap --bootstrap-password xxxxxxx --bootstrap-admin-url http://192.168.137.15:35357/v3/ --bootstrap-internal-url http://192.168.137.15:35357/v3/ --bootstrap-public-url http://192.168.137.15:5000/v3/ --bootstrap-region-id RegionOne