此文章安裝過程中的踩到的坑
問題一:安裝軟件包時報錯
錯誤:
問題: package openstack-glance-1:21.0.0-1.el8.noarch requires python3-glance = 1:21.0.0-1.el8, but none of the providers can be installed
- cannot install the best candidate for the job
- nothing provides python3-httplib2 needed by python3-glance-1:21.0.0-1.el8.noarch
- nothing provides python3-pyxattr needed by python3-glance-1:21.0.0-1.el8.noarch
(嘗試添加 '--skip-broken' 來跳過無法安裝的軟件包 或 '--nobest' 來不只使用最佳選擇的軟件包)
解決辦法:修改為國內的yum源或更換yum源,上面報錯是在已使用阿里雲yum源的情況下出現的,重新更換華為yum源后恢復正常,也可能是原yum源緩存未清理干凈導致的,請嘗試以上方法
華為 https://mirrors.huaweicloud.com/
清華 https://mirrors.tuna.tsinghua.edu.cn/
阿里雲 https://mirrors.aliyun.com/
網易 https://mirrors.163.com/
中科大 https://mirrors.ustc.edu.cn/
問題二:啟動mariadb服務失敗
[root@controller ~]# systemctl start mariadb.service
Job for mariadb.service failed because the control process exited with error code.
See "Systemctl status mariadb.service" and "journalctl -xe" for details.
解決辦法:執行命令Systemctl status mariadb.service或journalctl -xe查看報錯信息,然后查看錯誤日志,比如此處報錯
[root@controller ~]# tail -10f /var/log/mariadb/mariadb.log
2021-02-26 19:39:06 0 [Note] InnoDB: Buffer pool(s) load completed at 210226 19:19:06
2021-02-26 19:39:06 0 [Note] Plugin 'FEEDBACK' is disabled.
2021-02-26 19:39:06 0 [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/controller@' not found in keytab
2021-02-26 19:39:06 0 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_cred failed -Unspecified GSS failure. Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty.
2021-02-26 19:39:06 0 [ERROR] Plugin 'gssapi' init function returned error.
2021-02-26 19:39:06 0 [Note] Server socket created on IP: '192.166.66.10'.
2021-02-26 19:39:06 0 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 98: Address already in use
2021-02-26 19:39:06 0 [ERROR] Do you already have another mysqld server running on port: 3306 ?
2021-02-26 19:39:06 0 [ERROR] Aborting
通過日志可以看到,服務地址已存在,端口被占用,未找到keytab等信息,根據這些信息一步步排錯,先結束再運行的數據庫服務,檢查並重新配置數據庫文件等操作后再嘗試啟動mariadb數據庫,直到問題排查完畢
問題三:執行openstack user list命令報錯
You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-66705aab-9473-47dc-9b0e-4f33e4421eb0)”
解決辦法:環境腳本配置錯誤,或運行腳本環境錯誤,修改環境變量腳本,或加載已配置的管理員環境腳本
# 加載環境腳本,名稱以配置的為准
source /admin-openrc.sh 或 ./admin-openrc.sh
問題四:執行nova-status upgrade check命令報錯
[root@controller ~]# nova-status upgrade check
錯誤:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 483, in main
ret = fn(*fn_args, **fn_kwargs)
File "/usr/lib/python3.6/site-packages/oslo_upgradecheck/upgradecheck.py", line 102, in check
result = func(self)
File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 164, in _check_placement
versions = self._placement_get("/")
File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 154, in _placement_get
return client.get(path, raise_exc=True).json()
File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 395, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 257, in request
return self.session.request(url, method, **kwargs)
File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 976, in request
raise exceptions.from_response(resp, method, url)
keystoneauth1.exceptions.http.Forbidden: Forbidden (HTTP 403)
解決方法:編輯vim /etc/httpd/conf.d/00-placement-api.conf文件,添加以下信息
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
問題五:httpd服務啟動失敗
[root@controller ~]# systemctl start httpd && systemctl enable httpd
Job for httpd.service failed because the control process exited with error code.
See "systemctl status httpd.service" and "journalctl -xe" for details.
[root@controller ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled)
Active: failed (Result: exit-code) since Fri 2021-02-26 21:00:41 CST; 6min ago
Docs: man:httpd.service(8)
Process: 117153 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
Main PID: 117153 (code=exited, status=1/FAILURE)
Status: "Reading configuration..."
2月 26 21:00:41 controller systemd[1]: Starting The Apache HTTP Server...
2月 26 21:00:41 controller httpd[117153]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000
2月 26 21:00:41 controller httpd[117153]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000
2月 26 21:00:41 controller httpd[117153]: no listening sockets available, shutting down
2月 26 21:00:41 controller httpd[117153]: AH00015: Unable to open logs
2月 26 21:00:41 controller systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE
2月 26 21:00:41 controller systemd[1]: httpd.service: Failed with result 'exit-code'.
2月 26 21:00:41 controller systemd[1]: Failed to start The Apache HTTP Server.
這個錯誤是由於Selinux的安全策略引起的,為了主機安全,它不允許訪問未在其策略中的端口
解決辦法:應該是未安裝openstack-selinux 導致的,安裝openstack-selinux ,或者直接關閉Selinux
dnf install openstack-selinux -y
問題六:計算節點網橋啟動失敗,日志中顯示”Permission denied“,權限被拒絕
[root@compute ~]# tail -f /var/log/neutron/linuxbridge-agent.log
2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328, in exists
2021-02-26 23:42:14.508 112737 ERROR neutron return privileged.interface_exists(self.name, self.namespace)
2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246, in _wrap
2021-02-26 23:42:14.508 112737 ERROR neutron self.start()
2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start
2021-02-26 23:42:14.508 112737 ERROR neutron channel = daemon.RootwrapClientChannel(context=self)
2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 357, in __init__
2021-02-26 23:42:14.508 112737 ERROR neutron listen_sock.bind(sockpath)
2021-02-26 23:42:14.508 112737 ERROR neutron PermissionError: [Errno 13] Permission denied
解決辦法:關閉Selinux
# 編輯/etc/selinux/config文件
vim /etc/selinux/config
# 修改以下兩條信息
SELINUX=permissive
SELINUXTYPE=targeted
#使配置立即生效
setenforce 0
問題七:dhcp、metadata服務啟動失敗,報Timed out,超時
tail -f /var/log/neutron/dhcp-agent.log
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3.6/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 531, in wait
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent message = self.waiters.get(msg_id, timeout=timeout)
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3.6/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 409, in get
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent 'to message ID %s' % msg_id)
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent oslo_messaging.exceptions.MessagingTimeout: Timed out waiting for a reply to message ID 130deaa01b3246d9b0238011e245e055
2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent
2021-02-27 12:58:15.176 132270 INFO neutron.agent.dhcp.agent [-] Synchronizing state
2021-02-27 12:58:15.197 132270 INFO neutron.agent.dhcp.agent [req-34a30254-cb20-4f18-917b-f6d4174287a5 - - - - -] DHCP agent started
2021-02-27 12:58:15.354 132270 INFO neutron.agent.dhcp.agent [req-38251b68-0cb3-4e0b-9463-5bdd45ea7f75 - - - - -] All active networks have been fetched through RPC.
2021-02-27 12:58:15.355 132270 INFO neutron.agent.dhcp.agent [req-38251b68-0cb3-4e0b-9463-5bdd45ea7f75 - - - - -] Synchronizing state complete
解決辦法:編輯vim /etc/neutron/neutron.conf文件,修改配置項中超時時間
# 在頁面搜索rpc_response_timeout,該項默認60,適當延長時間后保存退出
rpc_response_timeout=200
#然后重啟服務
systemctl restart neutron-dhcp-agent neutron-metadata-agent
問題八:linuxbridge-agent服務啟動失敗,提示“oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)”
[root@controller ~]# tail -f /var/log/neutron/linuxbridge-agent.log
2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328, in exists
2021-02-27 14:38:42.330 29735 ERROR neutron return privileged.interface_exists(self.name, self.namespace)
2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246, in _wrap
2021-02-27 14:38:42.330 29735 ERROR neutron self.start()
2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start
2021-02-27 14:38:42.330 29735 ERROR neutron channel = daemon.RootwrapClientChannel(context=self)
2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 367, in __init__
2021-02-27 14:38:42.330 29735 ERROR neutron raise FailedToDropPrivileges(msg)
2021-02-27 14:38:42.330 29735 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)
2021-02-27 14:38:42.330 29735 ERROR neutron
2021-02-27 14:38:44.421 29759 INFO neutron.common.config [-] Logging enabled!
2021-02-27 14:38:44.422 29759 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 17.1.0
2021-02-27 14:38:44.422 29759 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'ens33'}
2021-02-27 14:38:44.422 29759 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {}
2021-02-27 14:38:44.424 29759 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmps9oryok9/privsep.sock']
2021-02-27 14:38:45.065 29759 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
解決辦法:
neutron privsep需要使用sudo權限,但安裝后默認環境沒有配置,所以,要添加sudoer權限
修改vim /etc/neutron/neutron.conf文件,修改以下內容
[privsep]
user = neutron
helper_command = sudo privsep-helper
修改vim /etc/sudoers.d/neutron文件,添加以下內容后強制保存退出
neutron ALL = (root) NOPASSWD: ALL
問題九:日志中報錯“Failed to restore old fd limit: Operation not permitted”
[root@controller ~]# tail -f /var/log/messages
Feb 27 23:59:28 localhost httpd[138667]: Server configured, listening on: port 5000, port 8778, port 80
Feb 28 00:00:08 localhost systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound...
Feb 28 00:00:10 localhost systemd[1]: unbound-anchor.service: Succeeded.
Feb 28 00:00:10 localhost systemd[1]: Started update of the root trust anchor for DNSSEC validation in unbound.
Feb 28 00:00:17 localhost dbus-daemon[991]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.171' (uid=0 pid=952 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper)
Feb 28 00:00:17 localhost dbus-daemon[139022]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted
Feb 28 00:00:18 localhost dbus-daemon[991]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd'
Feb 28 00:00:19 localhost dbus-daemon[991]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.1148' (uid=986 pid=139022 comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" label="system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023") (using servicehelper)
Feb 28 00:00:19 localhost dbus-daemon[139034]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted
Feb 28 00:00:21 localhost dbus-daemon[991]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged'
Feb 28 00:00:34 localhost setroubleshoot[139022]: SELinux is preventing /usr/lib64/erlang/erts-10.7.2.1/bin/beam.smp from write access on the file rabbitmq.conf. For complete SELinux messages run: sealert -l f8a93ae0-9db5-48b1-b8a8-363b474f7a2c
Selinux配置問題
解決辦法:關閉Selinux
# 編輯/etc/selinux/config文件
vim /etc/selinux/config
# 修改以下兩條信息
SELINUX=permissive
SELINUXTYPE=targeted
#使配置立即生效
setenforce 0
問題十:Horizon安裝后,通過瀏覽器訪問儀表盤報404
NOt Found
The requested URL was not found on this server.
解決辦法:重建apache的dashboard配置文件並建立策略文件(policy.json)的軟鏈接
# 重建apache的dashboard配置文件,直接執行以下兩條命令
cd /usr/share/openstack-dashboard
python3 manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf
# 建立策略文件(policy.json)的軟鏈接,執行以下命令
ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
問題十一:Dashboard登錄失敗“invalid credentials”,無效憑據
# 報錯
invalid credentials
解決辦法:/etc/openstack-dashboard/local_settings配置文件中,將啟用身份API版本3配置方式修改為端口格式
OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST
# 將上面identity改為:5000
OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST