此文章安装过程中的踩到的坑
问题一:安装软件包时报错
错误: 问题: package openstack-glance-1:21.0.0-1.el8.noarch requires python3-glance = 1:21.0.0-1.el8, but none of the providers can be installed - cannot install the best candidate for the job - nothing provides python3-httplib2 needed by python3-glance-1:21.0.0-1.el8.noarch - nothing provides python3-pyxattr needed by python3-glance-1:21.0.0-1.el8.noarch (尝试添加 '--skip-broken' 来跳过无法安装的软件包 或 '--nobest' 来不只使用最佳选择的软件包)
解决办法:修改为国内的yum源或更换yum源,上面报错是在已使用阿里云yum源的情况下出现的,重新更换华为yum源后恢复正常,也可能是原yum源缓存未清理干净导致的,请尝试以上方法
华为 https://mirrors.huaweicloud.com/ 清华 https://mirrors.tuna.tsinghua.edu.cn/ 阿里云 https://mirrors.aliyun.com/ 网易 https://mirrors.163.com/ 中科大 https://mirrors.ustc.edu.cn/
问题二:启动mariadb服务失败
[root@controller ~]# systemctl start mariadb.service Job for mariadb.service failed because the control process exited with error code. See "Systemctl status mariadb.service" and "journalctl -xe" for details.
解决办法:执行命令Systemctl status mariadb.service或journalctl -xe查看报错信息,然后查看错误日志,比如此处报错
[root@controller ~]# tail -10f /var/log/mariadb/mariadb.log 2021-02-26 19:39:06 0 [Note] InnoDB: Buffer pool(s) load completed at 210226 19:19:06 2021-02-26 19:39:06 0 [Note] Plugin 'FEEDBACK' is disabled. 2021-02-26 19:39:06 0 [Warning] mysqld: GSSAPI plugin : default principal 'mariadb/controller@' not found in keytab 2021-02-26 19:39:06 0 [ERROR] mysqld: Server GSSAPI error (major 851968, minor 2529639093) : gss_acquire_cred failed -Unspecified GSS failure. Minor code may provide more information. Keytab FILE:/etc/krb5.keytab is nonexistent or empty. 2021-02-26 19:39:06 0 [ERROR] Plugin 'gssapi' init function returned error. 2021-02-26 19:39:06 0 [Note] Server socket created on IP: '192.166.66.10'. 2021-02-26 19:39:06 0 [ERROR] Can't start server: Bind on TCP/IP port. Got error: 98: Address already in use 2021-02-26 19:39:06 0 [ERROR] Do you already have another mysqld server running on port: 3306 ? 2021-02-26 19:39:06 0 [ERROR] Aborting
通过日志可以看到,服务地址已存在,端口被占用,未找到keytab等信息,根据这些信息一步步排错,先结束再运行的数据库服务,检查并重新配置数据库文件等操作后再尝试启动mariadb数据库,直到问题排查完毕
问题三:执行openstack user list命令报错
You are not authorized to perform the requested action: identity:list_users. (HTTP 403) (Request-ID: req-66705aab-9473-47dc-9b0e-4f33e4421eb0)”
解决办法:环境脚本配置错误,或运行脚本环境错误,修改环境变量脚本,或加载已配置的管理员环境脚本
# 加载环境脚本,名称以配置的为准 source /admin-openrc.sh 或 ./admin-openrc.sh
问题四:执行nova-status upgrade check命令报错
[root@controller ~]# nova-status upgrade check 错误: Traceback (most recent call last): File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 483, in main ret = fn(*fn_args, **fn_kwargs) File "/usr/lib/python3.6/site-packages/oslo_upgradecheck/upgradecheck.py", line 102, in check result = func(self) File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 164, in _check_placement versions = self._placement_get("/") File "/usr/lib/python3.6/site-packages/nova/cmd/status.py", line 154, in _placement_get return client.get(path, raise_exc=True).json() File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 395, in get return self.request(url, 'GET', **kwargs) File "/usr/lib/python3.6/site-packages/keystoneauth1/adapter.py", line 257, in request return self.session.request(url, method, **kwargs) File "/usr/lib/python3.6/site-packages/keystoneauth1/session.py", line 976, in request raise exceptions.from_response(resp, method, url) keystoneauth1.exceptions.http.Forbidden: Forbidden (HTTP 403)
解决方法:编辑vim /etc/httpd/conf.d/00-placement-api.conf文件,添加以下信息
<Directory /usr/bin> <IfVersion >= 2.4> Require all granted </IfVersion> <IfVersion < 2.4> Order allow,deny Allow from all </IfVersion> </Directory>
问题五:httpd服务启动失败
[root@controller ~]# systemctl start httpd && systemctl enable httpd Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. [root@controller ~]# systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; disabled; vendor preset: disabled) Active: failed (Result: exit-code) since Fri 2021-02-26 21:00:41 CST; 6min ago Docs: man:httpd.service(8) Process: 117153 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 117153 (code=exited, status=1/FAILURE) Status: "Reading configuration..." 2月 26 21:00:41 controller systemd[1]: Starting The Apache HTTP Server... 2月 26 21:00:41 controller httpd[117153]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000 2月 26 21:00:41 controller httpd[117153]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000 2月 26 21:00:41 controller httpd[117153]: no listening sockets available, shutting down 2月 26 21:00:41 controller httpd[117153]: AH00015: Unable to open logs 2月 26 21:00:41 controller systemd[1]: httpd.service: Main process exited, code=exited, status=1/FAILURE 2月 26 21:00:41 controller systemd[1]: httpd.service: Failed with result 'exit-code'. 2月 26 21:00:41 controller systemd[1]: Failed to start The Apache HTTP Server.
这个错误是由于Selinux的安全策略引起的,为了主机安全,它不允许访问未在其策略中的端口
解决办法:应该是未安装openstack-selinux 导致的,安装openstack-selinux ,或者直接关闭Selinux
dnf install openstack-selinux -y
问题六:计算节点网桥启动失败,日志中显示”Permission denied“,权限被拒绝
[root@compute ~]# tail -f /var/log/neutron/linuxbridge-agent.log 2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328, in exists 2021-02-26 23:42:14.508 112737 ERROR neutron return privileged.interface_exists(self.name, self.namespace) 2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246, in _wrap 2021-02-26 23:42:14.508 112737 ERROR neutron self.start() 2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start 2021-02-26 23:42:14.508 112737 ERROR neutron channel = daemon.RootwrapClientChannel(context=self) 2021-02-26 23:42:14.508 112737 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 357, in __init__ 2021-02-26 23:42:14.508 112737 ERROR neutron listen_sock.bind(sockpath) 2021-02-26 23:42:14.508 112737 ERROR neutron PermissionError: [Errno 13] Permission denied
解决办法:关闭Selinux
# 编辑/etc/selinux/config文件 vim /etc/selinux/config # 修改以下两条信息 SELINUX=permissive SELINUXTYPE=targeted #使配置立即生效 setenforce 0
问题七:dhcp、metadata服务启动失败,报Timed out,超时
tail -f /var/log/neutron/dhcp-agent.log 2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3.6/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 531, in wait 2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent message = self.waiters.get(msg_id, timeout=timeout) 2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent File "/usr/lib/python3.6/site-packages/oslo_messaging/_drivers/amqpdriver.py", line 409, in get 2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent 'to message ID %s' % msg_id) 2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent oslo_messaging.exceptions.MessagingTimeout: Timed out waiting for a reply to message ID 130deaa01b3246d9b0238011e245e055 2021-02-27 12:58:15.156 132270 ERROR neutron.agent.dhcp.agent 2021-02-27 12:58:15.176 132270 INFO neutron.agent.dhcp.agent [-] Synchronizing state 2021-02-27 12:58:15.197 132270 INFO neutron.agent.dhcp.agent [req-34a30254-cb20-4f18-917b-f6d4174287a5 - - - - -] DHCP agent started 2021-02-27 12:58:15.354 132270 INFO neutron.agent.dhcp.agent [req-38251b68-0cb3-4e0b-9463-5bdd45ea7f75 - - - - -] All active networks have been fetched through RPC. 2021-02-27 12:58:15.355 132270 INFO neutron.agent.dhcp.agent [req-38251b68-0cb3-4e0b-9463-5bdd45ea7f75 - - - - -] Synchronizing state complete
解决办法:编辑vim /etc/neutron/neutron.conf文件,修改配置项中超时时间
# 在页面搜索rpc_response_timeout,该项默认60,适当延长时间后保存退出 rpc_response_timeout=200 #然后重启服务 systemctl restart neutron-dhcp-agent neutron-metadata-agent
问题八:linuxbridge-agent服务启动失败,提示“oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1)”
[root@controller ~]# tail -f /var/log/neutron/linuxbridge-agent.log 2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/neutron/agent/linux/ip_lib.py", line 328, in exists 2021-02-27 14:38:42.330 29735 ERROR neutron return privileged.interface_exists(self.name, self.namespace) 2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 246, in _wrap 2021-02-27 14:38:42.330 29735 ERROR neutron self.start() 2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/priv_context.py", line 258, in start 2021-02-27 14:38:42.330 29735 ERROR neutron channel = daemon.RootwrapClientChannel(context=self) 2021-02-27 14:38:42.330 29735 ERROR neutron File "/usr/lib/python3.6/site-packages/oslo_privsep/daemon.py", line 367, in __init__ 2021-02-27 14:38:42.330 29735 ERROR neutron raise FailedToDropPrivileges(msg) 2021-02-27 14:38:42.330 29735 ERROR neutron oslo_privsep.daemon.FailedToDropPrivileges: privsep helper command exited non-zero (1) 2021-02-27 14:38:42.330 29735 ERROR neutron 2021-02-27 14:38:44.421 29759 INFO neutron.common.config [-] Logging enabled! 2021-02-27 14:38:44.422 29759 INFO neutron.common.config [-] /usr/bin/neutron-linuxbridge-agent version 17.1.0 2021-02-27 14:38:44.422 29759 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Interface mappings: {'provider': 'ens33'} 2021-02-27 14:38:44.422 29759 INFO neutron.plugins.ml2.drivers.linuxbridge.agent.linuxbridge_neutron_agent [-] Bridge mappings: {} 2021-02-27 14:38:44.424 29759 INFO oslo.privsep.daemon [-] Running privsep helper: ['sudo', 'neutron-rootwrap', '/etc/neutron/rootwrap.conf', 'privsep-helper', '--config-file', '/usr/share/neutron/neutron-dist.conf', '--config-file', '/etc/neutron/neutron.conf', '--config-file', '/etc/neutron/plugins/ml2/linuxbridge_agent.ini', '--config-dir', '/etc/neutron/conf.d/neutron-linuxbridge-agent', '--privsep_context', 'neutron.privileged.default', '--privsep_sock_path', '/tmp/tmps9oryok9/privsep.sock'] 2021-02-27 14:38:45.065 29759 CRITICAL oslo.privsep.daemon [-] privsep helper command exited non-zero (1)
解决办法:
neutron privsep需要使用sudo权限,但安装后默认环境没有配置,所以,要添加sudoer权限
修改vim /etc/neutron/neutron.conf文件,修改以下内容
[privsep] user = neutron helper_command = sudo privsep-helper
修改vim /etc/sudoers.d/neutron文件,添加以下内容后强制保存退出
neutron ALL = (root) NOPASSWD: ALL
问题九:日志中报错“Failed to restore old fd limit: Operation not permitted”
[root@controller ~]# tail -f /var/log/messages Feb 27 23:59:28 localhost httpd[138667]: Server configured, listening on: port 5000, port 8778, port 80 Feb 28 00:00:08 localhost systemd[1]: Starting update of the root trust anchor for DNSSEC validation in unbound... Feb 28 00:00:10 localhost systemd[1]: unbound-anchor.service: Succeeded. Feb 28 00:00:10 localhost systemd[1]: Started update of the root trust anchor for DNSSEC validation in unbound. Feb 28 00:00:17 localhost dbus-daemon[991]: [system] Activating service name='org.fedoraproject.Setroubleshootd' requested by ':1.171' (uid=0 pid=952 comm="/usr/sbin/sedispatch " label="system_u:system_r:auditd_t:s0") (using servicehelper) Feb 28 00:00:17 localhost dbus-daemon[139022]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted Feb 28 00:00:18 localhost dbus-daemon[991]: [system] Successfully activated service 'org.fedoraproject.Setroubleshootd' Feb 28 00:00:19 localhost dbus-daemon[991]: [system] Activating service name='org.fedoraproject.SetroubleshootPrivileged' requested by ':1.1148' (uid=986 pid=139022 comm="/usr/libexec/platform-python -Es /usr/sbin/setroub" label="system_u:system_r:setroubleshootd_t:s0-s0:c0.c1023") (using servicehelper) Feb 28 00:00:19 localhost dbus-daemon[139034]: [system] Failed to reset fd limit before activating service: org.freedesktop.DBus.Error.AccessDenied: Failed to restore old fd limit: Operation not permitted Feb 28 00:00:21 localhost dbus-daemon[991]: [system] Successfully activated service 'org.fedoraproject.SetroubleshootPrivileged' Feb 28 00:00:34 localhost setroubleshoot[139022]: SELinux is preventing /usr/lib64/erlang/erts-10.7.2.1/bin/beam.smp from write access on the file rabbitmq.conf. For complete SELinux messages run: sealert -l f8a93ae0-9db5-48b1-b8a8-363b474f7a2c
Selinux配置问题
解决办法:关闭Selinux
# 编辑/etc/selinux/config文件 vim /etc/selinux/config # 修改以下两条信息 SELINUX=permissive SELINUXTYPE=targeted #使配置立即生效 setenforce 0
问题十:Horizon安装后,通过浏览器访问仪表盘报404
NOt Found The requested URL was not found on this server.
解决办法:重建apache的dashboard配置文件并建立策略文件(policy.json)的软链接
# 重建apache的dashboard配置文件,直接执行以下两条命令 cd /usr/share/openstack-dashboard python3 manage.py make_web_conf --apache > /etc/httpd/conf.d/openstack-dashboard.conf # 建立策略文件(policy.json)的软链接,执行以下命令 ln -s /etc/openstack-dashboard /usr/share/openstack-dashboard/openstack_dashboard/conf
问题十一:Dashboard登录失败“invalid credentials”,无效凭据
# 报错 invalid credentials
解决办法:/etc/openstack-dashboard/local_settings配置文件中,将启用身份API版本3配置方式修改为端口格式
OPENSTACK_KEYSTONE_URL = "http://%s/identity/v3" % OPENSTACK_HOST # 将上面identity改为:5000 OPENSTACK_KEYSTONE_URL = "http://%s:5000/v3" % OPENSTACK_HOST