vm查看openstack实例错误日志 openstack 日志

网络规划：
192.168.25.34   openstack
 第一部分 openstack搭建
官方文档 http://docs.openstack.org/
操作系统：centos 7 minal x86_64
1.主机名设置 hostnamectl set-hostname openstack #验证 hostname
2.域名解析和防火墙设置 vim /etc/hosts 192.168.25.34 openstack
systemctl stop firewalld systemctl disable firewalld
#关闭 selinux sed -i 's#SELINUX=enforcing#SELINUX=disabled#g' /etc/sysconfig/selinux setenforce 0
3.安装openstack #添加软件源 yum install -y epel-release yum install -y https://buildlogs.centos.org/centos/7/cloud/x86_64/openstack-liberty/centos-release-openstack-liberty-1-3.el7.noarch.rpm yum install -y python-openstackclient
#安装mysql数据库 yum install -y mariadb mariadb-server MySQL-python
#安装RabbitMQ yum install -y rabbitmq-server
##Keystone yum install -y openstack-keystone httpd mod_wsgi memcached python-memcached
##Glance yum install -y openstack-glance python-glance python-glanceclient
##Nova yum install -y openstack-nova-api openstack-nova-cert openstack-nova-conductor openstack-nova-console openstack-nova-novncproxy openstack-nova-scheduler python-novaclient
##Neutron yum install -y openstack-neutron openstack-neutron-ml2 openstack-neutron-linuxbridge python-neutronclient ebtables ipset
##Dashboard yum install -y openstack-dashboard
##Cinder yum install -y openstack-cinder python-cinderclient
补全作为计算节点的包 ##Nova linux-node2.openstack yum install -y openstack-nova-compute sysfsutils
##Cinder yum install -y openstack-cinder python-cinderclient targetcli python-oslo-policy
 4.设置时间同步 yum install -y chrony
vim /etc/chrony.conf allow 192.168.25.0/24 #允许那些服务器和自己同步时间
systemctl enable chronyd.service    #开机启动 systemctl start chronyd.service timedatectl set-timezone Asia/Shanghai     #设置时区 timedatectl status
5.安装配置mysql vim /etc/my.cnf [mysqld] default-storage-engine = innodb innodb_file_per_table collation-server = utf8_general_ci init-connect = 'SET NAMES utf8' character-set-server = utf8 max_connections = 1000
vim /etc/my.cnf.d/client.cnf [client] default-character-set=utf8
vim /etc/my.cnf.d/mysql-clients.cnf [mysql] default-character-set=utf8
vim /usr/lib/systemd/system/mariadb.service 在[Service]下面加入以下内容
LimitNOFILE=10000 LimitNPROC=10000
systemctl daemon-reload
systemctl restart mariadb.service
mysql_secure_installation 密码12345678
mysql -uroot -p show variables like 'max_connections'; show variables like "%character%";
#创建数据库 CREATE DATABASE keystone; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY 'keystone'; GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY 'keystone'; CREATE DATABASE glance; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'localhost' IDENTIFIED BY 'glance'; GRANT ALL PRIVILEGES ON glance.* TO 'glance'@'%' IDENTIFIED BY 'glance'; CREATE DATABASE nova; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'localhost' IDENTIFIED BY 'nova'; GRANT ALL PRIVILEGES ON nova.* TO 'nova'@'%' IDENTIFIED BY 'nova'; CREATE DATABASE neutron; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'localhost' IDENTIFIED BY 'neutron'; GRANT ALL PRIVILEGES ON neutron.* TO 'neutron'@'%' IDENTIFIED BY 'neutron'; CREATE DATABASE cinder; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'localhost' IDENTIFIED BY 'cinder'; GRANT ALL PRIVILEGES ON cinder.* TO 'cinder'@'%' IDENTIFIED BY 'cinder'; flush privileges; show databases;
 6.配置mq #开机启动 systemctl enable rabbitmq-server.service                                  #查看支持的插件 rabbitmq-plugins list #启用web管理插件 rabbitmq-plugins enable rabbitmq_management
systemctl restart rabbitmq-server.service #检查 lsof -i:15672
#添加用户密码 rabbitmqctl add_user openstack openstack #允许配置、写、读访问 openstack rabbitmqctl set_permissions openstack ".*" ".*" ".*" 
 #访问地址 http://192.168.25.34:15672 默认用户名密码都是guest，浏览器添加openstack用户到组并登陆测试
 7.openstack组件安装配置 # 配置 Keystone 验证服务 所有的服务，都需要在 keystone 上注册 端口 5000 和 35357
#取一个随机数 openssl rand -hex 10 9ce7abe6c86c488469d1 vim /etc/keystone/keystone.conf admin_token = 9ce7abe6c86c488469d1 connection = mysql://keystone:keystone@192.168.25.34/keystone
 #创建数据库 su -s /bin/sh -c "keystone-manage db_sync" keystone  #之所以上面 su 切换是因为这个日志文件属主 ls -lh /var/log/keystone/keystone.log
#检查数据库表
mysql -h 192.168.25.34 -u keystone -p show databases; use keystone; show tables;
 8.启动memcached apache systemctl enable memcached && systemctl start memcached
#配置httpd vim /etc/httpd/conf/httpd.conf ServerName 192.168.25.34:80
ln -s /usr/share/keystone/wsgi-keystone.conf /etc/httpd/conf.d/ vim /etc/httpd/conf.d/wsgi-keystone.conf
Listen 5000 Listen 35357
<VirtualHost *:5000>     WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}     WSGIProcessGroup keystone-public     WSGIScriptAlias / /usr/bin/keystone-wsgi-public     WSGIApplicationGroup %{GLOBAL}     WSGIPassAuthorization On     <IfVersion >= 2.4>         ErrorLogFormat "%{cu}t %M"     </IfVersion>     ErrorLog /var/log/httpd/keystone-error.log     CustomLog /var/log/httpd/keystone-access.log combined     <Directory /usr/bin>         <IfVersion >= 2.4>             Require all granted         </IfVersion>         <IfVersion < 2.4>             Order allow,deny             Allow from all         </IfVersion>     </Directory> </VirtualHost>
<VirtualHost *:35357>     WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone group=keystone display-name=%{GROUP}     WSGIProcessGroup keystone-admin     WSGIScriptAlias / /usr/bin/keystone-wsgi-admin     WSGIApplicationGroup %{GLOBAL}     WSGIPassAuthorization On     <IfVersion >= 2.4>     ErrorLogFormat "%{cu}t %M"     </IfVersion>     ErrorLog /var/log/httpd/keystone-error.log     CustomLog /var/log/httpd/keystone-access.log combined     <Directory /usr/bin>         <IfVersion >= 2.4>         Require all granted         </IfVersion>         <IfVersion < 2.4>         Order allow,deny         Allow from all         </IfVersion>     </Directory> </VirtualHost> ———————————————— 版权声明：本文为CSDN博主「DemonHunter211」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。 原文链接：
#启动httpd systemctl enable httpd && systemctl start httpd #检查 netstat -lntup|grep httpd
9. 创建 keystone 用户 临时设置 admin_token 用户的环境变量，用来创建用户 export OS_TOKEN=9ce7abe6c86c488469d1                           #上面产生的随机数值 export OS_URL=http://192.168.25.34:35357/v3 export OS_IDENTITY_API_VERSION=3
创建 admin 项目---创建 admin 用户（密码 admin，生产不要这么玩）  ---创建 admin 角色---把 admin 用户加入到 admin 项目赋予 admin 的角色（三个 admin 的位置：项目，用户，角色） openstack project create --domain default --description "Admin Project" admin openstack user create --domain default --password-prompt admin openstack role create admin openstack role add --project admin --user admin admin 创建一个普通用户 demo openstack project create --domain default --description "Demo Project" demo openstack user create --domain default --password=demo demo openstack role create user openstack role add --project demo --user demo user
创建 service 项目，用来管理其他服务用 openstack project create --domain default --description "Service Project" service
以上的名字都是固定的，不能改
#查看创建的用户 openstack user list
#查看创建的项目 openstack project list
10.注册 keystone 服务，以下三种类型分别为公共的、内部的、管理的
openstack service create --name keystone --description "OpenStack Identity" identity openstack endpoint create --region RegionOne identity public http://192.168.25.34:5000/v2.0 openstack endpoint create --region RegionOne identity internal http://192.168.25.34:5000/v2.0 openstack endpoint create --region RegionOne identity admin http://192.168.25.34:35357/v2.0
#检查 openstack endpoint list #openstack endpoint delete ID                                    #使用这个命令删除
#验证，获取 token，只有获取到才能说明 keystone 配置成功 unset OS_TOKEN unset OS_URL openstack --os-auth-url http://192.168.25.34:35357/v3 --os-project-domain-id default --os-user-domain-id default --os-project-name admin --os-username admin --os-auth-type password token issue
 使用环境变量来获取 token，环境变量在后面创建虚拟机时也需要用。 创建两个环境变量文件，使用时直接 source！！！（注意，下面两个sh文件所在的路径，在查看命令前都要source下，不然会报错！！）
cat admin-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=admin export OS_AUTH_URL=http://192.168.25.34:35357/v3 export OS_IDENTITY_API_VERSION=3
cat demo-openrc.sh export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=demo export OS_TENANT_NAME=demo export OS_USERNAME=demo export OS_PASSWORD=demo export OS_AUTH_URL=http://192.168.25.34:5000/v3 export OS_IDENTITY_API_VERSION=3
#使用 source admin-openrc.sh
openstack token issue
11.配置 glance 镜像服务
端口： api            9191 registry    9292
#修改/etc/glance/glance-api.conf 和/etc/glance/glance-registry.conf /etc/glance/glance-api.conf notification_driver = noop                                           #galnce 不需要消息队列 connection=mysql://glance:glance@192.168.25.34/glance
auth_uri = http://192.168.25.34:5000 auth_url = http://192.168.25.34:35357
default_store=file filesystem_store_datadir=/var/lib/glance/images/
admin_user=galnce admin_password=galnce admin_tenant_name=service
flavor=keystone
#/etc/glance/glance-registry.conf verbose=True notification_driver = noop connection=mysql://glance:glance@192.168.25.34/glance auth_uri = http://192.168.25.34:5000 auth_url = http://192.168.25.34:35357
admin_user=galnce admin_password=galnce admin_tenant_name=service flavor=keystone
##创建数据库 su -s /bin/sh -c "glance-manage db_sync" glance #检查 mysql -h 192.168.25.34 -uglance -p
创建关于 glance 的 keystone 用户 source admin-openrc.sh
openstack user create --domain default --password=glance glance
openstack role add --project service --user glance admin
 启动 glance
systemctl enable openstack-glance-api
systemctl enable openstack-glance-registry
systemctl start openstack-glance-api
systemctl start openstack-glance-registry
netstat -lnutp |grep 9191 #registry netstat -lnutp |grep 9292 #api
 在 keystone 上注册 source admin-openrc.sh openstack service create --name glance --description "OpenStack Image service" image openstack endpoint create --region RegionOne image public http://192.168.25.34:9292 openstack endpoint create --region RegionOne image internal http://192.168.25.34:9292 openstack endpoint create --region RegionOne image admin http://192.168.25.34:9292
添加 glance 环境变量并测试
echo "export OS_IMAGE_API_VERSION=2" | tee -a admin-openrc.sh demo-openrc.sh glance image-list
#下载镜像上传到glance wget -q http://download.cirros-cloud.net/0.3.4/cirros-0.3.4-x86_64-disk.img glance image-create --name "cirros" --file cirros-0.3.4-x86_64-disk.img --disk-format qcow2 --container-format bare --visibility public --progress
glance image-list
qcow2格式：
wget http://cloud.centos.org/centos/7/images/CentOS-7-x86_64-GenericCloud.qcow2
glance image-create --name "CentOS-7-x86_64" --file CentOS-7-x86_64-GenericCloud.qcow2 \ --disk-format qcow2 --container-format bare --visibility public --progress
glance image-list
ls -lh /var/lib/glance/images/ -------------------------------------------------------------------------- 12.配置 nova 计算服务
修改/etc/nova/nova.conf my_ip=192.168.25.34 enabled_apis=osapi_compute,metadata auth_strategy=keystone network_api_class=nova.network.neutronv2.api.API linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver security_group_api=neutron firewall_driver = nova.virt.firewall.NoopFirewallDriver debug=true verbose=true rpc_backend=rabbit allow_resize_to_same_host=True scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter connection=mysql://nova:nova@192.168.25.34/nova
auth_uri = http://192.168.25.34:5000 auth_url = http://192.168.25.34:35357 admin_user = nova admin_password = nova admin_tenant_name = service
 virt_type=kvm [neutron] url = http://192.168.25.34:9696 auth_url = http://192.168.25.34:35357
[DEFAULT] my_ip=192.168.25.34 enabled_apis=osapi_compute,metadata auth_strategy=keystone allow_resize_to_same_host=True network_api_class=nova.network.neutronv2.api.API linuxnet_interface_driver=nova.network.linux_net.NeutronLinuxBridgeInterfaceDriver security_group_api=neutron scheduler_default_filters=RetryFilter,AvailabilityZoneFilter,RamFilter,ComputeFilter,ComputeCapabilitiesFilter,ImagePropertiesFilter,ServerGroupAntiAffinityFilter,ServerGroupAffinityFilter firewall_driver = nova.virt.firewall.NoopFirewallDriver verbose=true rpc_backend=rabbit [api_database] connection=mysql://nova:nova@192.168.25.34/nova [barbican] [cells] [cinder] [conductor] [cors] [cors.subdomain] [database] [ephemeral_storage_encryption] [glance] [guestfs] debug=true [hyperv] [image_file_url] [ironic] [keymgr] [keystone_authtoken] auth_uri = http://192.168.25.34:5000 region_name = RegionOne admin_user=nova admin_password=nova admin_tenant_name=service [libvirt] virt_type=kvm [matchmaker_redis] [matchmaker_ring] [metrics] [neutron] service_metadata_proxy = true metadata_proxy_shared_secret = neutron url = http://192.168.25.34:9696 auth_url = http://192.168.25.34:35357 auth_plugin = password password = neutron project_domain_id = default project_name = service user_domain_id = default username = neutron [osapi_v21] [oslo_concurrency] lock_path=/var/lib/nova/tmp [oslo_messaging_amqp] [oslo_messaging_qpid] [oslo_messaging_rabbit] rabbit_host=192.168.25.34 rabbit_port=5672 rabbit_userid=openstack rabbit_password=openstack [oslo_middleware] [rdp] [serial_console] [spice] [ssl] [trusted_computing] [upgrade_levels] [vmware] [vnc] novncproxy_base_url=http://192.168.25.34:6080/vnc_auto.html  vncserver_listen= $my_ip vncserver_proxyclient_address= $my_ip keymap=en-us [workarounds] [xenserver] [zookeeper]
 ##同步数据库 su -s /bin/sh -c "nova-manage db sync" nova
#检查数据库表 mysql -h 192.168.25.34 -unova -pnova show databases; use nova; show tables;
 13.创建 nova 的 keystone 用户 openstack user create --domain default --password=nova nova openstack role add --project service --user nova admin
 ##启动 nova 相关服务 systemctl enable openstack-nova-api.service openstack-nova-cert.service \  openstack-nova-consoleauth.service openstack-nova-scheduler.service \  openstack-nova-conductor.service openstack-nova-novncproxy.service     systemctl start openstack-nova-api.service openstack-nova-cert.service \ openstack-nova-consoleauth.service openstack-nova-scheduler.service \ openstack-nova-conductor.service openstack-nova-novncproxy.service
##在 keystone 上注册 source admin-openrc.sh openstack service create --name nova --description "OpenStack Compute" compute openstack endpoint create --region RegionOne compute public http://192.168.25.34:8774/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne compute internal http://192.168.25.34:8774/v2/%\(tenant_id\)s openstack endpoint create --region RegionOne compute admin http://192.168.25.34:8774/v2/%\(tenant_id\)s
#检查 openstack host list
#启动服务 systemctl enable libvirtd openstack-nova-compute systemctl start libvirtd openstack-nova-compute
#测试 openstack host list
nova image-list                  #测试 glance 是否正常 报错信息： ERROR (ClientException): Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible. <class 'glanceclient.exc.HTTPInternalServerError'> (HTTP 500) (Request-ID: req-9f4d8a7b-be9d-4a3c-8b47-1d1f7e267e39)
###解决方法： 
nova endpoints                     #测试 keystone