我将 openstack 环境从 newton 更新到了 queens。由于我没有找到升级进度的最佳实践解决方案,因此我使用 apt 将软件包升级到 queens。我遇到了来自 keystone、glance 和 nova 的几个错误,并且可以通过对数据库和配置文件进行一些更改来修复它们(特别是我将 auth. 方法从 v2 更改为 v3)。但不幸的是,我没有发现我的 neutron 配置存在问题。每次我尝试列出我的网络时,我都会收到以下错误:
******@ctrl:~$ openstack network list
HttpException: 503: Server Error for url: http://ctrl:9696/v2.0/networks, Service Unavailable
/var/log/neutron-server.log
2019-02-05 09:37:09.263 21087 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-a7c96551-ca90-48e8-af95-297acc82bd23)
2019-02-05 09:37:09.287 21087 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-beed4c2e-1c65-4adf-bb3c-17b6b7170e64)
2019-02-05 09:37:09.288 21087 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data: ServiceError: Identity server rejected authorization necessary to fetch token data
2019-02-05 09:37:09.289 21087 INFO neutron.wsgi [-] 192.168.0.2 "GET /v2.0/ports?tenant_id=885ea3ee676b41c6a2ef1d15b76e1ff0&device_id=286b1b13-cba6-45f7-8934-421f675778d4 HTTP/1.1" status: 503 len: 386 time: 0.0506890
/var/log/apache2/keystone_access.log
192.168.0.1 - - [05/Feb/2019:09:37:09 +0000] "POST /v3/auth/tokens HTTP/1.1" 401 482 "-"
"neutron/12.0.5 keystonemiddleware.auth_token/4.21.0 keystoneauth1/3.4.0 python-requests/
2.18.4 CPython/2.7.12"
192.168.0.1 - - [05/Feb/2019:09:37:09 +0000] "POST /v3/auth/tokens HTTP/1.1" 401 481 "-"
"neutron/12.0.5 keystonemiddleware.auth_token/4.21.0 keystoneauth1/3.4.0 python-requests/
2.18.4 CPython/2.7.12"
192.168.0.1 - - [05/Feb/2019:09:37:11 +0000] "GET /v3/auth/tokens HTTP/1.1" 200 4982 "-"
"python-keystoneclient"
192.168.0.1 - - [05/Feb/2019:09:37:20 +0000] "POST /v3/auth/tokens HTTP/1.1" 401 482 "-"
"neutron/12.0.5 keystonemiddleware.auth_token/4.21.0 keystoneauth1/3.4.0 python-requests/
2.18.4 CPython/2.7.12"
192.168.0.1 - - [05/Feb/2019:09:37:20 +0000] "POST /v3/auth/tokens HTTP/1.1" 401 481 "-"
"neutron/12.0.5 keystonemiddleware.auth_token/4.21.0 keystoneauth1/3.4.0 python-requests/
2.18.4 CPython/2.7.12"
我多次检查了 /etc/neutron 和 /etc/nova 中配置的 [keystone_auth] 密码,它是正确的!
我的 neutron 配置文件:/etc/neutron/neutron.conf
[DEFAULT]
# ...
core_plugin = ml2
service_plugins = router
allow_overlapping_ips = true
transport_url = rabbit://openstack:<passwordRemoved>@ctrl
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[keystone_authtoken]
# ...
auth_uri = http://ctrl:5000
auth_url = http://ctrl:5000
memcached_servers = ctrl:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = <passwordRemoved>
[database]
# ...
connection = mysql+pymysql://neutron:<passwordRemoved>@ctrl/neutron
[nova]
# ...
auth_url = http://ctrl:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = <passwordRemoved>
/etc/neutron/api-paste.ini
[composite:neutron]
use = egg:Paste#urlmap
/: neutronversions_composite
/v2.0: neutronapi_v2_0
[composite:neutronapi_v2_0]
use = call:neutron.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id catch_errors extensions neutronapiapp_v2_0
keystone = cors http_proxy_to_wsgi request_id catch_errors authtoken keystonecontext extensions neutronapiapp_v2_0
[composite:neutronversions_composite]
use = call:neutron.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi neutronversions
keystone = cors http_proxy_to_wsgi neutronversions
[filter:request_id]
paste.filter_factory = oslo_middleware:RequestId.factory
[filter:catch_errors]
paste.filter_factory = oslo_middleware:CatchErrors.factory
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = neutron
[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
[filter:keystonecontext]
paste.filter_factory = neutron.auth:NeutronKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
auth_plugin = password
auth_url = http://ctrl:5000
username = neutron
password = <passwordRemoved>
project_name = services
user_domain_name = Default
project_domain_name = Default
auth_uri = http://ctrl:5000
[filter:extensions]
paste.filter_factory = neutron.api.extensions:plugin_aware_extension_middleware_factory
[app:neutronversions]
paste.app_factory = neutron.pecan_wsgi.app:versions_factory
[app:neutronapiapp_v2_0]
paste.app_factory = neutron.api.v2.router:APIRouter.factory
[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory
/etc/neutron/插件/ml2/ml2_conf.ini
[DEFAULT]
core_plugin = ml2
service_plugins =
transport_url = rabbit://openstack:<passwordRemoved>@ctrl
auth_strategy = keystone
notify_nova_on_port_status_changes = true
notify_nova_on_port_data_changes = true
[database]
# ...
connection = mysql+pymysql://neutron:<passwordRemoved>@ctrl/neutron
[keystone_authtoken]
# ...
auth_uri = http://ctrl:5000
auth_url = http://ctrl:5000
memcached_servers = ctrl:11211
auth_type = password
project_domain_name = default
user_domain_name = default
project_name = service
username = neutron
password = <passwordRemoved>
[nova]
# ...
auth_url = http://ctrl:5000
auth_type = password
project_domain_name = default
user_domain_name = default
region_name = RegionOne
project_name = service
username = nova
password = <passwordRemoved>
<---------</snipped>--------->
Neutron-server 和 rabbitmq-server 的状态:
*******@ctrl:~$ sudo service neutron-server status
● neutron-server.service - OpenStack Neutron Server
Loaded: loaded (/lib/systemd/system/neutron-server.service; enabled; vendor preset: ena
Active: active (running) since Tue 2019-02-05 08:56:50 UTC; 1h 7min ago
Main PID: 21070 (neutron-server)
Tasks: 8
Memory: 349.7M
CPU: 20.526s
CGroup: /system.slice/neutron-server.service
├─21070 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
├─21085 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
├─21086 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
├─21087 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
├─21088 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
├─21089 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
├─21090 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
└─21091 /usr/bin/python2 /usr/bin/neutron-server --config-file=/etc/neutron/neu
Feb 05 08:56:50 ctrl systemd[1]: Started OpenStack Neutron Server.
******@ctrl:~$ sudo service rabbitmq-server status
● rabbitmq-server.service - RabbitMQ Messaging Server
Loaded: loaded (/lib/systemd/system/rabbitmq-server.service; enabled; vendor preset: en
Active: active (running) since Fri 2019-02-01 12:20:31 UTC; 3 days ago
Main PID: 1304 (rabbitmq-server)
Tasks: 78
Memory: 53.1M
CPU: 54min 47.360s
CGroup: /system.slice/rabbitmq-server.service
├─1304 /bin/sh /usr/sbin/rabbitmq-server
├─1337 /bin/sh /usr/lib/rabbitmq/bin/rabbitmq-server
├─1717 /usr/lib/erlang/erts-7.3/bin/epmd -daemon
├─2219 /usr/lib/erlang/erts-7.3/bin/beam.smp -W w -A 64 -P 1048576 -t 5000000 -
├─2482 inet_gethost 4
└─2483 inet_gethost 4
Feb 01 12:20:04 ctrl systemd[1]: Starting RabbitMQ Messaging Server...
Feb 01 12:20:21 ctrl rabbitmq[1305]: Waiting for rabbit@ctrl
Feb 01 12:20:21 ctrl rabbitmq[1305]: pid is 1337
Feb 01 12:20:31 ctrl systemd[1]: Started RabbitMQ Messaging Server.
有人可以给我发送一些反馈吗,我还可以检查什么,或者我是否遗漏了一些配置参数?提前谢谢,并致以最诚挚的问候 Luke
答案1
您可以通过以下命令为 neutron 用户分配管理员角色:
openstack role add --project service --user neutron admin