当尝试定位到 Horizo​​n 时，我得到：客户端被服务器配置拒绝：/usr/bin/keystone-wsgi-public

我最近重新格式化了我的所有 openstack 服务器（它们的版本非常旧），并在全新安装的 Ubuntu 20 上安装了 Victoria。为简单起见，我从一个控制器和一个计算节点开始，然后我将添加其他计算节点。

我正在使用此处的文档手动安装：https://docs.openstack.org/install-guide/openstack-services.html

当我在 Horizo​​n 文档中时：https://docs.openstack.org/horizo​​n/victoria/install/install-ubuntu.html

我去验证了一下，发现两个问题：

1. 我看不到要登录哪个域的选项。以前这里显示“默认”，当我添加更多域时，我可以选择它们
2. 当我登录时，我收到“无效凭据。”的信息。

我知道我输入了正确的密码。在 apache 错误日志中，我看到：

[wsgi:error] [pid 1387564:tid 139949121787648] [remote 10.131.39.250:53860] INFO openstack_auth.forms Login failed for user "admin" using domain "Default", remote address 10.131.39.250.
[Fri Feb 12 15:46:29.473914 2021] [authz_core:error] [pid 1387576:tid 139947818350336] [client 10.131.39.40:42436] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public

我没有看到其他错误，除了 neutron 目前无法工作（我选择选项 2，而之前的 openstack 安装是选项 1）。我认为即使 neutron 坏了，我仍然应该能够登录（它每隔几分钟就会重新启动并给出有关 VLAN 的错误，这很有意义，因为我还没有添加任何 VLAN...我想）。

有什么建议吗？我确实没有在日志中看到更多错误。不知道还要检查什么（除了我的配置，但在此之前我已经运行了几年的 openstack...）

我读过了这个帖子和回应，但没有帮助。

更新：当我查看正常的 apache/error.log 时，我还看到：

[Fri Feb 12 16:37:42.324305 2021] [core:notice] [pid 1387561:tid 139949150809152] AH00094: Command line: '/usr/sbin/apache2'

[Fri Feb 12 16:38:03.236892 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3.8/warnings.py:30: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:03.236961 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   file.write(text)

[Fri Feb 12 16:38:03.236974 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3/dist-packages/scss/types.py:6: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working

[Fri Feb 12 16:38:03.236981 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   from collections import Iterable

[Fri Feb 12 16:38:03.258459 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3/dist-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated since Python 3.0, use inspect.signature() or inspect.getfullargspec()

[Fri Feb 12 16:38:03.258494 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   argspec = inspect.getargspec(function)

[Fri Feb 12 16:38:03.263775 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3/dist-packages/scss/selector.py:26: FutureWarning: Possible nested set at position 329

[Fri Feb 12 16:38:03.263789 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   SELECTOR_TOKENIZER = re.compile(r'''

[Fri Feb 12 16:38:04.056002 2021] [authz_core:error] [pid 1397759:tid 139948682372864] [client 10.131.39.40:44268] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public

[Fri Feb 12 16:38:04.058335 2021] [wsgi:error] [pid 1397748:tid 139949113394944] [remote 10.131.39.250:54556] /usr/lib/python3.8/logging/__init__.py:1084: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:04.058355 2021] [wsgi:error] [pid 1397748:tid 139949113394944] [remote 10.131.39.250:54556]   stream.write(msg + self.terminator)

[Fri Feb 12 16:38:04.058366 2021] [wsgi:error] [pid 1397748:tid 139949113394944] [remote 10.131.39.250:54556] INFO openstack_auth.forms Login failed for user "demo" using domain "Default", remote address 10.131.39.250.

[Fri Feb 12 16:38:06.142850 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3.8/warnings.py:30: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:06.142921 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   file.write(text)

[Fri Feb 12 16:38:06.142934 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3/dist-packages/scss/types.py:6: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working

[Fri Feb 12 16:38:06.142940 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   from collections import Iterable

[Fri Feb 12 16:38:06.164363 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3/dist-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated sincePython 3.0, use inspect.signature() or inspect.getfullargspec()

[Fri Feb 12 16:38:06.164384 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   argspec = inspect.getargspec(function)

[Fri Feb 12 16:38:06.169658 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3/dist-packages/scss/selector.py:26: FutureWarning: Possible nested set at position 329

[Fri Feb 12 16:38:06.169672 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   SELECTOR_TOKENIZER = re.compile(r'''

[Fri Feb 12 16:38:09.381662 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3.8/warnings.py:30: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:09.381736 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   file.write(text)

[Fri Feb 12 16:38:09.381748 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3/dist-packages/scss/types.py:6: DeprecationWarning: Using or importing the ABCs from 'collections'instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working

[Fri Feb 12 16:38:09.381755 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   from collections import Iterable

[Fri Feb 12 16:38:09.403181 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3/dist-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated sincePython 3.0, use inspect.signature() or inspect.getfullargspec()

[Fri Feb 12 16:38:09.403201 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   argspec = inspect.getargspec(function)

[Fri Feb 12 16:38:09.408530 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3/dist-packages/scss/selector.py:26: FutureWarning: Possible nested set at position 329

[Fri Feb 12 16:38:09.408545 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   SELECTOR_TOKENIZER = re.compile(r'''

我这里有一些新信息。感谢 berndbauschs 的评论，默认域确实出现了。

我的日志文件中确实有一个 keystone 错误，它是：

2021-02-13 06:03:46.789 1585439 WARNING keystone.server.flask.application [req-4d8bb568-3024-4506-8100-cb9ec77b21c5 - - - - -] Expecting to find application/json in Content-Type header. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.: keystone.exception.ValidationError: Expecting to find application/json in Content-Type header. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.

2021-02-13 14:26:28.665 2104630 WARNING keystone.common.rbac_enforcer.enforcer [req-d557ae42-2432-46cf-a0d4-bb60a83334df 59cd620ab38b42ab82dcc93f2bc75f60 21486012e6174f69a62a2957731d6caf - default default] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.

我无法复制上面的第一个错误。使用 oslopolicy-policy-generator 会出现 python 错误。我不确定这是否应该起作用。我猜我应该在 keystone 目录中执行此操作...例如

oslopolicy-policy-generator --config-dir /etc/keystone
Traceback (most recent call last):
  File "/usr/bin/oslopolicy-policy-generator", line 10, in <module>
    sys.exit(generate_policy())
  File "/usr/lib/python3/dist-packages/oslo_policy/generator.py", line 520, in generate_policy
    _check_for_namespace_opt(conf)
  File "/usr/lib/python3/dist-packages/oslo_policy/generator.py", line 499, in _check_for_namespace_opt
    raise cfg.RequiredOptError('namespace', 'DEFAULT')
oslo_config.cfg.RequiredOptError: <exception str() failed>

不知道接下来该做什么。我没有看到其他 Apache 错误。

来自 neal_utas 的解决方案更新：

Horizo​​n 的文档位于docs.openstack.org（至少对于 ubuntu）是错误的。编辑 /etc/openstack-dashboard/local_settings.py 时，在线文档缺少端口 5000。OPENSTACK_KEYSTONE_URL 的正确条目是：

OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST

进行该更改然后重新启动（systemctl reload apache2.service）后，它就可以正常工作。