我正在尝试使用 SSL 证书安装 openstack,我可以运行 keystone(在端口 5000 上),但是当我尝试连接到 Glance API(端口 9292)时,它会失败,它只能通过 http 访问,而不能通过 https 访问,我觉得 keystone 可以工作是因为它在“/etc/apache2/site-enabled/keystone.conf”中有单独的配置文件,但 Glance(和其他服务)有不同的故事,您可以通过 openstack cli(apache2)创建端点并将此配置添加到 nginx.conf 的末尾
stream {
upstream glance-api {
server 127.0.0.1:9292;
}
server {
listen <public_ip>:9292 ssl;
proxy_pass glance-api;
}
ssl_certificate "/etc/letsencrypt/live/hoodadcloud.ir/fullchain.pem";
ssl_certificate_key "/etc/letsencrypt/live/hoodadcloud.ir/privkey.pem"; }
当我将其添加到配置中时,无法通过运行“journalctl -xeu nginx.service”重新启动 nginx 服务
controller nginx[44254]: nginx: [emerg] bind() to <public_ip>:9292 failed (98: Unknown error)
controller nginx[44254]: nginx: [emerg] bind() to <public_ip>:9292 failed (98: Unknown error)
controller nginx[44254]: nginx: [emerg] bind() to <public_ip>:9292 failed (98: Unknown error)
controller nginx[44254]: nginx: [emerg] bind() to <public_ip>:9292 failed (98: Unknown error)
controller nginx[44254]: nginx: [emerg] bind() to <public_ip>:9292 failed (98: Unknown error)
controller nginx[44254]: nginx: [emerg] still could not bind()
controller systemd[1]: nginx.service:Control process exited, code=exited, status=1/FAILURE Subject: Unit process exited DefinedBy:systemd
我 90% 确定这是因为使用 ubuntu server 22.04 LTS minimal 时,端口 9292 在 http 上运行,而不是在 https 上运行
openstack 用户列表工作正常(keystone)
openstack 镜像列表(一览)
Failed to contact the endpoint at https://hoodadcloud.ir:9292 for discovery. Fallback to using that endpoint as the base url.
Failed to contact the endpoint at https://hoodadcloud.ir:9292 for discovery. Fallback to using that endpoint as the base url.
The image service for : exists but does not have any supported versions.
网络状态-ntlp
tcp 0 0 0.0.0.0:9292 0.0.0.0:* LISTEN 292411/python3
答案1
感谢 diya,问题是端口 9292 或任何其他 openstack 服务正在监听所有 ip 地址 (0.0.0.0),解决方案是设置
bind_host = 127.0.0.1
在 /etc/glance/glance-api.conf 中,nginx 代理将启动,并且您可以解析 api
tcp 0 0 127.0.0.1:9292 0.0.0.0:* LISTEN 292411/python3