next up previous contents
Next: About this document ... Up: 除錯 Previous: 問題四   Contents


問題五

  1. cinder 無法認證。
    [root@deyu ~(keystone_admin)]# cinder list
    ERROR: Unauthorized
    
  2. keystone 的紀錄出現錯誤訊息。
    [root@deyu ~(keystone_admin)]# tail -n1 /var/log/keystone/keystone.log 
    2015-05-16 06:41:54  WARNING [keystone.common.wsgi] Authorization failed.\
     The request you have made requires authentication. from 127.0.0.1
    
  3. 除錯方式:
    1. 查看 keystone user,用戶 cinder 存在且可登入 mysql。
      [root@deyu ~(keystone_admin)]# keystone user-list
      +----------------------------------+--------+---------+-------+
      |                id                |  name  | enabled | email |
      +----------------------------------+--------+---------+-------+
      | ff99e4ef2f3945b3b1bac587b269850c | admin  |   True  |       |
      | 5ec845f701db4f13b094a9f744243490 | cinder |   True  |       |
      | ada0dcb023d94a18887fd85346f82628 | glance |   True  |       |
      | ed828cc47d934ecb9cc17c8911993ad9 | myuser |   True  |       |
      +----------------------------------+--------+---------+-------+
      
    2. keystone 刪除 cinder user,重新產生。
      [root@deyu ~(keystone_admin)]# keystone user-delete 5ec845f701db4f13b094a9f744243490
      
      [root@deyu ~(keystone_admin)]# keystone user-list
      +----------------------------------+--------+---------+-------+
      |                id                |  name  | enabled | email |
      +----------------------------------+--------+---------+-------+
      | ff99e4ef2f3945b3b1bac587b269850c | admin  |   True  |       |
      | ada0dcb023d94a18887fd85346f82628 | glance |   True  |       |
      | ed828cc47d934ecb9cc17c8911993ad9 | myuser |   True  |       |
      +----------------------------------+--------+---------+-------+
      
    3. keystone 重新產生 user cinder。
      [root@deyu ~(keystone_admin)]# keystone user-create --name cinder --pass 123qwe
      +----------+----------------------------------+
      | Property |              Value               |
      +----------+----------------------------------+
      |  email   |                                  |
      | enabled  |               True               |
      |    id    | 114d0320faa84ca594c75df0b6db4f3c |
      |   name   |              cinder              |
      | tenantId |                                  |
      +----------+----------------------------------+
      
    4. keystone 列出 service cinder 也存在,也是刪除再重新產生。
      [root@deyu ~(keystone_admin)]# keystone service-list
      +----------------------------------+----------+----------+---------------------------------+
      |                id                |   name   |   type   |           description           |
      +----------------------------------+----------+----------+---------------------------------+
      | e300fa9ccb3b424e8bb38ae8f61b24af |  cinder  |  volume  | OpenStack Block Storage Service |
      | 9d80262e915745aabe7e6cf6b341e383 |  glance  |  image   |     OpenStack Image Service     |
      | 9b8bf35474aa43aca37fefdc57c6e6a3 | keystone | identity |    Keystone Identity Service    |
      +----------------------------------+----------+----------+---------------------------------+
      
    5. keystone 刪除 cinder service。
      [root@deyu ~(keystone_admin)]# keystone service-delete e300fa9ccb3b424e8bb38ae8f61b24af
      
    6. keystone 列出 endpoint,並沒有 cinder 產生 port 8776 的 endpoint,當然無法連線,表示一開始就沒有產生成功。
      [root@deyu ~(keystone_admin)]# keystone endpoint-list 
      +----------------------------------+-----------+----------------------------+----------------------------+-----------------------------+----------------------------------+
      |                id                |   region  |         publicurl          |        internalurl         |           adminurl          |            service_id            |
      +----------------------------------+-----------+----------------------------+----------------------------+-----------------------------+----------------------------------+
      | a9da1cafdbf84441a1fc268c1df7561b | regionOne |   http://deyu.wang:9292    |   http://deyu.wang:9292    |    http://deyu.wang:9292    | 9d80262e915745aabe7e6cf6b341e383 |
      | ca4b563329944e41a77eaf62658be7d9 | regionOne | http://deyu.wang:5000/v2.0 | http://deyu.wang:5000/v2.0 | http://deyu.wang:35357/v2.0 | 9b8bf35474aa43aca37fefdc57c6e6a3 |
      +----------------------------------+-----------+----------------------------+----------------------------+-----------------------------+----------------------------------+
      
    7. keystone 再加入 cinder 的 role 時發現 tenant service 並不存在,這才是問題的主因。
      [root@deyu ~(keystone_admin)]# keystone user-role-add \
      > --user cinder --role admin --tenant services
      No tenant with a name or ID of 'services' exists.
      
    8. keystone 查詢 tenant,並沒有名為 services 的 tenant。
      [root@deyu ~(keystone_admin)]# keystone tenant-list
      +----------------------------------+----------+---------+
      |                id                |   name   | enabled |
      +----------------------------------+----------+---------+
      | bc6c37d6af2b4bc98295cf42191e6193 |  admin   |   True  |
      | 8516007a522e4e29a05db19e0c93a185 | mytenant |   True  |
      +----------------------------------+----------+---------+
      
    9. keystone 產生名為 services 的 tenant。
      [root@deyu ~(keystone_admin)]# keystone tenant-create --name services
      +-------------+----------------------------------+
      |   Property  |              Value               |
      +-------------+----------------------------------+
      | description |                                  |
      |   enabled   |               True               |
      |      id     | 26247a78e43545aea49d8e81d085401c |
      |     name    |             services             |
      +-------------+----------------------------------+
      
    10. keystone 列出 tenant,已出現 services。
      [root@deyu ~(keystone_admin)]# keystone tenant-list
      +----------------------------------+----------+---------+
      |                id                |   name   | enabled |
      +----------------------------------+----------+---------+
      | bc6c37d6af2b4bc98295cf42191e6193 |  admin   |   True  |
      | 8516007a522e4e29a05db19e0c93a185 | mytenant |   True  |
      | 26247a78e43545aea49d8e81d085401c | services |   True  |
      +----------------------------------+----------+---------+
      
    11. keystone 也可成功將用戶 cinder 加入角色。
      [root@deyu ~(keystone_admin)]# keystone user-role-add --user cinder --role admin --tenant services
      
    12. keystone 重新產生 cinder 的服務。
      [root@deyu ~(keystone_admin)]# keystone service-create \
      > --name=cinder --type=volume --description="Openstack Block Storage Service"
      +-------------+----------------------------------+
      |   Property  |              Value               |
      +-------------+----------------------------------+
      | description | Openstack Block Storage Service  |
      |      id     | 7f899835e900452a9250629cd827765f |
      |     name    |              cinder              |
      |     type    |              volume              |
      +-------------+----------------------------------+
      
    13. 記下 cinder service 的 id,產生 endpoint。
      [root@deyu ~(keystone_admin)]# keystone endpoint-create \
      --service-id 7f899835e900452a9250629cd827765f \
      --publicurl 'http://deyu.wang:8776/v1/%(tenant_id)s' \
      --adminurl 'http://deyu.wang:8776/v1/%(tenant_id)s' \
      --internalurl 'http://deyu.wang:8776/v1/%(tenant_id)s'
      +-------------+----------------------------------------+
      |   Property  |                 Value                  |
      +-------------+----------------------------------------+
      |   adminurl  | http://deyu.wang:8776/v1/%(tenant_id)s |
      |      id     |    1fece0bf014f4b26b16d593cd456eee0    |
      | internalurl | http://deyu.wang:8776/v1/%(tenant_id)s |
      |  publicurl  | http://deyu.wang:8776/v1/%(tenant_id)s |
      |    region   |               regionOne                |
      |  service_id |    7f899835e900452a9250629cd827765f    |
      +-------------+----------------------------------------+
      
    14. 重新啟動 cinder 服務,a.sh 腳本只是將三個服務的啟動寫在一起,方便 cinder 重新啟動。
      [root@deyu ~(keystone_admin)]# sh a.sh
      Stopping openstack-cinder-scheduler:                       [  OK  ]
      Starting openstack-cinder-scheduler:                       [  OK  ]
      Stopping openstack-cinder-api:                             [  OK  ]
      Starting openstack-cinder-api:                             [  OK  ]
      Stopping openstack-cinder-volume:                          [  OK  ]
      Starting openstack-cinder-volume:                          [  OK  ]
      
    15. 再執行 cinder list 已可成功認證,沒有錯誤訊息。
      [root@deyu ~(keystone_admin)]# cinder list
      



2015-12-29