openstack nova service-list认证问题
宿主机系统:centos7openstack版本:kilo
问题:
在安装openstack过程中,本来第一次装好后,所有组件均能正常使用。但是重启控制节点后,除keystone,glance组件以外的其他组件均出现认证错误。详细信息如下【以nova service-list为例】:
admin-openrc.sh
/etc/nova/nova.conf 认证片段
时区和token信息如下
问题:
在安装openstack过程中,本来第一次装好后,所有组件均能正常使用。但是重启控制节点后,除keystone,glance组件以外的其他组件均出现认证错误。详细信息如下【以nova service-list为例】:
[root@node5 ~]# nova --debug service-list
DEBUG (session:195) REQ: curl -g -i -X GET http://node5:35357/v3 -H "Accept: application/json" -H "User-Agent: python-keystoneclient"
INFO (connectionpool:203) Starting new HTTP connection (1): node5
DEBUG (connectionpool:383) "GET /v3 HTTP/1.1" 200 245
DEBUG (session:224) RESP: [200] content-length: 245 vary: X-Auth-Token keep-alive: timeout=5, max=100 server: Apache/2.4.6 (CentOS) mod_wsgi/3.4 Python/2.7.5 connection: Keep-Alive date: Tue, 11 Aug 2015 03:11:28 GMT content-type: application/json x-openstack-request-id: req-de609777-0331-4bb0-998d-4431e3a097d7
RESP BODY: {"version": {"status": "stable", "updated": "2015-03-30T00:00:00Z", "media-types": [{"base": "application/json", "type": "application/vnd.openstack.identity-v3+json"}], "id": "v3.4", "links": [{"href": "http://node5:35357/v3/", "rel": "self"}]}}
DEBUG (base:171) Making authentication request to http://node5:35357/v3/auth/tokens
DEBUG (connectionpool:383) "POST /v3/auth/tokens HTTP/1.1" 201 5740
DEBUG (iso8601:184) Parsed 2015-08-11T04:11:28.435147Z into {'tz_sign': None, 'second_fraction': u'435147', 'hour': u'04', 'daydash': u'11', 'tz_hour': None, 'month': None, 'timezone': u'Z', 'second': u'28', 'tz_minute': None, 'year': u'2015', 'separator': u'T', 'monthdash': u'08', 'day': None, 'minute': u'11'} with default timezone
DEBUG (iso8601:140) Got u'2015' for 'year' with default None
DEBUG (iso8601:140) Got u'08' for 'monthdash' with default 1
DEBUG (iso8601:140) Got 8 for 'month' with default 8
DEBUG (iso8601:140) Got u'11' for 'daydash' with default 1
DEBUG (iso8601:140) Got 11 for 'day' with default 11
DEBUG (iso8601:140) Got u'04' for 'hour' with default None
DEBUG (iso8601:140) Got u'11' for 'minute' with default None
DEBUG (iso8601:140) Got u'28' for 'second' with default None
DEBUG (session:195) REQ: curl -g -i -X GET http://node5:8774/v2/943cb4c0ae4d48158e9c1ef9d67f97b3/os-services -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-Auth-Token: {SHA1}de5538fadcfb8c6deb6f3fab2fd00a62efef5036"
INFO (connectionpool:203) Starting new HTTP connection (1): node5
DEBUG (connectionpool:383) "GET /v2/943cb4c0ae4d48158e9c1ef9d67f97b3/os-services HTTP/1.1" 401 23
DEBUG (session:224) RESP:
DEBUG (base:171) Making authentication request to http://node5:35357/v3/auth/tokens
DEBUG (connectionpool:383) "POST /v3/auth/tokens HTTP/1.1" 201 5740
DEBUG (connectionpool:383) "GET /v2/943cb4c0ae4d48158e9c1ef9d67f97b3/os-services HTTP/1.1" 401 23
DEBUG (session:224) RESP:
DEBUG (shell:914) Unauthorized (HTTP 401) (Request-ID: req-faf78ed3-ab2d-4493-b42b-8c35f0ed68a7)
Traceback (most recent call last):
File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 911, in main
OpenStackComputeShell().main(argv)
File "/usr/lib/python2.7/site-packages/novaclient/shell.py", line 838, in main
args.func(self.cs, args)
File "/usr/lib/python2.7/site-packages/novaclient/v2/shell.py", line 3442, in do_service_list
result = cs.services.list(host=args.host, binary=args.binary)
File "/usr/lib/python2.7/site-packages/novaclient/v2/services.py", line 49, in list
return self._list(url, "services")
File "/usr/lib/python2.7/site-packages/novaclient/base.py", line 64, in _list
_resp, body = self.api.client.get(url)
File "/usr/lib/python2.7/site-packages/keystoneclient/adapter.py", line 170, in get
return self.request(url, 'GET', **kwargs)
File "/usr/lib/python2.7/site-packages/novaclient/client.py", line 96, in request
raise exceptions.from_response(resp, body, url, method)
Unauthorized: Unauthorized (HTTP 401) (Request-ID: req-faf78ed3-ab2d-4493-b42b-8c35f0ed68a7)
ERROR (Unauthorized): Unauthorized (HTTP 401) (Request-ID: req-faf78ed3-ab2d-4493-b42b-8c35f0ed68a7)
admin-openrc.sh
export OS_PROJECT_DOMAIN_ID=default export OS_USER_DOMAIN_ID=default export OS_PROJECT_NAME=admin export OS_TENANT_NAME=admin export OS_USERNAME=admin export OS_PASSWORD=tairancloud export OS_AUTH_URL=http://node5:35357/v3 export OS_IMAGE_API_VERSION=2 export OS_VOLUME_API_VERSION=2
/etc/nova/nova.conf 认证片段
[keystone_authtoken] auth_uri=http://node5:5000 auth_url=http://node5:35357 auth_plugin=password project_domain_id=default user_domain_id=default project_name=service username=nova password=tairancloud
时区和token信息如下
[root@node5 ~]# openstack token issue +------------+----------------------------------+ | Field | Value | +------------+----------------------------------+ | expires | 2015-08-11T04:14:51.783318Z | | id | e80f3205193742feac4627ab46f1bce6 | | project_id | 943cb4c0ae4d48158e9c1ef9d67f97b3 | | user_id | b7bb1bdcafc64bf1a28f3da40a68fe66 | +------------+----------------------------------+ [root@node5 ~]# timedatectl Local time: Tue 2015-08-11 11:14:55 CST Universal time: Tue 2015-08-11 03:14:55 UTC RTC time: Tue 2015-08-11 03:14:55 Timezone: Asia/Shanghai (CST, +0800) NTP enabled: yes NTP synchronized: yes RTC in local TZ: no DST active: n/a