安装openstack - mitaka遇到的坑

认证服务

• keystone和apache2都需要占用5000和35357端口
  解决办法:
  关闭keystone服务, 通过apache2来调用keystone

service keystone stop

初始化keystone服务失败

• 初始化keystone:
  su -s /bin/sh -c "keystone-manage db_sync" keystone
• 错误提示:
  oslo_db.sqlalchemy.engines [-] SQL connection failed. 10 attempts left.
• 解决方法:

  • 使用root登录MySQL
    MariaDB [(none)]> show variables like "%char%";
    +--------------------------+----------------------------+
    | Variable_name | Value |
    +--------------------------+----------------------------+
    | character_set_client | utf8mb4 |
    | character_set_connection | utf8mb4 |
    | character_set_database | utf8mb4 |
    | character_set_filesystem | binary |
    | character_set_results | utf8mb4 |
    | character_set_server | utf8mb4 |
    | character_set_system | utf8 |
    | character_sets_dir | /usr/share/mysql/charsets/ |
    +--------------------------+----------------------------+
    8 rows in set (0.02 sec)
    MariaDB [(none)]>exit

  • 修改/etc/mysql/mariadb.conf.d/目录下的文件“50-client.cnf 50-mysql-clients.cnf 50-server.cnf”
    将其中的utf8mb4修改为utf8
    mariadb 修改允许远程访问
    sed -i 's/127.0.0.1/0.0.0.0/g' /etc/mysql/mariadb.conf.d/50-server.cnf

  • 重启mysql服务
    service mysql restart

  • 再次进入MySQL
    MariaDB [(none)]> show variables like "%char%";
    +--------------------------+----------------------------+
    | Variable_name | Value |
    +--------------------------+----------------------------+
    | character_set_client | utf8 |
    | character_set_connection | utf8 |
    | character_set_database | utf8 |
    | character_set_filesystem | binary |
    | character_set_results | utf8 |
    | character_set_server | utf8 |
    | character_set_system | utf8 |
    | character_sets_dir | /usr/share/mysql/charsets/ |
    +--------------------------+----------------------------+

  • 此时还需将原有的数据库keystone删除再重新创建

MariaDB [(none)]>drop database keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> CREATE DATABASE keystone;
Query OK, 1 row affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'%' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> GRANT ALL PRIVILEGES ON keystone.* TO 'keystone'@'localhost' IDENTIFIED BY '123456';
Query OK, 0 rows affected (0.00 sec)
MariaDB [(none)]> exit
Bye

• 再进行同步数据库
  su -s /bin/sh -c "keystone-manage db_sync" keystone

控制节点nova配置的时候default不能少

控制节点配置nova的时候, 必须在默认的nova.conf基础上修改

openstack-dashboard打开报错500

查看/var/log/apache2/error.log，发现如下报错信息:
[wsgi:error] [pid 11215:tid 140471222830848] [client 10.65.50.27:5433] Truncated or oversized response headers received from daemon process 'horizon': /usr/share/openstack-dashboard/openstack_dashboard/wsgi/django.wsgi
解决办法:
打开openstack-dashboard的apache2配置文件
vi /etc/apache2/conf-available/openstack-dashboard.conf
增加一行
WSGIApplicationGroup %{GLOBAL}
重启apache2：
service apache2 reload

各个节点时间同步问题

• 注意各个节点时间差不能太大
• 注意各个节点的时区
  修改时间:
  date -s MM/DD/YY #修改日期
date -s hh:mm:ss #修改时间
  修改时区:
  ll /etc/localtime #查看时区
ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime

查看各个服务是否正常

查看nova服务

nova-manage service list
结果如下，如果state是非:-)说明服务不正常，可能是NTP时间不同步导致：

Option "verbose" from group "DEFAULT" is deprecated for removal.  Its value may be silently ignored in the future.
DEPRECATED: Use the nova service-* commands from python-novaclient instead or the os-services REST resource. The service subcommand will be removed in the 14.0 release.
Binary           Host                                 Zone             Status     State Updated_At
nova-consoleauth controller                           internal         enabled    :-)   2018-10-09 06:28:48
nova-scheduler   controller                           internal         enabled    :-)   2018-10-09 06:28:46
nova-conductor   controller                           internal         enabled    :-)   2018-10-09 06:28:44
nova-compute     compute1                             nova             enabled    :-)   2018-10-09 06:28:49
nova-osapi_compute 0.0.0.0                              internal         enabled    XXX   None      
nova-metadata    0.0.0.0                              internal         enabled    XXX   None

查看neutron服务

neutron agent-list

结果如下:

+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| id                                   | agent_type         | host       | availability_zone | alive | admin_state_up | binary                    |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+
| 2b8919ee-edc3-4828-9c13-5c45f49a0b0c | DHCP agent         | controller | nova              | :-)   | True           | neutron-dhcp-agent        |
| 5401d36e-4bd6-49b8-a65d-779967b328a2 | Metadata agent     | controller |                   | :-)   | True           | neutron-metadata-agent    |
| b5899de2-a8e6-406c-9ce3-2595ed526aad | Linux bridge agent | compute1   |                   | :-)   | True           | neutron-linuxbridge-agent |
| fd2060ea-fd20-4e1e-9abd-dc40c7d1cfd7 | Linux bridge agent | controller |                   | :-)   | True           | neutron-linuxbridge-agent |
+--------------------------------------+--------------------+------------+-------------------+-------+----------------+---------------------------+

子网操作

显示子网

openstack subnet list

删除子网

openstack subnet delete name/id

nova-compute启动失败

查看日志如下:

ERROR oslo.messaging._drivers.impl_rabbit [req-6de28541-3ca4-4fe2-a5e3-470a6ff0b10e - - - - -] AMQP server on controller:5672 is unreachable: [Errno 113] EHOSTUNREACH. Trying again in 18 seconds.
原因是控制节点的5672端口没有开放，在控制节点添加如下iptables规则：
iptables -I INPUT -p tcp --dport 5672 -j ACCEPT