openstack部署中的错误总结

最新推荐文章于 2024-04-15 22:28:06 发布

weixin_34228617

最新推荐文章于 2024-04-15 22:28:06 发布

阅读量160

点赞数

文章标签：数据库 swift python

原文链接：http://blog.51cto.com/jxwpx/856697

版权

本文介绍了解决在OpenStack环境中使用Glance上传镜像时遇到的“未认证”错误的方法。主要包括清理数据库、重启Keystone服务、正确配置keystone.conf文件，并通过一系列命令创建租户、用户和服务等。

摘要由CSDN通过智能技术生成

在安装到glance上传镜象时出错，折腾不出来，先记在这儿

1、 glance index
Failed to show index. Got error:
You are not authenticated.

解决方法：

keystone配置出错，解决keystone问题

1、删除以前MYSQL生成的KEYSTONE的表

drop table ec2_credential;
drop table endpoint;
drop table metadata;
drop table migrate_version;
drop table role;
drop table service;
drop table tenant;
drop table token;
drop table user;
drop table user_tenant_membership;
drop table user;
drop table token;
show tables;
drop table tenant;

2、重启keystone服务及初始化数据库

service keystone restart
keystone-manage db_sync

3、/etc/keystone/keystone.conf配置文件中（选择数据库或模板文件方式中的一种）

[catalog]
driver = keystone.catalog.backends.sql.Catalog
#driver = keystone.catalog.backends.templated.TemplatedCatalog
#template_file = /etc/keystone/default_catalog.templates

4、为了生成API，建立endpoint

# From http://www.hastexo.com/resources/docs/installing-openstack-essex-20121-ubuntu-1204-precise-pangolin
# Modified by Emilien Macchi
# Please send me feedback at emilien.macchi@gmail.com
# Thank's to Martin !

ADMIN_PASSWORD=${ADMIN_PASSWORD:-password}
SERVICE_PASSWORD=${SERVICE_PASSWORD:-$ADMIN_PASSWORD}
export SERVICE_TOKEN="password"
export SERVICE_ENDPOINT="http://localhost:35357/v2.0"
SERVICE_TENANT_NAME=${SERVICE_TENANT_NAME:-service}

function get_id () {
echo `$@ | awk '/ id / { print $4 }'`
}

# Tenants
ADMIN_TENANT=$(get_id keystone tenant-create --name=admin)
SERVICE_TENANT=$(get_id keystone tenant-create --name=$SERVICE_TENANT_NAME)
DEMO_TENANT=$(get_id keystone tenant-create --name=demo)
INVIS_TENANT=$(get_id keystone tenant-create --name=invisible_to_admin)

# Users
ADMIN_USER=$(get_id keystone user-create --name=admin --pass="$ADMIN_PASSWORD" --email=admin@domain.com)
DEMO_USER=$(get_id keystone user-create --name=demo --pass="$ADMIN_PASSWORD" --email=demo@domain.com)

# Roles
ADMIN_ROLE=$(get_id keystone role-create --name=admin)
KEYSTONEADMIN_ROLE=$(get_id keystone role-create --name=KeystoneAdmin)
KEYSTONESERVICE_ROLE=$(get_id keystone role-create --name=KeystoneServiceAdmin)

# Add Roles to Users in Tenants
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $ADMIN_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONEADMIN_ROLE --tenant_id $ADMIN_TENANT
keystone user-role-add --user $ADMIN_USER --role $KEYSTONESERVICE_ROLE --tenant_id $ADMIN_TENANT

# The Member role is used by Horizon and Swift
MEMBER_ROLE=$(get_id keystone role-create --name=Member)
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $DEMO_TENANT
keystone user-role-add --user $DEMO_USER --role $MEMBER_ROLE --tenant_id $INVIS_TENANT

# Configure service users/roles
NOVA_USER=$(get_id keystone user-create --name=nova --pass="$SERVICE_PASSWORD" --tenant_id $SERVICE_TENANT --email=nova@domain.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $NOVA_USER --role $ADMIN_ROLE

GLANCE_USER=$(get_id keystone user-create --name=glance --pass="$SERVICE_PASSWORD" --tenant_id $SERVICE_TENANT --email=glance@domain.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $GLANCE_USER --role $ADMIN_ROLE

SWIFT_USER=$(get_id keystone user-create --name=swift --pass="$SERVICE_PASSWORD" --tenant_id $SERVICE_TENANT --email=swift@domain.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $SWIFT_USER --role $ADMIN_ROLE

RESELLER_ROLE=$(get_id keystone role-create --name=ResellerAdmin)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $NOVA_USER --role $RESELLER_ROLE

# If you want to use Quantum with Keystone (not stable in Essex)
QUANTUM_USER=$(get_id keystone user-create --name=quantum --pass="$SERVICE_PASSWORD" --tenant_id $SERVICE_TENANT --email=quantum@domain.com)
keystone user-role-add --tenant_id $SERVICE_TENANT --user $QUANTUM_USER --role $ADMIN_ROLE
keystone service-create --name=quantum --type=network --description="Quantum Service"

5、检查服务

keystone --token password --endpoint http://10.13.4.20:35357/v2.0 user-list
keystone --token password --endpoint http://10.13.4.20:35357/v2.0 role-list
keystone --token password --endpoint http://10.13.4.20:35357/v2.0 tenant-list
keystone --token password --endpoint http://10.13.4.20:35357/v2.0 service-list
keystone --token password --endpoint http://10.13.4.20:35357/v2.0 endpoint-list

6、校验

curl -d '{"auth": {"tenantName": "admin", "passwordCredentials":{"username": "admin", "password": "password"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens|python -mjson.tool

转载于:https://blog.51cto.com/jxwpx/856697