Neutron client was not able to generate a valid admin token

最新推荐文章于 2021-12-22 19:58:01 发布
最新推荐文章于 2021-12-22 19:58:01 发布
阅读量1.4k 收藏 1
点赞数 1
分类专栏: openstack 运维 文章标签: openstack nova token
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/wuliangtianzu/article/details/109175617
版权

错误信息如下:

ERROR nova.network.neutronv2.api - default default] Neutron client was not able to generate a valid admin token, please verify Neutron admin credential located in nova.conf: Unauthorized: 401-{u'error': {u'message': u'The request you have made requires authentication.', u'code': 401, u'title': u'Unauthorized'}}
ERROR nova.api.openstack.wsgi  - default default] Unexpected exception in API method: NeutronAdminCredentialConfigurationInvalid: Networking client is experiencing an unauthorized exception.
ERROR nova.api.openstack.wsgi Traceback (most recent call last):
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/api/openstack/wsgi.py", line 801, in wrapped
ERROR nova.api.openstack.wsgi     return f(*args, **kwargs)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/api/openstack/compute/security_groups.py", line 210, in index
ERROR nova.api.openstack.wsgi     for group in limited_list]
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/api/openstack/compute/security_groups.py", line 111, in _format_security_group
ERROR nova.api.openstack.wsgi     context, rule, group_rule_data)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/api/openstack/compute/security_groups.py", line 76, in _format_security_group_rule
ERROR nova.api.openstack.wsgi     context, id=rule['group_id'])
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/network/security_group/neutron_driver.py", line 144, in get
ERROR nova.api.openstack.wsgi     group = neutron.show_security_group(id).get('security_group')
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 126, in wrapper
ERROR nova.api.openstack.wsgi     ret = obj(*args, **kwargs)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 981, in show_security_group
ERROR nova.api.openstack.wsgi     params=_params)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 126, in wrapper
ERROR nova.api.openstack.wsgi     ret = obj(*args, **kwargs)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 354, in get
ERROR nova.api.openstack.wsgi     headers=headers, params=params)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 126, in wrapper
ERROR nova.api.openstack.wsgi     ret = obj(*args, **kwargs)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 331, in retry_request
ERROR nova.api.openstack.wsgi     headers=headers, params=params)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 126, in wrapper
ERROR nova.api.openstack.wsgi     ret = obj(*args, **kwargs)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/neutronclient/v2_0/client.py", line 294, in do_request
ERROR nova.api.openstack.wsgi     self._handle_fault_response(status_code, replybody, resp)
ERROR nova.api.openstack.wsgi   File "/var/lib/kolla/venv/lib/python2.7/site-packages/nova/network/neutronv2/api.py", line 142, in wrapper
ERROR nova.api.openstack.wsgi     raise exception.NeutronAdminCredentialConfigurationInvalid()
ERROR nova.api.openstack.wsgi NeutronAdminCredentialConfigurationInvalid: Networking client is experiencing an unauthorized exception.
ERROR nova.api.openstack.wsgi
INFO nova.api.openstack.wsgi HTTP exception thrown: Unexpected API Error. Please report this at http://bugs.launchpad.net/nova/ and attach the Nova API log if possible.

追踪源码发现nova..network.neutronv2.api.py中提交异常:

class ClientWrapper(clientv20.Client):
    """A Neutron client wrapper class.

    def proxy(self, obj):
        def wrapper(*args, **kwargs):
            try:
                ret = obj(*args, **kwargs)
            except neutron_client_exc.Unauthorized:
                if not self.admin:
                    # Token is expired so Neutron is raising a
                    # unauthorized exception, we should convert it to
                    # raise a 401 to make client to handle a retry by
                    # regenerating a valid token and trying a new
                    # attempt.
                    raise exception.Unauthorized()
                # In admin context if token is invalid Neutron client
                # should be able to regenerate a valid by using the
                # Neutron admin credential configuration located in
                # nova.conf.
                LOG.error("Neutron client was not able to generate a "
                          "valid admin token, please verify Neutron "
                          "admin credential located in nova.conf")
                raise exception.NeutronAdminCredentialConfigurationInvalid()
            except neutron_client_exc.Forbidden as e:
                raise exception.Forbidden(six.text_type(e))
            return ret
        return wrapper

clientWrapper在get_client方法中被调用,如下:


#获取neutron_client客户端,但未验证token是否有效,只有在发送请求后才知道是否有效
def get_client(context, admin=False):
    auth_plugin = _get_auth_plugin(context, admin=admin)
    session = _get_session()
    client_args = dict(session=session,
                       auth=auth_plugin,
                       global_request_id=context.global_id,
                       connect_retries=CONF.neutron.http_retries)

    if CONF.neutron.url:
        # TODO(efried): Remove in Rocky
        client_args = dict(client_args,
                           endpoint_override=CONF.neutron.url,
                           # NOTE(efried): The legacy behavior was to default
                           # region_name in the conf.
                           region_name=CONF.neutron.region_name or 'RegionOne')
    else:
        # The new way
        # NOTE(efried): We build an adapter
        #               to pull conf options
        #               to pass to neutronclient
        #               which uses them to build an Adapter.
        # This should be unwound at some point.
        adap = utils.get_ksa_adapter(
            'network', ksa_auth=auth_plugin, ksa_session=session)
        client_args = dict(client_args,
                           service_type=adap.service_type,
                           service_name=adap.service_name,
                           interface=adap.interface,
                           region_name=adap.region_name,
                           endpoint_override=adap.endpoint_override)

    return ClientWrapper(clientv20.Client(**client_args),
                         admin=admin or context.is_admin)


def get_auth_plugin(context):
    user_auth = context.get_auth_plugin()
    #重点:这里的user_auth 存在偶尔失效问提, 可通过开启send_service_user_token
    if CONF.service_user.send_service_user_token:
        global _SERVICE_AUTH
        if not _SERVICE_AUTH:
            _SERVICE_AUTH = ks_loading.load_auth_from_conf_options(
                                CONF,
                                group=
                                nova.conf.service_token.SERVICE_USER_GROUP)
            if _SERVICE_AUTH is None:
                # This indicates a misconfiguration so log a warning and
                # return the user_auth.
                LOG.warning('Unable to load auth from [service_user] '
                            'configuration. Ensure "auth_type" is set.')
                return user_auth
        return service_token.ServiceTokenAuthWrapper(
                   user_auth=user_auth,
                   service_auth=_SERVICE_AUTH)

    return user_auth

开启send_service_user_token,进行如下操作:


1. 创建一个用户: service_user

openstack user create --domain default  --password-prompt service_user

openstack role add --project service --user service_user admin

2. 在nova-api/nova.conf中添加:

[service_user]
send_service_user_token = True
auth_type = password
project_domain_name = Default
project_name = service
user_domain_name = Default
password = <service_user的密码>
username = service_user
auth_url = http://<controller_ip>:35357

3. 重启nova-api服务

 

不见天高
关注
专栏目录
Openstack安装与配置第五部分(neutron篇)
需要远程指导仿真实验、代码有问题的,请后台私信或者关注公众号
06-22 775
在Linux操作系统上进行OpenStackneutron安装部署
Neutron — 安全组
最新发布
烟云的计算
10-11 1355
Neutron Security Group 用于针对 Neutron Port 粒度进行 ACL 安全防护,支持设置多条 Security Group Rules 来定义 ACCEPT 操作集合,所以本质是一个 White List(白名单)ACL,即不支持显式的 DENY 操作(默认 DENY ALL)。在 Linux Kernel 中,网络连接状态记录功能由 CT(connection tracker)模块提供,作为 Netfilter 状态防火墙的支撑。
neutronclient 报错
szj_jojoli的博客
08-01 5446
neutronclient 报错调用neutronclient 报错:TypeError: __init__() got an unexpected keyword argument 'global_request_id'neutronclient版本问题???尝试不同neutronclient版本再次调用任然报错检查cinderclientneutronclient是否安装成功重新安装依赖,解...
OpenStack创建实例错误-neutronclient.common.exceptions.Unauthorized
YoFog的博客
11-08 2574
使用OpenStack命令创建实例时,创建失败,错误----‘&lt;class 'neutronclient.common.exceptions.Unauthorized'&gt;’: 查看nova-api.log日志,错误是一样的,网上关于这个错误的案例真的很少或者有些指向就不对。我根据官网指南从头查看controller中的Nova的配置文件,而不是看到compute服务就去计算节点去...
OpenStack
weixin_43465794的博客
12-22 683
<class 'nova.exception.NeutronAdminCredentialConfigurationInvalid'> (HTTP 500)
Error: No valid host was found.
energysober的博客
04-26 8333
使用openstack创建虚拟机经常会遇到以下的这个错误 Error: No valid host was found. There are not enough hosts available. 从字面意思就可以看出是无法找到可用的host的资源来创建虚拟机。 再深一层的分析就是为什么会无法找到host主机呢? 原因有多种,有可能是计算节点down了,但这个原因相信大家都能轻易的分析出来...
Transformation from hadronic to quark matter in neutron stars: a comparison of two scenarios
02-01
中子星内部从强子物质到夸克物质的相变:两种相变机制的比较,邵国运,,基于一阶相变和唯象的平滑过渡相变机制,本文用不通的方法探讨了致密中子星物质的强子——夸克相变。对于一阶相变机制,相平衡的描�
Openstack安装过程中出现的一些问题及解决
热门推荐
weixin_43467082的博客
02-13 2万+
Openstack安装过程中出现的一些问题及解决 摘要: 一、Centos7安装Mitika问题 1.问题:在keystone安装阶段请求认证令牌出现错误 1 2 3 4 5 6 7 8 9 10 11 12 # vim admin-openrc export OS_PROJECT_DOMAIN_NAME=default expor… 一、Centos7安装Mitika问题 1.问题:在keyst...
Error: The client is unauthorized due to authentication failure.解决办法
weixin_40739969的博客
08-06 1万+
我在用R的neo4jshell包时,运用查询语句时:出现这样的错误: Error: The client is unauthorized due to authentication failure. 其实,处理neo4jshell包可以将R和neo4j连接外,还有RNeo4j、neo4r也可以。但是也可能出现这样的错误提示。 这时,需要到neo4j对应的文件:neo4j.conf中修改某些内容:...
第六篇horizon— Web管理界面
weixin_43466725的博客
02-20 2万+
第六篇horizon— Web管理界面 一、horizon 介绍: 理解 horizon Horizon 为 Openstack 提供一个 WEB 前端的管理界面 (UI 服务 )通过 Horizone 所提供的 DashBoard 服务 , 管理员可以使用通过 WEB UI 对 Openstack 整体云环境进行管理 , 并可直观看到各种操作结果与运行状态。 DashBoard 与其他组件的关系...
openstack虚拟机resize源码分析
Moolight_shadow的专栏
10-07 1888
openstack虚拟机resize源码分析 文章目录openstack虚拟机resize源码分析resize过程python-client端debugdebug分析获取keystone版本详情验证admin信息并生成token带着token去请求虚拟机信息带着token去获取resizede的目标flavor发送调整实例请求再次获取虚拟机信息 监控服务器状态 直到状态改变为`VERIFY_RES...
CentOS7单节点部署OpenStack-Pike(使用kolla-ansible)
技术洞见
05-07 7795
环境说明 系统服务配置 启动NTP 关闭libvirted服务器 关闭防火墙 修改主机名 安装docker 配置国内镜像源 重启Docker服务 检查镜像服务是否正常 安装和配置Kolla-Ansible 安装依赖 安装ansible 安装kolla-ansible 配置单节点清单文件(目前只有一个节点) 生成随机密码文件 修改全局配置 生成SSH Key,并授信本节点 配置Nova...
大数据常见错误及解决方案
guoliduo的博客
07-08 5665
1、用./bin/spark-shell启动spark时遇到异常:java.net.BindException: Can't assign requested address: Service 'sparkDriver' failed after 16 retries! 解决方法:add export SPARK_LOCAL_IP="127.0.0.1" to spark-env.sh 2、java Kafka producer error:ERROR kafka.utils.Utils$ - fetc
关于neutron.service启动不成功
controllerha的博客
12-18 1万+
neutron.service启动不成功一般有三种错误可能 前两种是启动时长时间卡主,第三种为启动失败报错 1.neutron.service配置文件中core_plugin = xxx 的设置错误,错误和没有写都会导致启动时卡主 2.neutron.service配置文件中[oslo_messaging_rabbit]下rabbit_password=xxx的密码设置错误,此项错误会导致启
OpenStack Neutron网络架构详解
"这篇内容主要介绍了OpenStack中的Neutron组件,包括其在网络架构中的角色、主要功能以及典型的三节点部署模式。NeutronOpenStack的网络服务,它负责为OpenStack环境提供灵活的网络功能,如虚拟网络、路由器、DHCP...
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值