安装keystone时创建用户失败
系统:centos7.3
版本:openstack ocata
1.问题描述
安装keystone在创建用户时报错:
The request you have made requires authentication. (HTTP 401) (Request-ID: req-03560e9f-bacc-4b0f-ac00-6ee4030cab8a)
2.检查过程
1.登陆mysql,查看keystone数据库下有没有生成新表
# mysql use keystone; show tables;
发现keyston数据库下没有表生成,理论上运行如下语句后会生成表:
# su -s /bin/sh -c "keystone-manage db_sync" keystone
2.使用授权帐号和密码尝试登陆mysql
mysql -h localhost -u keystone -pKEYSTONE_DBPASS --登陆成功 mysql -h controller -u keystone -pKEYSTONE_DBPASS --登陆失败
理论上使用controller主机名能登陆,因为授权对象包括%和localhost
3.查看keystone日志
# vim /var/log/keystone/keystone.log
2018-07-20 13:59:29.019 2958 CRITICAL keystone [-] OperationalError: (pymysql.err.OperationalError) (1045, u"Access denied for user 'keystone'@'controller' (using password: YES)")
发现keystone登陆失败信息
3.解决方法
经过多次测试,如果在mysql安全初始化时,不移除匿名用户、删除test数据库,就会出现以上授权问题,导致无法写入表
# mysql_secure_installation
Remove anonymous users? [Y/n] Y ... Success! Normally, root should only be allowed to connect from 'localhost'. This ensures that someone cannot guess at the root password from the network. Disallow root login remotely? [Y/n] n ... skipping. By default, MariaDB comes with a database named 'test' that anyone can access. This is also intended only for testing, and should be removed before moving into a production environment. Remove test database and access to it? [Y/n] Y - Dropping test database... ... Success! - Removing privileges on test database...
自动脚本:
# mysql_secure_installation<<EOF n Y Y Y Y EOF
