[原]openstack-kilo--issue(一) httpd汇总
/**
系统环境:redhat7.2
repo:163
openstack version : kilo
author: lihaibo
**/
问题1:Invalid command 'group=keystone', perhaps misspelled or defined by a modul...ration
按照官方文档(january 10,2016)安装openstack-kilo的时候,在启动httpd的时候无法正常启动,并报错:
[root@controller0 ~]# systemctl status httpd.service ● httpd.service - The Apache HTTP Server Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) Active: failed (Result: exit-code) since Sat 2016-05-28 20:17:58 EDT; 3min 8s ago Docs: man:httpd(8) man:apachectl(8) Process: 4299 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE) Process: 4297 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) Main PID: 4297 (code=exited, status=1/FAILURE) May 28 20:17:58 controller0 systemd[1]: Starting The Apache HTTP Server... May 28 20:17:58 controller0 httpd[4297]: AH00526: Syntax error on line 16 of /etc/httpd/conf.d/wsgi-keystone.conf: May 28 20:17:58 controller0 httpd[4297]: Invalid command 'group=keystone', perhaps misspelled or defined by a modul...ration May 28 20:17:58 controller0 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE May 28 20:17:58 controller0 kill[4299]: kill: cannot find process "" May 28 20:17:58 controller0 systemd[1]: httpd.service: control process exited, code=exited status=1 May 28 20:17:58 controller0 systemd[1]: Failed to start The Apache HTTP Server. May 28 20:17:58 controller0 systemd[1]: Unit httpd.service entered failed state. May 28 20:17:58 controller0 systemd[1]: httpd.service failed. Hint: Some lines were ellipsized, use -l to show in full.
检查错误:打开http配置文件
/etc/httpd/conf.d/wsgi-keystone.conf
由于是从官方文档粘贴到文件,所有有两处group被换行了(下面红色字体),只需要调整group上面一行的末尾就解决了。[root@controller0 ~]# vim /etc/httpd/conf.d/wsgi-keystoneWSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone
[root@controller0 ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone
Listen 5000
Listen 35357
<VirtualHost *:5000>
WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone
group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>
WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone
group=keystone display-name=%{GROUP}
WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
改动后验证配置文件是否正确:
[root@controller0 ~]# service httpd configtest Syntax OK
问题2:(13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000
1 [root@controller0 ~]# systemctl start httpd.service 2 Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details. 3 [root@controller0 ~]# systemctl status httpd.service 4 ● httpd.service - The Apache HTTP Server 5 Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled) 6 Active: failed (Result: exit-code) since Sat 2016-05-28 20:22:34 EDT; 11s ago 7 Docs: man:httpd(8) 8 man:apachectl(8) 9 Process: 4501 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE) 10 Process: 4499 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE) 11 Main PID: 4499 (code=exited, status=1/FAILURE) 12 13 May 28 20:22:34 controller0 httpd[4499]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000 14 May 28 20:22:34 controller0 httpd[4499]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000 15 May 28 20:22:34 controller0 httpd[4499]: no listening sockets available, shutting down 16 May 28 20:22:34 controller0 httpd[4499]: AH00015: Unable to open logs 17 May 28 20:22:34 controller0 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE 18 May 28 20:22:34 controller0 kill[4501]: kill: cannot find process "" 19 May 28 20:22:34 controller0 systemd[1]: httpd.service: control process exited, code=exited status=1 20 May 28 20:22:34 controller0 systemd[1]: Failed to start The Apache HTTP Server. 21 May 28 20:22:34 controller0 systemd[1]: Unit httpd.service entered failed state. 22 May 28 20:22:34 controller0 systemd[1]: httpd.service failed.
问题检查:audit daemon
检查/var/log/audit/audit.log和/var/log/message:
1 [root@controller0 audit]# cat /var/log/audit/audit.log |grep 5000 2 type=AVC msg=audit(1464574273.240:492): avc: denied { name_bind } for pid=4289 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socke
cat /var/log/messages
......
1 May 29 22:18:01 controller0 systemd-logind: New session 1 of user root. 2 May 29 22:18:01 controller0 systemd: Started Session 1 of user root. 3 May 29 22:18:01 controller0 systemd: Starting Session 1 of user root. 4 May 29 22:18:01 controller0 dbus-daemon: dbus[1027]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) 5 May 29 22:18:01 controller0 dbus[1027]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) 6 May 29 22:18:01 controller0 dbus[1027]: [system] Successfully activated service 'org.freedesktop.problems' 7 May 29 22:18:01 controller0 dbus-daemon: dbus[1027]: [system] Successfully activated service 'org.freedesktop.problems' 8 May 29 22:18:26 controller0 systemd-logind: New session 2 of user root. 9 May 29 22:18:26 controller0 systemd: Started Session 2 of user root. 10 May 29 22:18:26 controller0 systemd: Starting Session 2 of user root. 11 May 29 22:19:19 controller0 systemd: Starting The Apache HTTP Server... 12 May 29 22:19:19 controller0 httpd: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000 13 May 29 22:19:19 controller0 httpd: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000 14 May 29 22:19:19 controller0 httpd: no listening sockets available, shutting down 15 May 29 22:19:19 controller0 httpd: AH00015: Unable to open logs 16 May 29 22:19:19 controller0 systemd: httpd.service: main process exited, code=exited, status=1/FAILURE
分析:网上说需要使用root用户关闭selinux。由于操作命令时使用的是root用户,所以排除这个可能
其次防火墙都是关闭了的,其他如果能控制端口的可能是selinux,检查selinux
1)检查selinux状态
1 [root@controller0 ~]# getenforce 2 enforcing #如果不为disabled 则表示为selinux正常运行
2)检查/etc/selinux/config
1 # This file controls the state of SELinux on the system. 2 # SELINUX= can take one of these three values: 3 # enforcing - SELinux security policy is enforced. 4 # permissive - SELinux prints warnings instead of enforcing. 5 # disabled - No SELinux policy is loaded. 6 SELINUX=enforcing #这个地方是关键点,发现selinux还是打开的。修改为disabled 7 # SELINUXTYPE= can take one of three two values: 8 # targeted - Targeted processes are protected, 9 # minimum - Modification of targeted policy. Only selected processes are protected. 10 # mls - Multi Level Security protection. 11 SELINUXTYPE=targeted
SELINUX=enforcing 改为 selinux=distabled
重启reboot
查看
[root@controller0 ~]# netstat -anp|grep 5000 tcp6 0 0 :::5000 :::* LISTEN 1762/httpd
lsof查看
COMMAND PID USER FD TYPE DEVICE SIZE/OFF NODE NAME
httpd 1762 root 6u IPv6 24712 0t0 TCP *:commplex-main (LISTEN)
httpd 1959 apache 6u IPv6 24712 0t0 TCP *:commplex-main (LISTEN)
httpd 1961 apache 6u IPv6 24712 0t0 TCP *:commplex-main (LISTEN)
httpd 1962 apache 6u IPv6 24712 0t0 TCP *:commplex-main (LISTEN)
httpd 1973 apache 6u IPv6 24712 0t0 TCP *:commplex-main (LISTEN)
httpd 1974 apache 6u IPv6 24712 0t0 TCP *:commplex-main (LISTEN)
问题解决,参考:https://lkubaski.wordpress.com/2012/10/17/solving-the-permission-denied-make_sock-could-not-bind-to-address-issue-when-starting-apache-on-linux/
问题三: openstack The request you have made requires authentication. (HTTP 401)
在核心组件装好了以后,heat创建用户的时候出现了401错误
检查了安装日志中有个验证环节,是 unset OS_TOKEN OS_URL
执行之后:
就能正常创建:
出处:http://www.cnblogs.com/horizonli/
本文版权归作者和博客园共有,欢迎转载,但未经作者同意必须保留此段声明,且在文章页面明显位置给出原文连接,否则保留追究法律责任的权利。
支付宝(alipay) 二维码打赏 |
微信(wechat) 二维码打赏 JUST LI(**波) |
微信公众号: 木子李的菜田 |