打赏
Fork me on GitHub

[原]openstack-kilo--issue(一) httpd汇总

/**

系统环境:redhat7.2

repo:163

openstack version : kilo

author: lihaibo

**/

问题1:Invalid command 'group=keystone', perhaps misspelled or defined by a modul...ration

按照官方文档(january 10,2016)安装openstack-kilo的时候,在启动httpd的时候无法正常启动,并报错:


[root@controller0 ~]# systemctl status httpd.service
● httpd.service - The Apache HTTP Server
   Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
   Active: failed (Result: exit-code) since Sat 2016-05-28 20:17:58 EDT; 3min 8s ago
     Docs: man:httpd(8)
           man:apachectl(8)
  Process: 4299 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
  Process: 4297 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
 Main PID: 4297 (code=exited, status=1/FAILURE)

May 28 20:17:58 controller0 systemd[1]: Starting The Apache HTTP Server...
May 28 20:17:58 controller0 httpd[4297]: AH00526: Syntax error on line 16 of /etc/httpd/conf.d/wsgi-keystone.conf:
May 28 20:17:58 controller0 httpd[4297]: Invalid command 'group=keystone', perhaps misspelled or defined by a modul...ration
May 28 20:17:58 controller0 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
May 28 20:17:58 controller0 kill[4299]: kill: cannot find process ""
May 28 20:17:58 controller0 systemd[1]: httpd.service: control process exited, code=exited status=1
May 28 20:17:58 controller0 systemd[1]: Failed to start The Apache HTTP Server.
May 28 20:17:58 controller0 systemd[1]: Unit httpd.service entered failed state.
May 28 20:17:58 controller0 systemd[1]: httpd.service failed.
Hint: Some lines were ellipsized, use -l to show in full.

 

 检查错误:打开http配置文件

/etc/httpd/conf.d/wsgi-keystone.conf

由于是从官方文档粘贴到文件,所有有两处group被换行了(下面红色字体),只需要调整group上面一行的末尾就解决了。[root@controller0 ~]# vim /etc/httpd/conf.d/wsgi-keystoneWSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone

[root@controller0 ~]# vim /etc/httpd/conf.d/wsgi-keystone.conf

WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone
Listen 5000
Listen 35357
<VirtualHost *:5000>


WSGIDaemonProcess keystone-public processes=5 threads=1 user=keystone

group=keystone display-name=%{GROUP}

WSGIProcessGroup keystone-public
WSGIScriptAlias / /var/www/cgi-bin/keystone/main
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>
<VirtualHost *:35357>


WSGIDaemonProcess keystone-admin processes=5 threads=1 user=keystone

group=keystone display-name=%{GROUP}


WSGIProcessGroup keystone-admin
WSGIScriptAlias / /var/www/cgi-bin/keystone/admin
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
LogLevel info
ErrorLogFormat "%{cu}t %M"
ErrorLog /var/log/httpd/keystone-error.log
CustomLog /var/log/httpd/keystone-access.log combined
</VirtualHost>

改动后验证配置文件是否正确:

 

[root@controller0 ~]# service httpd configtest
Syntax OK

 问题2:(13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000

 1 [root@controller0 ~]# systemctl start httpd.service
 2 Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
 3 [root@controller0 ~]# systemctl status httpd.service
 4 ● httpd.service - The Apache HTTP Server
 5    Loaded: loaded (/usr/lib/systemd/system/httpd.service; enabled; vendor preset: disabled)
 6    Active: failed (Result: exit-code) since Sat 2016-05-28 20:22:34 EDT; 11s ago
 7      Docs: man:httpd(8)
 8            man:apachectl(8)
 9   Process: 4501 ExecStop=/bin/kill -WINCH ${MAINPID} (code=exited, status=1/FAILURE)
10   Process: 4499 ExecStart=/usr/sbin/httpd $OPTIONS -DFOREGROUND (code=exited, status=1/FAILURE)
11  Main PID: 4499 (code=exited, status=1/FAILURE)
12 
13 May 28 20:22:34 controller0 httpd[4499]: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000
14 May 28 20:22:34 controller0 httpd[4499]: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000
15 May 28 20:22:34 controller0 httpd[4499]: no listening sockets available, shutting down
16 May 28 20:22:34 controller0 httpd[4499]: AH00015: Unable to open logs
17 May 28 20:22:34 controller0 systemd[1]: httpd.service: main process exited, code=exited, status=1/FAILURE
18 May 28 20:22:34 controller0 kill[4501]: kill: cannot find process ""
19 May 28 20:22:34 controller0 systemd[1]: httpd.service: control process exited, code=exited status=1
20 May 28 20:22:34 controller0 systemd[1]: Failed to start The Apache HTTP Server.
21 May 28 20:22:34 controller0 systemd[1]: Unit httpd.service entered failed state.
22 May 28 20:22:34 controller0 systemd[1]: httpd.service failed.

 问题检查:audit daemon

检查/var/log/audit/audit.log和/var/log/message:

1 [root@controller0 audit]# cat /var/log/audit/audit.log |grep 5000
2 type=AVC msg=audit(1464574273.240:492): avc:  denied  { name_bind } for  pid=4289 comm="httpd" src=5000 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:commplex_main_port_t:s0 tclass=tcp_socke
 cat /var/log/messages 
......
1
May 29 22:18:01 controller0 systemd-logind: New session 1 of user root. 2 May 29 22:18:01 controller0 systemd: Started Session 1 of user root. 3 May 29 22:18:01 controller0 systemd: Starting Session 1 of user root. 4 May 29 22:18:01 controller0 dbus-daemon: dbus[1027]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) 5 May 29 22:18:01 controller0 dbus[1027]: [system] Activating service name='org.freedesktop.problems' (using servicehelper) 6 May 29 22:18:01 controller0 dbus[1027]: [system] Successfully activated service 'org.freedesktop.problems' 7 May 29 22:18:01 controller0 dbus-daemon: dbus[1027]: [system] Successfully activated service 'org.freedesktop.problems' 8 May 29 22:18:26 controller0 systemd-logind: New session 2 of user root. 9 May 29 22:18:26 controller0 systemd: Started Session 2 of user root. 10 May 29 22:18:26 controller0 systemd: Starting Session 2 of user root. 11 May 29 22:19:19 controller0 systemd: Starting The Apache HTTP Server... 12 May 29 22:19:19 controller0 httpd: (13)Permission denied: AH00072: make_sock: could not bind to address [::]:5000 13 May 29 22:19:19 controller0 httpd: (13)Permission denied: AH00072: make_sock: could not bind to address 0.0.0.0:5000 14 May 29 22:19:19 controller0 httpd: no listening sockets available, shutting down 15 May 29 22:19:19 controller0 httpd: AH00015: Unable to open logs 16 May 29 22:19:19 controller0 systemd: httpd.service: main process exited, code=exited, status=1/FAILURE

分析:网上说需要使用root用户关闭selinux。由于操作命令时使用的是root用户,所以排除这个可能

  其次防火墙都是关闭了的,其他如果能控制端口的可能是selinux,检查selinux

1)检查selinux状态

1 [root@controller0 ~]# getenforce 
2 enforcing                                     #如果不为disabled 则表示为selinux正常运行

2)检查/etc/selinux/config

 1 # This file controls the state of SELinux on the system.
 2 # SELINUX= can take one of these three values:
 3 #     enforcing - SELinux security policy is enforced.
 4 #     permissive - SELinux prints warnings instead of enforcing.
 5 #     disabled - No SELinux policy is loaded.
 6 SELINUX=enforcing                             #这个地方是关键点,发现selinux还是打开的。修改为disabled
 7 # SELINUXTYPE= can take one of three two values:
 8 #     targeted - Targeted processes are protected,
 9 #     minimum - Modification of targeted policy. Only selected processes are protected.
10 #     mls - Multi Level Security protection.
11 SELINUXTYPE=targeted
SELINUX=enforcing 改为 selinux=distabled
重启reboot
查看
[root@controller0 ~]# netstat -anp|grep 5000
tcp6       0      0 :::5000                 :::*                    LISTEN      1762/httpd  

lsof查看
COMMAND  PID   USER   FD   TYPE DEVICE SIZE/OFF NODE NAME
httpd   1762   root    6u  IPv6  24712      0t0  TCP *:commplex-main (LISTEN)
httpd   1959 apache    6u  IPv6  24712      0t0  TCP *:commplex-main (LISTEN)
httpd   1961 apache    6u  IPv6  24712      0t0  TCP *:commplex-main (LISTEN)
httpd   1962 apache    6u  IPv6  24712      0t0  TCP *:commplex-main (LISTEN)
httpd   1973 apache    6u  IPv6  24712      0t0  TCP *:commplex-main (LISTEN)
httpd   1974 apache    6u  IPv6  24712      0t0  TCP *:commplex-main (LISTEN)

问题解决,参考:https://lkubaski.wordpress.com/2012/10/17/solving-the-permission-denied-make_sock-could-not-bind-to-address-issue-when-starting-apache-on-linux/

 

问题三: openstack The request you have made requires authentication. (HTTP 401)

在核心组件装好了以后,heat创建用户的时候出现了401错误

检查了安装日志中有个验证环节,是 unset OS_TOKEN OS_URL

 

 

 执行之后:

就能正常创建:

  

posted @ 2016-06-02 15:32  my_cool2007  阅读(4166)  评论(2编辑  收藏  举报