openstack出现 CRITICAL keystonemiddleware.auth_token或dashboard无法获取实例信息
问题背景
在清理空间的时候误删service项目,导致openstack环境无法使用
dashboard登录账户,出现无法获取使用信息等错误
在命令行查看各种服务,出现HTTP503
[root@node06 ~]# cinder service-list
ERROR: The server is currently unavailable.Please try again at a later time.<br />br />
(HTTP503)
查看日志
cat /var/log/nova/nova-api.log
出现以下错误
2022-10-27 23:29:49.468 15169 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-241cb364-3044-48fb-98e4-a93fa7d6a196)
2022-10-27 23:29:49.468 15169 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data: ServiceError: Identity server rejected authorization necessary to fetch token data
2022-10-27 23:29:58.342 15171 ERROR nova.api.metadata.handler Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-76712e11-46ff-4158-96c5-922f02deb030)
2022-10-27 23:29:58.342 15171 ERROR nova.api.metadata.handler
问题解决
查看project列表
发现service不在了
[root@node06 ~]# openstack project list
+----------------------------------+------------------+
| ID | Name |
+----------------------------------+------------------+
| 536a3e0c2a944effa324fe5baaf1e17b | admin |
+----------------------------------+------------------+
查找被删除的原service的projectid
进入mariadb查找被删除的原service的projectid
若忘记密码,去配置文件配置跳过验证
-
vim /etc/my.cnf.d/server.cnf
-
在mysqld下加入
skip-grant-tables
-
重启数据库systemctl restart mariadb
-
登录数据库
mysql -uroot -p
,提示输入密码,直接回车进入 -
修改密码
use mysql; update user set password='***' where user='root'
-
重启数据库,使用新密码登入
进入keystone数据库,查看revocation_event表
MariaDB [(none)]> use keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A
Database changed
MariaDB [keystone]> select * from revocation_event;
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
| id | domain_id | project_id | user_id | role_id | trust_id | consumer_id | access_token_id | issued_before | expires_at | revoked_at | audit_id | audit_chain_id |
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
| 84 | NULL | a9a79d35c74b4814bba1ae197b7cc425 | NULL | NULL | NULL | NULL | NULL | 2022-10-28 03:35:58 | NULL | 2022-10-28 03:35:58 | NULL | NULL |
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
4 rows in set (0.001 sec)
查看到最新删除的projectid为a9a79d35c74b4814bba1ae197b7cc425
创建service 项目
创建service
openstack project create --domain default --description "Service Project" service
在数据库更新,把新创的projectid改为原projectid
MariaDB [keystone]> update project set id='a9a79d35c74b4814bba1ae197b7cc425' where name='service';
插入数据
查看关系表assignment
MariaDB [keystone]> select * from assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type | actor_id | target_id | role_id | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 1e234e8cbf7545ee97f807215dc7b8f3 | 21b0a90b335546d683b86020a8dc500d | 0 |
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 1e234e8cbf7545ee97f807215dc7b8f3 | f7a977e1cd6e4113bbbb7806e4899824 | 0 |
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 536a3e0c2a944effa324fe5baaf1e17b | 21b0a90b335546d683b86020a8dc500d | 0 |
| UserProject | 63a8ad6422e34e5dbc4b6b91b241b572 | a53660f892344904987d7c7fcf1c30ad | f7a977e1cd6e4113bbbb7806e4899824 | 0 |
| UserProject | c93d825ea9984b2a9b87550b409e411b | a1affefe170047f9ab12d67ece817f40 | f7a977e1cd6e4113bbbb7806e4899824 | 0 |
| UserProject | d05451dddf4b4a359d8e5e20522152e3 | 1e234e8cbf7545ee97f807215dc7b8f3 | f7a977e1cd6e4113bbbb7806e4899824 | 0 |
| UserProject | d303bef369874d239a48d89014f09024 | fb2473abd5db4f949ed8f4d21ca0019e | f7a977e1cd6e4113bbbb7806e4899824 | 0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
查看openstack中project
[root@node06 ~]# openstack project list
+----------------------------------+------------------+
| ID | Name |
+----------------------------------+------------------+
| 536a3e0c2a944effa324fe5baaf1e17b | admin |
| a9a79d35c74b4814bba1ae197b7cc425 | service |
+----------------------------------+------------------+
查看openstack中user
[root@node06 ~]# openstack user list
+----------------------------------+------------+
| ID | Name |
+----------------------------------+------------+
| 1b14c2f09c4a4fdfa3e41691779ed02e | nova |
| 3cc0b31e4baf4975a2722e80ee06a8ed | admin |
| 67af218a2a0c4ce09f9fde5f1ba640e1 | neutron |
| 681375dfb78845168fbe4b136a25c866 | cinder |
| 9d6c6893a51e48bcacc627f777c4ce65 | glance |
| d068d66ed0194f93a04f9e6e742a7f29 | placement |
+----------------------------------+------------+
查看openstack中role
[root@node06 ~]# openstack role list
+----------------------------------+-------+
| ID | Name |
+----------------------------------+-------+
| 21b0a90b335546d683b86020a8dc500d | admin |
| f7a977e1cd6e4113bbbb7806e4899824 | user |
+----------------------------------+-------+
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '3cc0b31e4baf4975a2722e80ee06a8ed', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
捋清楚关联关系,更新keystone.assignment表插入对应数据
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '1b14c2f09c4a4fdfa3e41691779ed02e', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '3cc0b31e4baf4975a2722e80ee06a8ed', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '67af218a2a0c4ce09f9fde5f1ba640e1', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '681375dfb78845168fbe4b136a25c866', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '9d6c6893a51e48bcacc627f777c4ce65', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', 'd068d66ed0194f93a04f9e6e742a7f29', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
再次访问dashboard,即可正常使用
每个人都有潜在的能量,只是很容易被习惯所掩盖,被时间所迷离,被惰性所消磨~