以下主要为安装部署过程中遇到的一些问题,因为openstack版本问题,带来的组件差异导致不同的版本安装的方法也完全不一样。经过测试,目前已可成功部署Essex和Grizzly两个版本,其中间还有个版本是Folsom,这个版本没有部署成功,也没有花太多时间去研究,因为Folsom版本中使用的quantum组件还不成熟,对于网络连通性还有很多问题,网上也很少有成功的案例,大多数人使用的还是folsom+nova-network模式。
到了Grizzly版本,quantum组件才比较稳定,可以正常使用,自己也花了很多时间研究,现在已可以成功部署多节点环境。以下是部署过程中遇到的一些问题,包括Essex和Grizzly两个版本。国内网上关于这方面的资料很少,很多资料也都是国外网站上看到的。而且很多情况下日志错误信息相同,但导致错误的原因却不尽相同,这时候就需要仔细分析其中的原理,才能准确定位。遇到错误并不可怕,我们可以通过对错误的排查加深对系统的理解,这样也是好事。
关于安装部署,网上有一些自动化的部署工具,如devstack和onestack,一键式部署。如果你是初学者,并不建议你使用这些工具,很明显,这样你学不到任何东西,不会有任何收获。如果没有问题可以暂时恭喜你一下,一旦中间环节出现错误信息,你可能一头雾水,根本不知道是哪里错了,加之后期的维护也是相当困难的。你可能需要花更多的时间去排查故障。因为你根本不了解中间经过了哪些环节,需要做哪些配置!这些工具大多数是为了快速部署开发环境所用,正真生产环境还需要我们一步一步来操作。这样有问题也可快速定位排查错误。
本文仅是针对部署过程中的一些错误信息进行总结梳理,并给予解决办法,这些情况是在我的环境里遇到的,并成功解决的,可能会因为环境的不同而有所差异,仅供参考。
1、检查服务是否正常:
root@control:~# nova-manage service list
Binary Host Zone Status State Updated_At
nova-cert control internal enabled :-) 2013-04-26 02:29:44
nova-conductor control internal enabled :-) 2013-04-26 02:29:42
nova-consoleauth control internal enabled :-) 2013-04-26 02:29:44
nova-scheduler control internal enabled :-) 2013-04-26 02:29:47
nova-compute node-01 nova enabled :-) 2013-04-26 02:29:46
nova-compute node-02 nova enabled :-) 2013-04-26 02:29:46
nova-compute node-03 nova enabled :-) 2013-04-26 02:29:42
如果看到都是笑脸状态,说明nova的服务属于正常状态,如果出现XXX,请查看该服务的相关日志信息,在/var/log/nova/下查看,通过日志一般可以分析出错误的原因。
2、libvirt错误
python2.7/dist-packages/nova/virt/libvirt/connection.py”, line 338, in _connect
2013-03-0917:05:42 TRACE nova return libvirt.openAuth(uri, auth, 0)
2013-03-09 17:05:42 TRACE nova File “/usr/lib/python2.7/dist-packages/libvirt.py”, line 102, in openAuth
2013-03-09 17:05:42 TRACE nova if ret is None:raise libvirtError(‘virConnectOpenAuth() failed’)
2013-03-09 17:05:42 TRACE nova libvirtError: Failed to connect socket to ‘/var/run/libvirt/libvirt-sock’: No such file or directory
2013-03-09 22:05:41.909+0000: 12466: info : libvirt version: 0.9.8
2013-03-09 22:05:41.909+0000: 12466: error : virNetServerMDNSStart:460 : internal error Failed to create mDNS client: Daemon not running
解决方案:
出现这种错误首先要查看/var/log/libvirt/libvirtd.log日志信息,日志里会显示:libvirt-bin service will not start without dbus installed.
我们再查看ps –ea|grep dbus,确认dbus is running,然后执行apt-get install lxc
3、Failed to add image
Error:
Failed to add image. Got error:
The request returned 500 Internal Server Error
解决方案:
环境变量问题,配置环境变量,在/etc/profile文件中新增:
OS_AUTH_KEY=”openstack”
OS_AUTH_URL=”http://localhost:5000/v2.0/”
OS_PASSWORD=”openstack”
OS_TENANT_NAME=”admin”
OS_USERNAME=”admin”
然后执行source /etc/profile即可!当然你也可以不在profile里配置环境变量,但是只能临时生效,重启服务器就很麻烦,所以建议你还是写在profile里,这样会省很多麻烦。
4、僵尸实例的产生
僵尸实例一般是非法的关闭nova或者底层虚拟机,又或者在实例错误时删除不了的错误,注意用virsh list检查底层虚拟机是否还在运行,有的话停掉,然后直接进入数据库删除。
Nova instance not found
Local file storage of the image files.
Error:
2013-03-09 17:58:08 TRACE nova raise exception.InstanceNotFound(instance_id=instance_name)
2013-03-09 17:58:08 TRACE nova InstanceNotFound: Instance instance-00000002 could not be found.
2013-03-09 17:58:08 TRACE nova
解决方案:
删除数据库中的僵尸实例或将数据库删除重新创建:
a、删除数据库:
$mysql –u root –p
DROP DATABASE nova;
Recreate the DB:
CREATE DATABASE nova; (strip formatting if you copy and paste any of this)
GRANT ALL PRIVILEGES ON nova.* TO ‘novadbadmin’@'%’ IDENTIFIED BY ‘’;
Quit
Resync DB
b、删除数据库中的实例:
#!/bin/bash
mysql -uroot -pmysql << _ESXU_
use nova;
DELETE a FROM nova.security_group_instance_association
AS a INNER JOIN nova.instances AS b
ON a.instance_uuid=b.id where b.uuid='$1';
DELETE FROM nova.instance_info_caches WHERE instance_uuid='$1';
DELETE FROM nova.instances WHERE uuid='$1';
_ESXU_
将以上文件写入delete_insrance.sh中,然后执行sh delete_instrance.sh insrance_id;
其中instrance_id可以通过nova list 查看。
5、Keystone NoHandlers
Error
root@openstack-dev-r910:/home/brent/openstack# ./keystone_data.sh
No handlers could be found for logger “keystoneclient.client”
Unable to authorize user
No handlers could be found for logger “keystoneclient.client”
Unable to authorize user
No handlers could be found for logger “keystoneclient.client”
Unable to authorize user
解决方案:
出现这种错误是大多数是由于keystone_data.sh有误,其中
admin_token必须与/etc/keystone/keystone.conf中相同。然后确认keystone.conf中有如下配置:
driver = keystone.catalog.backends.templated.TemplatedCatalog template_file = /etc/keystone/default_catalog.templates
6、清空系统组件,重新安装:
#!/bin/bash
mysql -uroot -popenstack -e “drop database nova;”
mysql -uroot -popenstack -e “drop database glance;”
mysql -uroot -popenstack -e “drop database keystone;”
apt-get purge nova-api nova-cert nova-common nova-compute
nova-compute-kvm nova-doc nova-network nova-objectstore
nova-scheduler nova-vncproxy nova-volume python-nova python-novaclient
apt-get autoremove
rm -rf /var/lib/glance
rm -rf /var/lib/keystone/
rm -rf /var/lib/nova/
rm -rf /var/lib/mysql
可通过执行上面的脚本,卸载已安装的组件并清空数据库。这样可以省去重装系统的麻烦!
7、Access denied for user ‘keystone@localhost(using password:YES’)
# keystone-manage db_sync
File “/usr/lib/python2.7/dist-packages/MySQLdb/connections.py”, line 187, in __init__
super(Connection, self).__init__(*args, **kwargs2)
sqlalchemy.exc.OperationalError: (OperationalError) (1045, “Access denied for user ‘keystone’@'openstack1′ (using password: YES)”) None None
解决方案:
查看keystone.conf配置文件链接数据库是否有误,正确如下:
[sql]
connection = mysql://keystone:openstack@localhost:3306/keystone
8、nova-compute挂掉与时间同步的关系
很多时候发现nova-compute挂掉,或者不正常了,通过nova-manage查看状态是XXX了。
往往是nova-compute的主机时间和controller的主机时间不一致。 nova-compute是定时地往数据库中services这个表update时间的,这个时间是nova-compute的主机时间。
controller校验nova-compute的存活性是以controller的时间减去nova-compute的update时间,如果大于多少秒(具体数值代码里面有,好像是15秒)就判断nova-compute异常。
这个时候你用nova-manage查看nova-compute状态是XXX,如果创建虚拟机,查看nova-scheduler.log 就是提示找不到有效的host 其他服务节点类同,这是nova心跳机制问题。所以讲nova环境中各节点时间同步很重要。一定要确保时间同步!!
如果在dashboard上看nova-compute状态,可能一会儿变红,一会儿变绿。那就严格同步时间,或者找到代码,把上面的那个15秒改大一点。
9、noVNC不能连接到实例
novnc的问题比较多,网上也有关于这方面的很多配置介绍,其实配置不复杂,只有四个参数,配置正确基本上没什么大问题,但是装的过程中还是遇到了不少的问题。
a、提示“Connection Refuesd”
可能是控制节点在收到vnc请求的时候,无法解析计算节点的主机名,从而无法和计算节点上的实例建立连接。
另外可能是,当前浏览器不支持或者不能访问,将计算节点的ip和主机名的对应关系加入到控制节点的/etc/hosts文件中。
b、提示“failed connect to server”
出现这种错误的情况比较多,有可能是配置文件的错误,我们的环境中遇到这个错误是因为网络源有更新,导致安装版本不一致,使组件无法正常使用,解决方法就是使用本地源。另外需要特别说明的是使用novnc的功能需要浏览器支持Web Socket和HTML5.推荐使用谷歌。
10、cinder错误,无法登录dashboard.
出现如下错误:
TypeError at /admin/
hasattr(): attribute name must be string
Request Method: GET
Request URL: http://192.168.80.21/horizon/admin/
Django Version: 1.4.5
Exception Type: TypeError
Exception Value:
hasattr(): attribute name must be string
Exception Location: /usr/lib/python2.7/dist-packages/cinderclient/client.py in __init__, line 78
Python Executable: /usr/bin/python
Python Version: 2.7.3
Python Path:
['/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../..',
'/usr/lib/python2.7',
'/usr/lib/python2.7/plat-linux2',
'/usr/lib/python2.7/lib-tk',
'/usr/lib/python2.7/lib-old',
'/usr/lib/python2.7/lib-dynload',
'/usr/local/lib/python2.7/dist-packages',
'/usr/lib/python2.7/dist-packages',
'/usr/share/openstack-dashboard/',
'/usr/share/openstack-dashboard/openstack_dashboard']
Server time: Fri, 29 Mar 2013 12:51:09 +0000
解决方案
查看 apache2 的 error 日志,报如下错误:
ERROR:django.request:Internal Server Error: /horizon/admin/
Traceback (most recent call last):
File "/usr/lib/python2.7/dist-packages/django/core/handlers/base.py", line 111, in get_response
response = callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 38, in dec
return view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 86, in dec
return view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 54, in dec
return view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 38, in dec
return view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/horizon/decorators.py", line 86, in dec
return view_func(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 48, in view
return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/django/views/generic/base.py", line 69, in dispatch
return handler(request, *args, **kwargs)
File "/usr/lib/python2.7/dist-packages/horizon/tables/views.py", line 155, in get
handled = self.construct_tables()
File "/usr/lib/python2.7/dist-packages/horizon/tables/views.py", line 146, in construct_tables
handled = self.handle_table(table)
File "/usr/lib/python2.7/dist-packages/horizon/tables/views.py", line 118, in handle_table
data = self._get_data_dict()
File "/usr/lib/python2.7/dist-packages/horizon/tables/views.py", line 182, in _get_data_dict
self._data = {self.table_class._meta.name: self.get_data()}
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/dashboards/admin/overview/views.py", line 41, in get_data
data = super(GlobalOverview, self).get_data()
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/usage/views.py", line 34, in get_data
self.usage.get_quotas()
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/usage/base.py", line 115, in get_quotas
_("Unable to retrieve quota information."))
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/usage/base.py", line 112, in get_quotas
self.quotas = quotas.tenant_quota_usages(self.request)
File "/usr/lib/python2.7/dist-packages/horizon/utils/memoized.py", line 33, in __call__
value = self.func(*args)
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/usage/quotas.py", line 115, in tenant_quota_usages
disabled_quotas=disabled_quotas):
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/usage/quotas.py", line 98, in get_tenant_quota_data
tenant_id=tenant_id)
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/usage/quotas.py", line 80, in _get_quota_data
quotasets.append(getattr(cinder, method_name)(request, tenant_id))
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/api/cinder.py", line 123, in tenant_quota_get
c_client = cinderclient(request)
File "/usr/share/openstack-dashboard/openstack_dashboard/wsgi/../../openstack_dashboard/api/cinder.py", line 59, in cinderclient
http_log_debug=settings.DEBUG)
File "/usr/lib/python2.7/dist-packages/cinderclient/v1/client.py", line 69, in __init__
cacert=cacert)
File "/usr/lib/python2.7/dist-packages/cinderclient/client.py", line 78, in __init__
if hasattr(requests, logging):
TypeError: hasattr(): attribute name must be string
错误信息中指出了 Cinderclient 的 client.py 中 78 行 hasattr() 方法的属性必须是一个字符串。
修改代码:
# vim /usr/lib/python2.7/dist-packages/cinderclient/client.py
78 if hasattr(requests, logging): # 改为 : if hasattr(requests, 'logging'):
79 requests.logging.getLogger(requests.__name__).addHandler(ch)
重新启动 apache2 :
/etc/init.d/apache2 restart
这次访问 dashboard 没有报错,尝试创建 volume 也没有问题了。
11、Unable to attach cinder volume to VM
在测试openstack中的volume服务时把lvm挂载到虚拟机实例时失败,这其实不是cinder的错误,是iscsi挂载的问题。
以下是计算节点nova-compute.log 的错误日志:
2012-07-24 14:33:08 TRACE nova.rpc.amqp ProcessExecutionError: Unexpected error while running command.
2012-07-24 14:33:08 TRACE nova.rpc.amqp Command: sudo nova-rootwrap iscsiadm -m node -T iqn.2010-10.org.openstack:volume-00000011 -p 192.168.0.23:3260 –rescan
2012-07-24 14:33:08 TRACE nova.rpc.amqp Exit code: 255
2012-07-24 14:33:08 TRACE nova.rpc.amqp Stdout: ”
2012-07-24 14:33:08 TRACE nova.rpc.amqp Stderr: ‘iscsiadm: No portal found.\n’
以上错误是没有找到iscsi服务端共享出的存储,查找了很多openstack 资料说要添加以下两个参数:
iscsi_ip_prefix=192.168.80 #openstack环境内网段
iscsi_ip_address=192.168.80.22 # volume机器内网IP
可是问题依然无法解决,后来发现只要在nova.conf配置文件中添加参数iscsi_helper=tgtadm 就挂载失败。
根据这个情况进行了测试查看日志才发现:如果使用参数 :iscsi_helper=tgtadm 时就必须使用 tgt 服务,反之使用iscsitarget服务再添加参数iscsi_helper=ietadm。
我测试环境的问题是tgt和iscsitarget服务都已安装并运行着(在安装nova-common时会把tgt服务也安装上,这个不小心还真不会发现),在nova.conf配置中添加参数iscsi_helper=tgtadm ,查看端口3260 发现是iscsitarget服务占用,所以导致挂载失败,我们可以根据情况来使用哪个共享存储服务!!将tgt 和iscsi_helper=tgtadm、iscsitarget和iscsi_helper=ietadm保留一个即可。
12、glance index报错:
Authorization Failed: Unable to communicate with identity service: {"error": {"message": "An unexpected error prevented the server from fulfilling your request. Command 'openssl' returned non-zero exit status 3", "code": 500, "title": "Internal Server Error"}}. (HTTP 500)
在 Grizzly 版,我测试 glance index 时候报错:
Authorization Failed: Unable to communicate with identity service: {"error": {"message": "An unexpected error prevented the server from fulfilling your request. Command 'openssl' returned non-zero exit status 3", "code": 500, "title": "Internal Server Error"}}. (HTTP 500)
错误信息指出:glance 没有通过keystone验证,查看了 keystone 日志,报错如下:
2677 2013-03-04 12:40:58 ERROR [keystone.common.cms] Signing error: Error opening signer certificate /etc/keystone/ssl/certs/signing_cert.pem
2678 139803495638688:error:02001002:system library:fopen:No such file or directory:bss_file.c:398:fopen('/etc/keystone/ssl/certs/signing_cert.pem','r')
2679 139803495638688:error:20074002:BIO routines:FILE_CTRL:system lib:bss_file.c:400:
2680 unable to load certificate
2682 2013-03-04 12:40:58 ERROR [root] Command 'openssl' returned non-zero exit status 3
2683 Traceback (most recent call last):
2684 File "/usr/lib/python2.7/dist-packages/keystone/common/wsgi.py", line 231, in __call__
2685 result = method(context, **params)
2686 File "/usr/lib/python2.7/dist-packages/keystone/token/controllers.py", line 118, in authenticate
2687 CONF.signing.keyfile)
2688 File "/usr/lib/python2.7/dist-packages/keystone/common/cms.py", line 140, in cms_sign_token
2689 output = cms_sign_text(text, signing_cert_file_name, signing_key_file_name)
2690 File "/usr/lib/python2.7/dist-packages/keystone/common/cms.py", line 135, in cms_sign_text
2691 raise subprocess.CalledProcessError(retcode, "openssl")
2692 CalledProcessError: Command 'openssl' returned non-zero exit status 3
在Grizzly 版中,keystone 默认验证方式是 PKI , 需要签名证书,之前的版本都是用的 UUID,改 keystone.conf:
token_format = UUID
在试一次就没有错误了。
13、镜像制作
这里主要强调下windows的镜像制作,因为windows的涉及到加载驱动的问题,就比较麻烦。
下载virtio驱动,因为win默认不支持virtio驱动,而通过openstack管理虚拟机是需要virtio驱动的。需要两个virtio驱动,一个是硬盘的,一个是网卡的,即:virtio-win-0.1-30.iso和virtio-win-1.1.16.vfd。这里主要强调两个地方:
1、创建镜像:
kvm -m 512 -boot d –drive
file=win2003server.img,cache=writeback,if=virtio,boot=on -fda virtio-win-1.1.16.vfd -cdrom windows2003_x64.iso -vnc:10
2、引导系统 :
kvm -m 1024 –drive file=win2003server.img,if=virtio,
boot=on -cdrom virtio-win-0.1-30.iso -net nic,model=virtio -net user -boot c -nographic -vnc 8
这里需要注意的地方是if=virtio,boot=on –fda virtio-win-1.1.16.vfd和引导系统时使用的virtio-win-0.1-30.iso 这两个驱动分别是硬盘和网卡驱动。如果不加载这两个驱动安装时会发现找不到硬盘,并且用制作好的镜像生成实例也会发现网卡找不到驱动,所以在这里安装镜像生成后需要重新引导镜像安装更新网卡驱动为virtio。
14、删除僵尸volume
如果cinder服务不正常,我们在创建volume时会产生一些僵尸volume,如果在horizon中无法删除的话,我们需要到服务器上去手动删除,
命令:lvremove /dev/nova-volumes/volume-000002
注意这里一定要写完整的路径,不然无法删除,如果删除提示:
“Can't remove open logical volume“ 可尝试将相关服务stop掉,再尝试删除。删除完还需到数据库cinder的volumes表里清除相关记录。