1. 在10.55.255.10上面使用nova list命令出错问题
问题:在命令行下输入nova list,发现报错如下
[root@CNSH231636 ~]# nova list
ERROR (ClientException):Unknown Error (HTTP 503) (Request-ID: req-7e544934-6e28-44a2-96e0-79988edac52a)
打开debug调试项,显示如下:
[root@CNSH231636 ~]# nova --debug list
DEBUG (session:198) REQ: curl -g -i -X GEThttp://10.55.255.10:35357/v3 -H "Accept: application/json" -H"User-Agent: python-keystoneclient"
INFO (connectionpool:203) Starting new HTTPconnection (1): 10.55.255.10
DEBUG (connectionpool:383) "GET /v3HTTP/1.1" 200 252
DEBUG (session:215) RESP: [200]content-length: 252 vary: X-Auth-Token keep-alive: timeout=5, max=100 server:Apache/2.4.6 (CentOS) mod_fcgid/2.3.9 mod_wsgi/3.4 Python/2.7.5 connection:Keep-Alive date: Tue, 05 Apr 2016 08:27:46 GMT content-type: application/jsonx-openstack-request-id: req-3745485a-b8ad-4913-8860-a159a1bed2da
RESP BODY: {"version":{"status": "stable", "updated":"2015-03-30T00:00:00Z", "media-types": [{"base":"application/json", "type":"application/vnd.openstack.identity-v3+json"}], "id":"v3.4", "links": [{"href": "http://10.55.255.10:35357/v3/","rel": "self"}]}}
DEBUG (base:188) Making authenticationrequest to http://10.55.255.10:35357/v3/auth/tokens
DEBUG (connectionpool:383) "POST/v3/auth/tokens HTTP/1.1" 201 2826
DEBUG(session:198) REQ: curl -g -i -X GET http://10.55.255.10:8774/v2/ -H"User-Agent: python-novaclient" -H "Accept:application/json" -H "X-Auth-Token: {SHA1}f97b57381a70a66df5da8a16ee0ad107e463eef8"
INFO(connectionpool:203) Starting new HTTP connection (1): 10.55.255.10
DEBUG (connectionpool:383)"GET /v2/ HTTP/1.1" 503 100
DEBUG (session:215) RESP: [503]date: Tue, 05 Apr 2016 08:27:46 GMT connection: keep-alive content-type:text/plain; charset=UTF-8 content-length: 100 x-compute-request-id:req-24b26137-26cc-47ed-b471-9c7c785bd42b
RESP BODY: 503 Service Unavailable
上述红色的debug信息表明,是novaclient在向nova请求版本信息时出现了错误,返回了503错误;获取token没有问题,但是请求版本信息出现了问题,查看Nova-api进程发现正常,查看nova-api.log日志信息,发现了告警如下:
2016-04-05 16:27:38.940 11455 DEBUGkeystoneclient.auth.identity.v3.base [-] Making authentication request tohttp://10.55.255.10:35357/v3/auth/tokens get_auth_ref/usr/lib/python2.7/site-packages/keystoneclient/auth/identity/v3/base.py:188
2016-04-05 16:27:38.961 11455 DEBUGkeystoneclient.session [-] Request returned failure status: 401 request/usr/lib/python2.7/site-packages/keystoneclient/session.py:400
2016-04-05 16:27:38.962 11455WARNING keystonemiddleware.auth_token [-] Identity response:{"error": {"message": "The request you have maderequires authentication.", "code": 401, "title":"Unauthorized"}}
原来是nova在向keystone验证novaclient中携带的token时出现了“Unauthorized”错误,首先已确认环境变量信息(用户名、密码、租户)没有问题,因为访问neutron服务正常,那么只能怀疑是nova中keystone_authtoken 段的project_name、username和password出现了问题,这两个配置项是Nova用来验证用户token是否正常,首先先要保证使用这两个配置项是正确的,即能够获取到admin token,然后才能用这个admin token来验证用户的token。查看nova.conf配置文件,发现project_name配置为service,该租户在keystone中根本没有创建,因此才会出现Unauthorized问题。
解决办法:
将keystone_authtoken 段的project_name、username、password分别修改为正确的租户、用户名和密码。
2. 使用vnc viewer访问nova创建的虚拟机出现问题
问题一:在现有环境中创建出来虚拟机后,使用dash board中的控制台访问发现不能连接,如下报错:
使用vnc viewer访问虚拟机,报错如下:
解决办法:
1) 在计算节点中开启vnc配置项,需要按如下方式配置:
[vnc]
enabled =True
vncserver_listen= 0.0.0.0
vncserver_proxyclient_address= 10.25.49.4 #计算节点IP
novncproxy_base_url= http://10.25.49.2:6080/vnc_auto.html #控制节点IP
2) 查看centos的防火墙,如果发现防火墙开启,还需要将防火墙关掉:
[root@compute2~]# systemctl status firewalld.service
?firewalld.service- firewalld - dynamic firewall daemon
Loaded: loaded(/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: active(running) since Wed 2016-03-23 20:46:36 CST; 1 weeks 6 days ago
Main PID: 1358 (firewalld)
CGroup: /system.slice/firewalld.service
关掉防火墙之后可以使用vnc访问:
[root@compute2~]# systemctl stop firewalld.service
[root@compute2 ~]# systemctl statusfirewalld.service
?firewalld.service- firewalld - dynamic firewall daemon
Loaded: loaded(/usr/lib/systemd/system/firewalld.service; enabled; vendor preset: enabled)
Active: inactive(dead) since Wed 2016-04-06 09:07:23 CST; 2s ago
Main PID: 1358 (code=exited, status=0/SUCCESS)
问题二:打开vnc viewer,输入vnc server后,无法进入vnc登录页面,提示如下:
解决办法:
在Encryption中将加密级别调整为“Let VNC Server choose”,或者“Prefer on”或者“Prefer off”
问题三:打开vnc viewer,输入vnc server后,vnc viewer出现闪退
解决办法:
依次点Option-->Advanced-->Expert找到ColourLevel,默认值是pal8,修改为rgb222或full。重新连接,没有问题了。