반응형
Openstack 환경
OS : Centos 7
Openstack release : Openstack train
Openstack Train version을 설치 아래와 같은 이유로 Instance 배포가 되지 않았다.
Error Keyword " You don't have permission to access /resource_providers on this server."
Compute node에서 "/var/log/nova/nova-compute.log" 파일에 아래 내용이 주기적으로 출력되고 있었다.
[root@compute01 nova]# tail -f /var/log/nova/nova-compute.log
2019-11-06 22:33:53.086 9532 ERROR nova.compute.manager
2019-11-06 22:34:53.086 9532 WARNING keystoneauth.discover [req-6d3e65a7-e5aa-4fb9-a9c4-a7ff8505242e - - - - -] Failed to contact the endpoint at http://controller:8778 for discovery. Fallback to using that endpoint as the base url.: Forbidden: Forbidden (HTTP 403)
2019-11-06 22:34:53.091 9532 ERROR nova.compute.resource_tracker [req-6d3e65a7-e5aa-4fb9-a9c4-a7ff8505242e - - - - -] Skipping removal of allocations for deleted instances: Failed to retrieve allocations for resource provider e63ccfc3-409d-450e-b5a9-a82a21e22beb: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /resource_providers/e63ccfc3-409d-450e-b5a9-a82a21e22beb/allocations
on this server.</p>
</body></html>
: ResourceProviderAllocationRetrievalFailed: Failed to retrieve allocations for resource provider e63ccfc3-409d-450e-b5a9-a82a21e22beb: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
2019-11-06 22:34:53.101 9532 WARNING keystoneauth.discover [req-6d3e65a7-e5aa-4fb9-a9c4-a7ff8505242e - - - - -] Failed to contact the endpoint at http://controller:8778 for discovery. Fallback to using that endpoint as the base url.: Forbidden: Forbidden (HTTP 403)
2019-11-06 22:34:53.105 9532 ERROR nova.scheduler.client.report [req-6d3e65a7-e5aa-4fb9-a9c4-a7ff8505242e - - - - -] [None] Failed to retrieve resource provider tree from placement API for UUID e63ccfc3-409d-450e-b5a9-a82a21e22beb. Got 403: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>403 Forbidden</title>
</head><body>
<h1>Forbidden</h1>
<p>You don't have permission to access /resource_providers on this server.</p>
</body></html>
.
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager [req-6d3e65a7-e5aa-4fb9-a9c4-a7ff8505242e - - - - -] Error updating resources for node ibcompute01.: ResourceProviderRetrievalFailed: UUID\ub85c \ub9ac\uc18c\uc2a4 \uacf5\uae09\uc790 \uac00\uc838\uc624\uae30 \uc2e4\ud328: e63ccfc3-409d-450e-b5a9-a82a21e22beb
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager Traceback (most recent call last):
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/compute/manager.py", line 8560, in _update_available_resource_for_node
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager startup=startup)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py", line 883, in update_available_resource
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager self._update_available_resource(context, resources, startup=startup)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/oslo_concurrency/lockutils.py", line 328, in inner
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager return f(*args, **kwargs)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py", line 968, in _update_available_resource
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager self._update(context, cn, startup=startup)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py", line 1233, in _update
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager self._update_to_placement(context, compute_node, startup)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/retrying.py", line 68, in wrapped_f
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager return Retrying(*dargs, **dkw).call(f, *args, **kw)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/retrying.py", line 223, in call
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager return attempt.get(self._wrap_exception)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/retrying.py", line 261, in get
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager six.reraise(self.value[0], self.value[1], self.value[2])
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/retrying.py", line 217, in call
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager attempt = Attempt(fn(*args, **kwargs), attempt_number, False)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/compute/resource_tracker.py", line 1147, in _update_to_placement
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager context, compute_node.uuid, name=compute_node.hypervisor_hostname)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/scheduler/client/report.py", line 858, in get_provider_tree_and_ensure_root
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager parent_provider_uuid=parent_provider_uuid)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/scheduler/client/report.py", line 640, in _ensure_resource_provider
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager rps_to_refresh = self.get_providers_in_tree(context, uuid)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager File "/usr/lib/python2.7/site-packages/nova/scheduler/client/report.py", line 503, in get_providers_in_tree
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager raise exception.ResourceProviderRetrievalFailed(uuid=uuid)
2019-11-06 22:34:53.106 9532 ERROR nova.compute.manager ResourceProviderRetrievalFailed: UUID\ub85c \ub9ac\uc18c\uc2a4 \uacf5\uae09\uc790 \uac00\uc838\uc624\uae30 \uc2e4\ud328: e63ccfc3-409d-450e-b5a9-a82a21e22beb
Controller node에서는 별다른 로그가 없어 문제가 없을꺼라 생각했지만 차례차례 확인을 해보니 nova가 등록이 되지 않고 있었다.
< 정상적인 CASE >
[root@controller ~] (admin-openrc):~# openstack compute service list --service nova-compute
+----+--------------+-------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+-------------+------+---------+-------+----------------------------+
| 15 | nova-compute | compute02 | nova | enabled | up | 2019-11-06T13:57:27.000000 |
| 16 | nova-compute | compute01 | nova | enabled | up | 2019-11-06T13:57:29.000000 |
+----+--------------+-------------+------+---------+-------+----------------------------+
[root@controller ~] (admin-openrc):~# nova hypervisor-list
+--------------------------------------+---------------------+-------+---------+
| ID | Hypervisor hostname | State | Status |
+--------------------------------------+---------------------+-------+---------+
| 0671b750-b4dc-4bd6-bbd4-58aeb2d4a492 | compute02 | up | enabled |
| e63ccfc3-409d-450e-b5a9-a82a21e22beb | compute01 | up | enabled |
+--------------------------------------+---------------------+-------+---------+
<비정상적인 CASE >
[root@controller ~] (admin-openrc):~# openstack compute service list --service nova-compute
+----+--------------+-------------+------+---------+-------+----------------------------+
| ID | Binary | Host | Zone | Status | State | Updated At |
+----+--------------+-------------+------+---------+-------+----------------------------+
| 15 | nova-compute | compute02 | nova | enabled | up | 2019-11-06T13:57:27.000000 |
| 16 | nova-compute | compute01 | nova | enabled | up | 2019-11-06T13:57:29.000000 |
+----+--------------+-------------+------+---------+-------+----------------------------+
## hypervisor 정보가 출력이 안됨
[root@controller ~] (admin-openrc):~# nova hypervisor-list
+----+---------------------+-------+--------+
| ID | Hypervisor hostname | State | Status |
+----+---------------------+-------+--------+
+----+---------------------+-------+--------+
즉, Instance를 배포할 수 있는 hypervisor가 없어서 발생하는 것이였으며, 원인으로는 Placement에서 접근 권한이 없어 발생한것으로 필자는 확인 하였다.
아래와 같은 방법으로 필자는 일단 해결하였다.
"/etc/httpd/conf.d/00-placement-api.conf"파일내에 config를 추가 함으로써 해결하였다.
[root@controller ~] (admin-openrc):~# vi /etc/httpd/conf.d/00-placement-api.conf
Listen 8778
<VirtualHost *:8778>
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
WSGIDaemonProcess placement-api processes=3 threads=1 user=placement group=placement
WSGIScriptAlias / /usr/bin/placement-api
<IfVersion >= 2.4>
ErrorLogFormat "%M"
</IfVersion>
ErrorLog /var/log/placement/placement-api.log
#SSLEngine On
#SSLCertificateFile ...
#SSLCertificateKeyFile ...
</VirtualHost>
Alias /placement-api /usr/bin/placement-api
<Location /placement-api>
SetHandler wsgi-script
Options +ExecCGI
WSGIProcessGroup placement-api
WSGIApplicationGroup %{GLOBAL}
WSGIPassAuthorization On
</Location>
### 여기 아랫 부분을 추가!!!!
<Directory /usr/bin>
<IfVersion >= 2.4>
Require all granted
</IfVersion>
<IfVersion < 2.4>
Order allow,deny
Allow from all
</IfVersion>
</Directory>
이후 아래 daemon 들을 재기동 하였다.
< Controller Node >
systemctl restart openstack-nova-api.service \
openstack-nova-scheduler.service \
openstack-nova-conductor.service \
openstack-nova-novncproxy.service \
httpd
< Compute node >
systemctl restart libvirtd.service openstack-nova-compute.service
재기동이 된 후 Controller node에서 다시 한번 hypervisor 찾기를 진행하였고 등록된것을 확인하였다.
Command > su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
[root@controller conf.d] (admin-openrc)# su -s /bin/sh -c "nova-manage cell_v2 discover_hosts --verbose" nova
Found 2 cell mappings.
Skipping cell0 since it does not contain hosts.
Getting computes from cell 'cell1': 703c9f24-055d-44d6-859b-59af456b279d
Checking host mapping for compute host 'compute02': 0671b750-b4dc-4bd6-bbd4-58aeb2d4a492
Creating host mapping for compute host 'compute02': 0671b750-b4dc-4bd6-bbd4-58aeb2d4a492
Checking host mapping for compute host 'compute01': e63ccfc3-409d-450e-b5a9-a82a21e22beb
Creating host mapping for compute host 'compute01': e63ccfc3-409d-450e-b5a9-a82a21e22beb
Found 2 unmapped computes in cell: 703c9f24-055d-44d6-859b-59af456b279d
[root@controller ~] (admin-openrc):~# nova hypervisor-list
+--------------------------------------+---------------------+-------+---------+
| ID | Hypervisor hostname | State | Status |
+--------------------------------------+---------------------+-------+---------+
| 0671b750-b4dc-4bd6-bbd4-58aeb2d4a492 | compute02 | up | enabled |
| e63ccfc3-409d-450e-b5a9-a82a21e22beb | compute01 | up | enabled |
+--------------------------------------+---------------------+-------+---------+반응형
'IT > Openstack' 카테고리의 다른 글
| [Openstack - Train] Error "The requested URL /auth/login/ was not found on this server." (0) | 2019.11.06 |
|---|---|
| [Openstack - Train] Centos에 설치하기(7) - Horizon (Dashboard) (0) | 2019.11.06 |
| [Openstack - Train] Centos에 설치하기(6) - Neutron (0) | 2019.11.05 |
| [Openstack - Train] Centos에 설치하기(5) - nova (0) | 2019.11.04 |
| [Openstack - Train] Centos에 설치하기(4) - Placement (0) | 2019.11.04 |