首页 > 其他分享 >openstack出现 CRITICAL keystonemiddleware.auth_token或dashboard无法获取实例信息

openstack出现 CRITICAL keystonemiddleware.auth_token或dashboard无法获取实例信息

时间:2022-10-28 15:47:51浏览次数:57  
标签:a9a79d35c74b4814bba1ae197b7cc425 UserProject auth token CRITICAL keystone openst

问题背景

在清理空间的时候误删service项目,导致openstack环境无法使用

dashboard登录账户,出现无法获取使用信息等错误

在命令行查看各种服务,出现HTTP503

[root@node06 ~]# cinder service-list
ERROR: The server is currently unavailable.Please try again at a later time.<br />br />
(HTTP503)

查看日志

cat /var/log/nova/nova-api.log

出现以下错误

2022-10-27 23:29:49.468 15169 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-241cb364-3044-48fb-98e4-a93fa7d6a196)
2022-10-27 23:29:49.468 15169 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data: ServiceError: Identity server rejected authorization necessary to fetch token data
2022-10-27 23:29:58.342 15171 ERROR nova.api.metadata.handler Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-76712e11-46ff-4158-96c5-922f02deb030)
2022-10-27 23:29:58.342 15171 ERROR nova.api.metadata.handler 

问题解决

查看project列表

发现service不在了

[root@node06 ~]# openstack project list
+----------------------------------+------------------+
| ID                               | Name             |
+----------------------------------+------------------+
| 536a3e0c2a944effa324fe5baaf1e17b | admin            |
+----------------------------------+------------------+

查找被删除的原service的projectid

进入mariadb查找被删除的原service的projectid

若忘记密码,去配置文件配置跳过验证

  • vim /etc/my.cnf.d/server.cnf

  • 在mysqld下加入skip-grant-tables

  • 重启数据库systemctl restart mariadb

  • 登录数据库mysql -uroot -p,提示输入密码,直接回车进入

  • 修改密码

    use mysql;
    update user set password='***' where user='root'
    
  • 重启数据库,使用新密码登入

进入keystone数据库,查看revocation_event表

MariaDB [(none)]> use keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> select * from revocation_event;
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
| id | domain_id | project_id                       | user_id                          | role_id | trust_id | consumer_id | access_token_id | issued_before       | expires_at | revoked_at          | audit_id | audit_chain_id |
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
| 84 | NULL      | a9a79d35c74b4814bba1ae197b7cc425 | NULL                             | NULL    | NULL     | NULL        | NULL            | 2022-10-28 03:35:58 | NULL       | 2022-10-28 03:35:58 | NULL     | NULL           |
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
4 rows in set (0.001 sec)

查看到最新删除的projectid为a9a79d35c74b4814bba1ae197b7cc425

创建service 项目

创建service

openstack project create --domain default --description "Service Project" service

在数据库更新,把新创的projectid改为原projectid

MariaDB [keystone]> update project set id='a9a79d35c74b4814bba1ae197b7cc425' where name='service';

插入数据

查看关系表assignment

MariaDB [keystone]> select * from  assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 1e234e8cbf7545ee97f807215dc7b8f3 | 21b0a90b335546d683b86020a8dc500d |         0 |
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 1e234e8cbf7545ee97f807215dc7b8f3 | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 536a3e0c2a944effa324fe5baaf1e17b | 21b0a90b335546d683b86020a8dc500d |         0 |
| UserProject | 63a8ad6422e34e5dbc4b6b91b241b572 | a53660f892344904987d7c7fcf1c30ad | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | c93d825ea9984b2a9b87550b409e411b | a1affefe170047f9ab12d67ece817f40 | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | d05451dddf4b4a359d8e5e20522152e3 | 1e234e8cbf7545ee97f807215dc7b8f3 | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | d303bef369874d239a48d89014f09024 | fb2473abd5db4f949ed8f4d21ca0019e | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+

查看openstack中project

[root@node06 ~]# openstack project list
+----------------------------------+------------------+
| ID                               | Name             |
+----------------------------------+------------------+
| 536a3e0c2a944effa324fe5baaf1e17b | admin            |
| a9a79d35c74b4814bba1ae197b7cc425 | service          |
+----------------------------------+------------------+

查看openstack中user

[root@node06 ~]# openstack user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 1b14c2f09c4a4fdfa3e41691779ed02e | nova       |
| 3cc0b31e4baf4975a2722e80ee06a8ed | admin      |
| 67af218a2a0c4ce09f9fde5f1ba640e1 | neutron    |
| 681375dfb78845168fbe4b136a25c866 | cinder     |
| 9d6c6893a51e48bcacc627f777c4ce65 | glance     |
| d068d66ed0194f93a04f9e6e742a7f29 | placement  |
+----------------------------------+------------+

查看openstack中role

[root@node06 ~]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 21b0a90b335546d683b86020a8dc500d | admin |
| f7a977e1cd6e4113bbbb7806e4899824 | user  |
+----------------------------------+-------+

INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '3cc0b31e4baf4975a2722e80ee06a8ed', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');

捋清楚关联关系,更新keystone.assignment表插入对应数据

INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '1b14c2f09c4a4fdfa3e41691779ed02e', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '3cc0b31e4baf4975a2722e80ee06a8ed', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '67af218a2a0c4ce09f9fde5f1ba640e1', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '681375dfb78845168fbe4b136a25c866', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '9d6c6893a51e48bcacc627f777c4ce65', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', 'd068d66ed0194f93a04f9e6e742a7f29', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');

再次访问dashboard,即可正常使用

标签:a9a79d35c74b4814bba1ae197b7cc425,UserProject,auth,token,CRITICAL,keystone,openst
From: https://www.cnblogs.com/ltaodream/p/16836288.html

相关文章

  • [java]StringTokenizei总结
    构造函数三种StringTokenizer(Stringstr)//构造一个用来解析str的StringTokenizer对象。java默认的分隔符是空格("")、制表符(\t)、换行符(\n)、回车符(\r)。Strin......
  • win10下 asp.net 未能加载文件或程序集“stdole, Version=7.0.3300.0, Culture=neutra
    win10下asp.net未能加载文件或程序集“stdole,Version=7.0.3300.0,Culture=neutral,PublicKeyToken=b03f5f7f11d50a3a”或它的某一个依赖项。系统找不到指定的文件。......
  • OAuth 2.0 理解
    阮一峰的网络日志中简要介绍了OAuth2.0的概况,英文官方文档 以及中文版本也可以去看看,github上有人上传了中文版。2012年10月,OAuth2.0协议正式发布为RFC6749。......
  • SSO 单点登录和 OAuth2.0 的区别和理解
    一、概述SSO是SingleSignOn的缩写,OAuth是OpenAuthority的缩写,这两者都是使用令牌的方式来代替用户密码访问应用。流程上来说他们非常相似,但概念上又十分不同。SSO大家......
  • 服务端声网获取Token(Java)
    声网社区已经提供了实例代码:https://github.com/AgoraIO/Tools/tree/master/DynamicKey/AgoraDynamicKey/java稍微要注意一下的:声网提供的生成API接口,有通过uid(int)和acc......
  • 在 Windows Phone上使用QQConnect OAuth2
    QQ互联OAuth2.0.NETSDK发布以及网站QQ登陆示例代码这篇文章讲述的普通的ASP.NET站点上使用QQ互联,本篇文章主要介绍在WindowsPhone环境使用QQ互联OAut......
  • jmeter中获取token和cookie
     ##登录获取token1.添加请求1.1输入接口中需要携带的参数的值   2.正则表达式提取器提取出值   3.输入token数据   "token":"(.+?)"......
  • Jmeter-3.Json提取器处理上下游传参(例如获取的token给下游使用)
    需要提取哪个请求产生的值,就在哪个请求上添加,例如在获取token的请求上,右键,添加--后置处理器--Json提取器  下游需要用的时候通过${}引用,例如添加会议室需要token ......
  • K8s获取token
    使用调用KubernetesAPI的方式获取信息时,需要使用Kubernetes的Token创建用户admin-user并授权admin-user.yamlapiVersion:v1kind:ServiceAccountmetadata:nam......
  • apipost动态获取登录token,其他接口同步调用
    1、新增登录接口,接口返回值包含token信息接口信息   返回值   2、在登录接口的后执行脚本,添加环境变量 apt.environment.set("accessToken",response.js......