标签：a9a79d35c74b4814bba1ae197b7cc425 UserProject auth token CRITICAL keystone openst

问题背景

在清理空间的时候误删service项目，导致openstack环境无法使用

dashboard登录账户，出现无法获取使用信息等错误

在命令行查看各种服务，出现HTTP503

[root@node06 ~]# cinder service-list
ERROR: The server is currently unavailable.Please try again at a later time.<br />br />
(HTTP503)

查看日志

cat /var/log/nova/nova-api.log

出现以下错误

2022-10-27 23:29:49.468 15169 WARNING keystonemiddleware.auth_token [-] Identity response: {"error": {"message": "The request you have made requires authentication.", "code": 401, "title": "Unauthorized"}}: Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-241cb364-3044-48fb-98e4-a93fa7d6a196)
2022-10-27 23:29:49.468 15169 CRITICAL keystonemiddleware.auth_token [-] Unable to validate token: Identity server rejected authorization necessary to fetch token data: ServiceError: Identity server rejected authorization necessary to fetch token data
2022-10-27 23:29:58.342 15171 ERROR nova.api.metadata.handler Unauthorized: The request you have made requires authentication. (HTTP 401) (Request-ID: req-76712e11-46ff-4158-96c5-922f02deb030)
2022-10-27 23:29:58.342 15171 ERROR nova.api.metadata.handler

问题解决

查看project列表

发现service不在了

[root@node06 ~]# openstack project list
+----------------------------------+------------------+
| ID                               | Name             |
+----------------------------------+------------------+
| 536a3e0c2a944effa324fe5baaf1e17b | admin            |
+----------------------------------+------------------+

查找被删除的原service的projectid

进入mariadb查找被删除的原service的projectid

若忘记密码，去配置文件配置跳过验证

vim /etc/my.cnf.d/server.cnf
在mysqld下加入skip-grant-tables
重启数据库systemctl restart mariadb
登录数据库mysql -uroot -p，提示输入密码，直接回车进入

修改密码

use mysql；
update user set password='***' where user='root'

重启数据库，使用新密码登入

进入keystone数据库，查看revocation_event表

MariaDB [(none)]> use keystone
Reading table information for completion of table and column names
You can turn off this feature to get a quicker startup with -A

Database changed
MariaDB [keystone]> select * from revocation_event;
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
| id | domain_id | project_id                       | user_id                          | role_id | trust_id | consumer_id | access_token_id | issued_before       | expires_at | revoked_at          | audit_id | audit_chain_id |
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
| 84 | NULL      | a9a79d35c74b4814bba1ae197b7cc425 | NULL                             | NULL    | NULL     | NULL        | NULL            | 2022-10-28 03:35:58 | NULL       | 2022-10-28 03:35:58 | NULL     | NULL           |
+----+-----------+----------------------------------+----------------------------------+---------+----------+-------------+-----------------+---------------------+------------+---------------------+----------+----------------+
4 rows in set (0.001 sec)

查看到最新删除的projectid为a9a79d35c74b4814bba1ae197b7cc425

创建service 项目

创建service

openstack project create --domain default --description "Service Project" service

在数据库更新，把新创的projectid改为原projectid

MariaDB [keystone]> update project set id='a9a79d35c74b4814bba1ae197b7cc425' where name='service';

插入数据

查看关系表assignment

MariaDB [keystone]> select * from  assignment;
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| type        | actor_id                         | target_id                        | role_id                          | inherited |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 1e234e8cbf7545ee97f807215dc7b8f3 | 21b0a90b335546d683b86020a8dc500d |         0 |
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 1e234e8cbf7545ee97f807215dc7b8f3 | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | 3cc0b31e4baf4975a2722e80ee06a8ed | 536a3e0c2a944effa324fe5baaf1e17b | 21b0a90b335546d683b86020a8dc500d |         0 |
| UserProject | 63a8ad6422e34e5dbc4b6b91b241b572 | a53660f892344904987d7c7fcf1c30ad | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | c93d825ea9984b2a9b87550b409e411b | a1affefe170047f9ab12d67ece817f40 | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | d05451dddf4b4a359d8e5e20522152e3 | 1e234e8cbf7545ee97f807215dc7b8f3 | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
| UserProject | d303bef369874d239a48d89014f09024 | fb2473abd5db4f949ed8f4d21ca0019e | f7a977e1cd6e4113bbbb7806e4899824 |         0 |
+-------------+----------------------------------+----------------------------------+----------------------------------+-----------+

查看openstack中project

[root@node06 ~]# openstack project list
+----------------------------------+------------------+
| ID                               | Name             |
+----------------------------------+------------------+
| 536a3e0c2a944effa324fe5baaf1e17b | admin            |
| a9a79d35c74b4814bba1ae197b7cc425 | service          |
+----------------------------------+------------------+

查看openstack中user

[root@node06 ~]# openstack user list
+----------------------------------+------------+
| ID                               | Name       |
+----------------------------------+------------+
| 1b14c2f09c4a4fdfa3e41691779ed02e | nova       |
| 3cc0b31e4baf4975a2722e80ee06a8ed | admin      |
| 67af218a2a0c4ce09f9fde5f1ba640e1 | neutron    |
| 681375dfb78845168fbe4b136a25c866 | cinder     |
| 9d6c6893a51e48bcacc627f777c4ce65 | glance     |
| d068d66ed0194f93a04f9e6e742a7f29 | placement  |
+----------------------------------+------------+

查看openstack中role

[root@node06 ~]# openstack role list
+----------------------------------+-------+
| ID                               | Name  |
+----------------------------------+-------+
| 21b0a90b335546d683b86020a8dc500d | admin |
| f7a977e1cd6e4113bbbb7806e4899824 | user  |
+----------------------------------+-------+

INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '3cc0b31e4baf4975a2722e80ee06a8ed', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');

捋清楚关联关系，更新keystone.assignment表插入对应数据

INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '1b14c2f09c4a4fdfa3e41691779ed02e', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '3cc0b31e4baf4975a2722e80ee06a8ed', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '67af218a2a0c4ce09f9fde5f1ba640e1', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '681375dfb78845168fbe4b136a25c866', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', '9d6c6893a51e48bcacc627f777c4ce65', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');
INSERT INTO keystone.assignment(type, actor_id, target_id, role_id, inherited) VALUES ('UserProject', 'd068d66ed0194f93a04f9e6e742a7f29', 'a9a79d35c74b4814bba1ae197b7cc425', '21b0a90b335546d683b86020a8dc500d', '0');

再次访问dashboard，即可正常使用

标签：a9a79d35c74b4814bba1ae197b7cc425,UserProject,auth,token,CRITICAL,keystone,openst
From： https://www.cnblogs.com/ltaodream/p/16836288.html

openstack出现 CRITICAL keystonemiddleware.auth_token或dashboard无法获取实例信息