當試圖去地平線時，我得到：客戶端被伺服器配置拒絕：/usr/bin/keystone-wsgi-public

我最近重新格式化了我所有的 openstack 伺服器（它們在一個非常舊的版本上），並在全新安裝的 Ubuntu 20 上安裝了 Victoria。為了簡單起見，我從一個控制器和一個計算節點開始，然後我將添加其他計算節點.

我在這裡使用文件手動安裝：https ://docs.openstack.org/install-guide/openstack-services.html

當我在地平線文件時：https ://docs.openstack.org/horizo​​n/victoria/install/install-ubuntu.html

我去驗證，我看到兩個問題：

1. 我看不到要登錄哪個域的選項。這曾經說“預設”，當我添加更多時，我可以選擇它們
2. 我收到“無效憑據”。當我登錄時。

我知道我有正確的通行證。在 apache 錯誤日誌中，我看到：

[wsgi:error] [pid 1387564:tid 139949121787648] [remote 10.131.39.250:53860] INFO openstack_auth.forms Login failed for user "admin" using domain "Default", remote address 10.131.39.250.
[Fri Feb 12 15:46:29.473914 2021] [authz_core:error] [pid 1387576:tid 139947818350336] [client 10.131.39.40:42436] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public

我沒有看到其他錯誤，除了 neutron 目前不工作（我使用選項 2，之前的 openstack 安裝是選項 1）。我想即使中子被破壞我仍然應該能夠登錄（它每隔幾分鐘就會重新啟動並給出關於 VLAN 的錯誤，這將是有道理的，因為我還沒有添加任何 VLAN ……我猜）。

建議？我真的在日誌中看不到任何錯誤。不知道還要檢查什麼（除了我的配置，但在此之前幾年我有一個正在執行的 openstack ……）

我已經閱讀了這篇文章和回复，但沒有幫助。

更新：當我查看正常的 apache/error.log 時，我還看到：

[Fri Feb 12 16:37:42.324305 2021] [core:notice] [pid 1387561:tid 139949150809152] AH00094: Command line: '/usr/sbin/apache2'

[Fri Feb 12 16:38:03.236892 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3.8/warnings.py:30: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:03.236961 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   file.write(text)

[Fri Feb 12 16:38:03.236974 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3/dist-packages/scss/types.py:6: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working

[Fri Feb 12 16:38:03.236981 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   from collections import Iterable

[Fri Feb 12 16:38:03.258459 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3/dist-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated since Python 3.0, use inspect.signature() or inspect.getfullargspec()

[Fri Feb 12 16:38:03.258494 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   argspec = inspect.getargspec(function)

[Fri Feb 12 16:38:03.263775 2021] [wsgi:error] [pid 1397748:tid 139949113394944] /usr/lib/python3/dist-packages/scss/selector.py:26: FutureWarning: Possible nested set at position 329

[Fri Feb 12 16:38:03.263789 2021] [wsgi:error] [pid 1397748:tid 139949113394944]   SELECTOR_TOKENIZER = re.compile(r'''

[Fri Feb 12 16:38:04.056002 2021] [authz_core:error] [pid 1397759:tid 139948682372864] [client 10.131.39.40:44268] AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public

[Fri Feb 12 16:38:04.058335 2021] [wsgi:error] [pid 1397748:tid 139949113394944] [remote 10.131.39.250:54556] /usr/lib/python3.8/logging/__init__.py:1084: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:04.058355 2021] [wsgi:error] [pid 1397748:tid 139949113394944] [remote 10.131.39.250:54556]   stream.write(msg + self.terminator)

[Fri Feb 12 16:38:04.058366 2021] [wsgi:error] [pid 1397748:tid 139949113394944] [remote 10.131.39.250:54556] INFO openstack_auth.forms Login failed for user "demo" using domain "Default", remote address 10.131.39.250.

[Fri Feb 12 16:38:06.142850 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3.8/warnings.py:30: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:06.142921 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   file.write(text)

[Fri Feb 12 16:38:06.142934 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3/dist-packages/scss/types.py:6: DeprecationWarning: Using or importing the ABCs from 'collections' instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working

[Fri Feb 12 16:38:06.142940 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   from collections import Iterable

[Fri Feb 12 16:38:06.164363 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3/dist-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated sincePython 3.0, use inspect.signature() or inspect.getfullargspec()

[Fri Feb 12 16:38:06.164384 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   argspec = inspect.getargspec(function)

[Fri Feb 12 16:38:06.169658 2021] [wsgi:error] [pid 1397746:tid 139949046253312] /usr/lib/python3/dist-packages/scss/selector.py:26: FutureWarning: Possible nested set at position 329

[Fri Feb 12 16:38:06.169672 2021] [wsgi:error] [pid 1397746:tid 139949046253312]   SELECTOR_TOKENIZER = re.compile(r'''

[Fri Feb 12 16:38:09.381662 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3.8/warnings.py:30: DeprecationWarning: PY_SSIZE_T_CLEAN will be required for '#' formats

[Fri Feb 12 16:38:09.381736 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   file.write(text)

[Fri Feb 12 16:38:09.381748 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3/dist-packages/scss/types.py:6: DeprecationWarning: Using or importing the ABCs from 'collections'instead of from 'collections.abc' is deprecated since Python 3.3, and in 3.9 it will stop working

[Fri Feb 12 16:38:09.381755 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   from collections import Iterable

[Fri Feb 12 16:38:09.403181 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3/dist-packages/scss/namespace.py:172: DeprecationWarning: inspect.getargspec() is deprecated sincePython 3.0, use inspect.signature() or inspect.getfullargspec()

[Fri Feb 12 16:38:09.403201 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   argspec = inspect.getargspec(function)

[Fri Feb 12 16:38:09.408530 2021] [wsgi:error] [pid 1397747:tid 139949088216832] /usr/lib/python3/dist-packages/scss/selector.py:26: FutureWarning: Possible nested set at position 329

[Fri Feb 12 16:38:09.408545 2021] [wsgi:error] [pid 1397747:tid 139949088216832]   SELECTOR_TOKENIZER = re.compile(r'''

我這裡有一些新資訊。由於 berndbauschs 的評論，預設域確實出現了。

我在日誌文件中確實有一個梯形失真錯誤，它是：

2021-02-13 06:03:46.789 1585439 WARNING keystone.server.flask.application [req-4d8bb568-3024-4506-8100-cb9ec77b21c5 - - - - -] Expecting to find application/json in Content-Type header. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.: keystone.exception.ValidationError: Expecting to find application/json in Content-Type header. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error.

2021-02-13 14:26:28.665 2104630 WARNING keystone.common.rbac_enforcer.enforcer [req-d557ae42-2432-46cf-a0d4-bb60a83334df 59cd620ab38b42ab82dcc93f2bc75f60 21486012e6174f69a62a2957731d6caf - default default] Deprecated policy rules found. Use oslopolicy-policy-generator and oslopolicy-policy-upgrade to detect and resolve deprecated policies in your configuration.

我無法從上面複製第一個錯誤。使用 oslopolicy-policy-generator 會產生 python 錯誤。我不確定這是否應該工作。我猜我應該在 keystone 目錄上做……例如

oslopolicy-policy-generator --config-dir /etc/keystone
Traceback (most recent call last):
 File "/usr/bin/oslopolicy-policy-generator", line 10, in <module>
   sys.exit(generate_policy())
 File "/usr/lib/python3/dist-packages/oslo_policy/generator.py", line 520, in generate_policy
   _check_for_namespace_opt(conf)
 File "/usr/lib/python3/dist-packages/oslo_policy/generator.py", line 499, in _check_for_namespace_opt
   raise cfg.RequiredOptError('namespace', 'DEFAULT')
oslo_config.cfg.RequiredOptError: <exception str() failed>

不知道從這裡去哪裡。我沒有看到其他 apache 錯誤。

更新 neal_utas 的解決方案：

docs.openstack.org上的Horizo​​n文件（至少對於 ubuntu）是不正確的。編輯 /etc/openstack-dashboard/local_settings.py 時，線上文件缺少埠 5000。OPENSTACK_KEYSTONE_URL 的正確條目是：

OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST

進行該更改然後重新啟動（systemctl reload apache2.service）後，它就可以工作了。

我也處於同樣的狀態。全新安裝 Ubuntu 20.04 和 OpenStack Victoria。一切都從 openstack 客戶端執行 - 可以啟動實例等。儀表板登錄失敗，出現 number9 描述的錯誤。

我能夠使用以下方法生成 oslo 策略：

`oslopolicy-policy-generator --namespace keystone > keystone.policy.yaml`

但這並沒有解決儀表板身份驗證錯誤。

AH01630: client denied by server configuration: /usr/bin/keystone-wsgi-public
DEBUG keystoneauth.session Request returned failure status: 403
DEBUG openstack_auth.plugin.base Forbidden (HTTP 403)

更新：在文件中包含 KEYSTONE_URL 的埠為/etc/openstack_dashboard/local_settings.py我修復了這個問題，我現在可以登錄了。

OPENSTACK_KEYSTONE_URL = "http://%s:5000/identity/v3" % OPENSTACK_HOST

引用自：https://serverfault.com/questions/1053437