Ask Your Question
0

nova-status upgrade check fails

asked 2017-06-16 09:16:04 -0500

audiomobster gravatar image

updated 2017-06-23 04:17:26 -0500

Hi, I'm using this guide https://docs.openstack.org/ocata to do an openstack installation. I've got a physical machine which is running kvm which is my nova compute and I've got an instance which is running the control node.

nova-status --debug upgrade check

Results in following error:

    Error:
    Traceback (most recent call last):
      File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 456, in main
        ret = fn(*fn_args, **fn_kwargs)
      File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 386, in check
        result = func(self)
      File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 201, in _check_placement
        versions = self._placement_get("/")
      File "/usr/lib/python2.7/site-packages/nova/cmd/status.py", line 189, in _placement_get
        return client.get(path, endpoint_filter=ks_filter).json()
      File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 758, in get
    return self.request(url, 'GET', **kwargs)
  File "/usr/lib/python2.7/site-packages/positional/__init__.py", line 101, in inner
    return wrapped(*args, **kwargs)
  File "/usr/lib/python2.7/site-packages/keystoneauth1/session.py", line 655, in request
    raise exceptions.from_response(resp, method, url)
InternalServerError: Internal Server Error (HTTP 500)

This seems to be the corresponding log

2017-06-16 15:59:55.802 1153 WARNING keystoneauth.identity.generic.base [-] Discovering versions from the identity service failed when creating the password plugin. Attempting to determine version from URL.
mod_wsgi (pid=1153): Exception occurred processing WSGI script '/usr/bin/nova-placement-api'.
Traceback (most recent call last):
      File "/usr/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
        resp = self.call_func(req, *args, **self.kwargs)
      File "/usr/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
        return self.func(req, *args, **kwargs)
      File "/usr/lib/python2.7/site-packages/oslo_middleware/request_id.py", line 37, in __call__
        response = req.get_response(self.application)
      File "/usr/lib/python2.7/site-packages/webob/request.py", line 1299, in send
        application, catch_exc_info=False)
      File "/usr/lib/python2.7/site-packages/webob/request.py", line 1263, in call_application
        app_iter = application(self.environ, start_response)
      File "/usr/lib/python2.7/site-packages/webob/dec.py", line 130, in __call__
        resp = self.call_func(req, *args, **self.kwargs)
      File "/usr/lib/python2.7/site-packages/webob/dec.py", line 195, in call_func
        return self.func(req, *args, **kwargs)
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 332, in __call__
        response = self.process_request(req)
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 623, in process_request
        resp = super(AuthProtocol, self).process_request(request)
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 405, in process_request
        allow_expired=allow_expired)
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 435, in _do_fetch_token
        data = self.fetch_token(token, **kwargs)
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/__init__.py", line 762, in fetch_token
        allow_expired=allow_expired)
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/_identity.py", line 217, in verify_token
        auth_ref = self._request_strategy.verify_token(
      File "/usr/lib/python2.7/site-packages/keystonemiddleware/auth_token/_identity.py", line 168, in _request_strategy
        strategy_class = self._get_strategy_class()
      File "/usr/lib ...
(more)
edit retag flag offensive close merge delete

Comments

I am also facing the same issue. Let me know if you find any solution.

Sanchar gravatar imageSanchar ( 2017-06-17 07:53:20 -0500 )edit
1

That sounds like an auth issue: Check if nova user is created in keystone, auth config is set in nova.conf with right information and if from controller/compute nodes can reach keystone endpoint.

Eduardo Gonzalez gravatar imageEduardo Gonzalez ( 2017-06-19 10:17:47 -0500 )edit

1 answer

Sort by ยป oldest newest most voted
0

answered 2017-06-22 11:19:41 -0500

audiomobster gravatar image

updated 2017-06-23 04:12:33 -0500

It is a SELinux issue.

ausearch -c httpd

shows

type=AVC msg=audit(1498146726.488:879): avc: denied { name_connect } for pid=6299 comm="httpd" dest=35357 scontext=system_u:system_r:httpd_t:s0 tcontext=system_u:object_r:keystone_port_t:s0 tclass=tcp_socket permissive=0

This will make it work:

setsebool -P httpd_can_network_connect 1

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

3 followers

Stats

Asked: 2017-06-16 09:16:04 -0500

Seen: 1,195 times

Last updated: Jun 23 '17