Difference between mysql-authorized localhost & % and persistent authorization error solution (install openstack), mysqllocalhost
First, we will attach the openstack document to illustrate why permission errors are reported when % is granted!
Mysql-u root-pyunjisuan
Create database keystone;
Grant all privileges on keystone. * TO 'keystone '@ 'localhost' identified by 'keystone _ dbpass ';
Grant all privileges on keystone. * TO 'keystone '@' % 'identified BY 'keystone _ dbpass ';
Correct understanding. Here % indicates that all hosts can remotely access the mysql. However, the query for mysql official documentation has instructions, and % does not include localhost. In this case, both localhost and % are authorized.
Next, let's take a look at the hosts file: vim/etc/hosts
Configure the keystone. conf file:
View keystone logs: tailf/var/log/keystone. log
Execute the Database Synchronization command:
Su-s/bin/sh-c "keystone-manage db_sync" keystone
A huge permission error occurs in the log:
It is estimated that this error has plagued many people who have installed openstack. At least from the openstack e version to the current juno version, I often report this kind of error with no Authorization header. Obviously, this is a permission error, generally, I will use keystone directly. Conf connection = mysql: // keystone: KEYSTONE_DBPASS @ controller/keystone is configured
Connection = mysql: // keystone: KEYSTONE_DBPASS@192.168.38.100/keystone. But in fact, we have authorized %, which should be accessible to all hosts. So where is the problem?
After querying the mysql official website information, I said "configuration %", so all other hosts have access permissions. If the above error is returned, do you mean you have no permission. In this example, if % remote access is granted to other hosts,/etc/my In the mysql configuration file. cnf, you also need to make some configuration, bind_address = 0.0.0.0 or directly block this item, please find more information on your own.
How can I solve the above error when I continue? Go back and check the/etc/hosts file:
If the controller node is clearly configured, try to move it to another location. The miracle is:
Add the controller after the above 127.0.0.1 localhost. What does the data in the row 127.0.0.1 localhost mean? Ask Baidu. Only one sentence is that the controller is the alias of localhost alias.
Run the following command: su-s/bin/sh-c "keystone-manage db_sync" keystone.
View logs:
Found successfully. In fact, the controller here is the alias of localhost. Because localhost is previously authorized, the controller is also authorized. However, the first method of writing/etc/hosts is only the DNS function, so a permission error is reported.
Pitfall: this problem has been plagued for several years. When I recently installed the juno version, I reported an error and vowed to solve it. It took two days for google and baidu to finally solve the problem. (Forgive me for my little perfect paranoid syndrome. If I don't solve it, I feel uncomfortable. Even if I can avoid it, I still feel uncomfortable. But I finally solved it and gave myself a thumbs up .)