Trouble Shooting
[Openstack] 시스템 재부팅 후 대시보드 접속 불가 문제
사막의 여우
2020. 5. 13. 18:56
blog post
Controller 노드 시스템 재부팅 후 dashboard 접속을 시도해보니 연결이 되지 않는 문제가 발생하였습니다.
httpd 로그를 확인해 보았으나,,
[Wed May 13 18:19:42.814169 2020] [suexec:notice] [pid 3772] AH01232: suEXEC mechanism enabled (wrapper: /usr/sbin/suexec)
[Wed May 13 18:19:42.815253 2020] [ssl:warn] [pid 3772] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 18:19:42.873645 2020] [lbmethod_heartbeat:notice] [pid 3772] AH02282: No slotmem from mod_heartmonitor
[Wed May 13 18:19:42.875085 2020] [ssl:warn] [pid 3772] AH01906: RSA server certificate is a CA certificate (BasicConstraints: CA == TRUE !?)
[Wed May 13 18:19:42.875165 2020] [ssl:warn] [pid 3772] AH02292: Init: Name-based SSL virtual hosts only work for clients with TLS server name indication support (RFC 4366)
[Wed May 13 18:19:42.903273 2020] [mpm_prefork:notice] [pid 3772] AH00163: Apache/2.4.6 (CentOS) OpenSSL/1.0.2k-fips mod_wsgi/3.4 Python/2.7.5 configured -- resuming normal operations
[Wed May 13 18:19:42.903314 2020] [core:notice] [pid 3772] AH00094: Command line: '/usr/sbin/httpd -D FOREGROUND'
경고성 메시지 외에는 별다른 문제를 찾지 못했습니다. 다음으로 네트워크에 문제가 있는것으로 보고 패킷을 떠본 결과,
[root@Controller ~]# tcpdump -i eno16777736 port 443
tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
listening on eno16777736, link-type EN10MB (Ethernet), capture size 262144 bytes
18:40:46.264345 IP ec2-54-227-239-17.compute-1.amazonaws.com.https > 192.168.0.30.51345: Flags [P.], seq 3289390902:3289391162, ack 851732253, win 336, optio
ns [nop,nop,TS val 2636456577 ecr 190860862], length 260
18:40:46.264352 IP 192.168.0.30.51345 > ec2-54-227-239-17.compute-1.amazonaws.com.https: Flags [.], ack 260, win 2043, options [nop,nop,TS val 190869664 ecr
2636456577], length 0
18:40:46.769590 IP 192.168.0.30.50973 > 17.248.161.48.https: Flags [P.], seq 3791151273:3791151455, ack 3335606655, win 2048, options [nop,nop,TS val 1908701
66 ecr 1207587178], length 182
18:40:46.769641 IP 192.168.0.30.50973 > 17.248.161.48.https: Flags [P.], seq 182:1237, ack 1, win 2048, options [nop,nop,TS val 190870166 ecr 1207587178], le
ngth 1055
18:40:46.769753 IP 192.168.0.30.50973 > 17.248.161.48.https: Flags [P.], seq 1237:2292, ack 1, win 2048, options [nop,nop,TS val 190870166 ecr 1207587178], l
ength 1055
18:40:46.769925 IP 192.168.0.30.50973 > 17.248.161.48.https: Flags [P.], seq 2292:2949, ack 1, win 2048, options [nop,nop,TS val 190870166 ecr 1207587178], l
ength 657
...생략...
192.168.0.30(개인PC)에서 들어오는 패킷은 보이지만 26에서의 응답 패킷이 보이지 않았습니다. 이를 통해 firewall 문제를 예상해보고 확인해보니,,
[root@Controller ~]# firewall-cmd --list-ports
11211/tcp 5672/tcp 5000/tcp 9292/tcp 6080/tcp 6081/tcp 6082/tcp 8774/tcp 8775/tcp 8778/tcp 9696/tcp 5900-5999/tcp
443 포트가 차단되어 있는 것을 알 수 있었고, 아래와 같이 포트를 허용하여 해결할 수 있었습니다.
[root@Controller ~]# firewall-cmd --add-port=443/tcp --permanent
success
[root@Controller ~]# firewall-cmd --reload
success