Re: [Openstack] EC2-API in Ocata - Help wanted

Sat, 01 Apr 2017 02:13:22 -0700

For people dealing with the same problem I was able to overcome the problem by installing the "openstack-ec2-api" package from the centos-openstack-ocata repository.
Although the binaries were exactly the same as mine (did a checksum) installing the package revealed a much more detailed configuration file, which helped a lot. 


In there I found that the "metadata_shared_secret" should be under the 
"[metadata]" section instead of just putting it in the default as I was 
doing since there was no configuration.



I believe that the documentation on EC2-API should be definitely 
updated for two reasons: 1) To instruct users to install the available 
package instead of letting them to build everything manually and 2) To 
inform them on the settings that should be present in the configuration 
file in order for it to work with the current OpenStack specifications 
and requirements.



Regards,

G.




On Mon, 20 Mar 2017 00:27:35 +0200, Georgios Dimitrakakis wrote:

Just to post an update.

These are two different issues.

The first one

# aws --endpoint-url http://controller:8788 ec2 describe-images

An error occurred (AuthFailure) when calling the DescribeImages
operation: Not Found


was because of this line


keystone_ec2_tokens_url = 
http://nefelus-controller:35357/v3/v3/ec2token


in the "ec2api.conf" file.

Obviously they shouldn't be two "v3" there.

This is coming from the "install.sh" script because of this:


iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url 
"$OS_AUTH_URL/v3/ec2tokens"



but in the new versions of OpenStack (I am on Ocata) the recommended
way for "admin.rc" is to have

OS_AUTH_URL=http://controller:35357/v3


So there is already a "v3" plus another from "install.sh" you have 
two.


This sounds like a bug to me or at least is not compatible with the
latest versions.
What does the community think? Should I file a bug?



The second one although not solved yet I believe is coming from the
incorrect usage of "metadata_shared_secret" but I am not quiet sure
yet how to make it work.

I would really like some help here people......

Looking forward for your answers and help.

All the best,


G.



Furthermore,

now all my instances FAIL to get their metadata!

This is the error in "ec2-metadata-api.log"


2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata [-]
X-Instance-ID-Signature:

b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62 
does

not match the expected value:
5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc for
id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From: 172.16.1.11

2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-] Unexpected 
error.

2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata Traceback (most
recent call last):
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File

"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
90,

in __call__
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata     requester =
self._get_requester(req)
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File

"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
182,

in _get_requester
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
self._unpack_neutron_request(req))
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File

"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
223,

in _unpack_neutron_request
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
self._validate_signature(signature, os_instance_id, remote_ip)
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File

"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
263,

in _validate_signature
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata     raise
webob.exc.HTTPForbidden(explanation=msg)
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata HTTPForbidden:
Invalid proxy request signature.
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
10.140.6.181 GET /2009-04-04/meta-data/instance-id None 500
[Python-httplib2/0.9.2 (gzip)] text/plain text/plain
2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
172.16.1.11,10.140.6.181 "GET /2009-04-04/meta-data/instance-id
HTTP/1.1" status: 500 len: 229 time: 0.0022879



while in the Dashboard LOG I see:

checking http://169.254.169.254/2009-04-04/instance-id
failed 1/20: up 0.81. request failed
failed 2/20: up 3.05. request failed
failed 3/20: up 5.25. request failed
failed 4/20: up 7.27. request failed
failed 5/20: up 9.49. request failed
failed 6/20: up 11.51. request failed
failed 7/20: up 13.54. request failed
failed 8/20: up 15.92. request failed
failed 9/20: up 17.94. request failed
failed 10/20: up 20.36. request failed
failed 11/20: up 22.69. request failed
failed 12/20: up 24.72. request failed
failed 13/20: up 26.97. request failed
failed 14/20: up 29.00. request failed
failed 15/20: up 31.25. request failed
failed 16/20: up 33.57. request failed
failed 17/20: up 35.73. request failed
failed 18/20: up 38.00. request failed
failed 19/20: up 40.21. request failed
failed 20/20: up 42.54. request failed
failed to read iid from metadata. tried 20

no results found for mode=net. up 44.98. searched: nocloud 
configdrive ec2

failed to get instance-id of datasource


Could you please help??


Regards,

George



Hello,

I desperately need your help in order to set up EC2-API in Ocata.

I have installed and started the services but I am not sure how to

configure the endpoints since the manual is refering to ports as 
XXXX

and to version as Y.


I have guessed that these are XXXX=8788 and Y=2 but without 
success.



When I am trying to check the configuration I am getting this:

# aws --endpoint-url http://controller:8788 ec2 describe-images

An error occurred (AuthFailure) when calling the DescribeImages
operation: Not Found



I am 100% that the /root/.aws/config file has the correct 
credentials.



In the logs there aren't any information worthing except this:

2017-03-18 20:26:44.299 6717 INFO ec2api.api [-] 0.18514s
10.140.6.181 POST / None 404 [aws-cli/1.11.63 Python/2.7.5
Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
application/x-www-form-urlencoded text/xml

2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-] 
10.140.6.181

"POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572


I desperately looking for your help...So please help!


Best regards,


George

_______________________________________________

Mailing list: 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Post to     : openstack@lists.openstack.org

Unsubscribe : 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack


_______________________________________________

Mailing list: 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Post to     : openstack@lists.openstack.org

Unsubscribe : 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack




_______________________________________________

Mailing list: 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

Post to     : openstack@lists.openstack.org

Unsubscribe : 
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack




_______________________________________________
Mailing list: http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
Post to     : openstack@lists.openstack.org
Unsubscribe : http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack






















					Reply via email to