[jira] [Created] (CLOUDSTACK-1719) EC2 REST API: AWS APIs are not getting translated on the CloudStack Management Server

Chandan Purushothama (JIRA) Mon, 18 Mar 2013 18:39:17 -0700

Chandan Purushothama created CLOUDSTACK-1719:
------------------------------------------------


             Summary: EC2 REST API: AWS APIs are not getting translated on the 
CloudStack Management Server
                 Key: CLOUDSTACK-1719
                 URL: https://issues.apache.org/jira/browse/CLOUDSTACK-1719
             Project: CloudStack
          Issue Type: Bug
      Security Level: Public (Anyone can view this level - this is the default.)
          Components: Management Server
    Affects Versions: 4.1.0, 4.2.0
            Reporter: Chandan Purushothama
            Priority: Blocker
             Fix For: 4.1.0, 4.2.0




===========
Observations:
===========

AWS REST API fired from the client is reaching the management server but it is 
not getting translated to corresponding native CloudStack API Call. The 
awsapi.log doesn't show any information.

==============
On the Client Side:
==============
-----------------------------
BotoClient Request:
------------------------------

import boto.ec2
import pprint

from boto.ec2.connection import EC2Connection as ec2conn

region = 
boto.ec2.regioninfo.RegionInfo(name="AmazonEC2",endpoint="10.223.59.67")
conn = 
boto.connect_ec2(aws_access_key_id='d1gbjBy6NjAq9RnkZMo_nAJuB5cUyC3DAF6rdMShLWH8ryXSoXvL_D2fuZM0YW8GIgs8aDWxBdvzXXtNIShZOg',aws_secret_access_key='d1gbjBy6NjAq9RnkZMo_nAJuB5cUyC3DAF6rdMShLWH8ryXSoXvL_D2fuZM0YW8GIgs8aDWxBdvzXXtNIShZOg',is_secure=False,region=region,port=7080,path="/awsapi",api_version="2010-11-15")
pp = pprint.PrettyPrinter()

#print globals()

#DescribeImage
describeImage = conn.get_all_images()
pp.pprint(describeImage)

----------------------------------
BotoClient Response:
----------------------------------

Traceback (most recent call last):
  File "/home/chandan/pyworkspace/botoawsproject/src/botoQuery.py", line 13, in 
<module>
    describeImage = conn.get_all_images()
  File 
"/usr/lib/python2.7/site-packages/boto-2.6.0-py2.7.egg/boto/ec2/connection.py", 
line 171, in get_all_images
    [('item', Image)], verb='POST')
  File 
"/usr/lib/python2.7/site-packages/boto-2.6.0-py2.7.egg/boto/connection.py", 
line 971, in get_list
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request


------------------------------------------------------------------------------------------
WireShark Network Analyzer Packet Information on the Client:
------------------------------------------------------------------------------------------

POST /awsapi/ HTTP/1.1

Host: 10.223.59.67:7080

Accept-Encoding: identity

Content-Length: 286

Content-Type: application/x-www-form-urlencoded; charset=UTF-8

User-Agent: Boto/2.6.0 (linux2)



AWSAccessKeyId=d1gbjBy6NjAq9RnkZMo_nAJuB5cUyC3DAF6rdMShLWH8ryXSoXvL_D2fuZM0YW8GIgs8aDWxBdvzXXtNIShZOg&Action=DescribeImages&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2013-03-19T00%3A57%3A29Z&Version=2010-11-15&Signature=lzo7%2Fb8GfDTRsHuYy4EINS%2FauCoYd2HpMcB%2BqSNWBAQ%3DHTTP/1.1
 400 Bad Request

Server: Apache-Coyote/1.1

Transfer-Encoding: chunked

Date: Tue, 19 Mar 2013 03:50:13 GMT

Connection: close

=====================
On the Management Server:
=====================

-------------------------------------
Tcpdump of the Request:
-------------------------------------

20:50:13.455199 IP 10.216.133.50.42571 > Rack3Host23.lab.vmops.com.empowerid: 
Flags [S], seq 2327957294, win 5840, options [mss 1380,sackOK,TS val 1204227094 
ecr 0,nop,wscale 7], length 0
20:50:13.455276 IP Rack3Host23.lab.vmops.com.empowerid > 10.216.133.50.42571: 
Flags [S.], seq 2924982523, ack 2327957295, win 14480, options [mss 
1460,sackOK,TS val 11532923 ecr 1204227094,nop,wscale 7], length 0
20:50:13.455494 IP 10.216.133.50.42571 > Rack3Host23.lab.vmops.com.empowerid: 
Flags [.], ack 1, win 46, options [nop,nop,TS val 1204227095 ecr 11532923], 
length 0
20:50:13.455573 IP 10.216.133.50.42571 > Rack3Host23.lab.vmops.com.empowerid: 
Flags [P.], seq 1:483, ack 1, win 46, options [nop,nop,TS val 1204227095 ecr 
11532923], length 482
20:50:13.455589 IP Rack3Host23.lab.vmops.com.empowerid > 10.216.133.50.42571: 
Flags [.], ack 483, win 122, options [nop,nop,TS val 11532924 ecr 1204227095], 
length 0
20:50:13.456773 IP Rack3Host23.lab.vmops.com.empowerid > 10.216.133.50.42571: 
Flags [P.], seq 1:145, ack 483, win 122, options [nop,nop,TS val 11532925 ecr 
1204227095], length 144
20:50:13.456863 IP Rack3Host23.lab.vmops.com.empowerid > 10.216.133.50.42571: 
Flags [F.], seq 145, ack 483, win 122, options [nop,nop,TS val 11532925 ecr 
1204227095], length 0
20:50:13.457023 IP 10.216.133.50.42571 > Rack3Host23.lab.vmops.com.empowerid: 
Flags [.], ack 145, win 54, options [nop,nop,TS val 1204227096 ecr 11532925], 
length 0
20:50:13.457416 IP 10.216.133.50.42571 > Rack3Host23.lab.vmops.com.empowerid: 
Flags [F.], seq 483, ack 146, win 54, options [nop,nop,TS val 1204227097 ecr 
11532925], length 0
20:50:13.457440 IP Rack3Host23.lab.vmops.com.empowerid > 10.216.133.50.42571: 
Flags [.], ack 484, win 122, options [nop,nop,TS val 11532925 ecr 1204227097], 
length 0

-------------------------------------------------------------
Firewall Rules on the Management Server:
--------------------------------------------------------------

[root@Rack3Host23 awsapi]# iptables-save
# Generated by iptables-save v1.4.7 on Mon Mar 18 20:33:54 2013
*filter
:INPUT ACCEPT [0:0]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [122197:37439134]
-A INPUT -p tcp -m tcp --dport 9090 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8250 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 7080 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 8080 -j ACCEPT
-A INPUT -m state --state RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p icmp -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -i em1 -j ACCEPT
-A INPUT -i em2 -j ACCEPT
-A INPUT -p tcp -m state --state NEW -m tcp --dport 22 -j ACCEPT
-A INPUT -j REJECT --reject-with icmp-host-prohibited
-A FORWARD -m state --state RELATED,ESTABLISHED -j ACCEPT
-A FORWARD -p icmp -j ACCEPT
-A FORWARD -i lo -j ACCEPT
-A FORWARD -i em1 -j ACCEPT
-A FORWARD -i em2 -j ACCEPT
-A FORWARD -j REJECT --reject-with icmp-host-prohibited
COMMIT
# Completed on Mon Mar 18 20:33:54 2013
[root@Rack3Host23 awsapi]#

------------------------------------------
webserver listening on 7080:
------------------------------------------

[root@Rack3Host23 awsapi]# netstat -ant | grep 7080
tcp        0      0 :::7080                     :::*                        
LISTEN

mysql> select * from configuration where name like "%ec2%";
+----------+----------+-------------------+----------------+-------+------------------------------+
| category | instance | component         | name           | value | 
description                  |
+----------+----------+-------------------+----------------+-------+------------------------------+
| Advanced | DEFAULT  | management-server | enable.ec2.api | true  | enable EC2 
API on CloudStack |
+----------+----------+-------------------+----------------+-------+------------------------------+
1 row in set (0.00 sec)



--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira

[jira] [Created] (CLOUDSTACK-1719) EC2 REST API: AWS APIs are not getting translated on the CloudStack Management Server

Reply via email to