For people dealing with the same problem I was able to overcome
the problem by installing the "openstack-ec2-api" package from
the centos-openstack-ocata repository.
Although the binaries were exactly the same as mine (did a
checksum) installing the package revealed a much more detailed
configuration file, which helped a lot.
In there I found that the "metadata_shared_secret" should be
under the "[metadata]" section instead of just putting it in the
default as I was doing since there was no configuration.
I believe that the documentation on EC2-API should be
definitely updated for two reasons: 1) To instruct users to
install the available package instead of letting them to build
everything manually and 2) To inform them on the settings that
should be present in the configuration file in order for it to
work with the current OpenStack specifications and requirements.
Regards,
G.
On Mon, 20 Mar 2017 00:27:35 +0200, Georgios Dimitrakakis
wrote:
Just to post an update.
These are two different issues.
The first one
# aws --endpoint-url http://controller:8788 [9] ec2
describe-images
An error occurred (AuthFailure) when calling the
DescribeImages
operation: Not Found
was because of this line
keystone_ec2_tokens_url =
http://nefelus-controller:35357/v3/v3/ec2token [10]
in the "ec2api.conf" file.
Obviously they shouldn't be two "v3" there.
This is coming from the "install.sh" script because of this:
iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url
"$OS_AUTH_URL/v3/ec2tokens"
but in the new versions of OpenStack (I am on Ocata) the
recommended
way for "admin.rc" is to have
OS_AUTH_URL=http://controller:35357/v3 [11]
So there is already a "v3" plus another from "install.sh" you
have two.
This sounds like a bug to me or at least is not compatible
with the
latest versions.
What does the community think? Should I file a bug?
The second one although not solved yet I believe is coming
from the
incorrect usage of "metadata_shared_secret" but I am not
quiet sure
yet how to make it work.
I would really like some help here people......
Looking forward for your answers and help.
All the best,
G.
Furthermore,
now all my instances FAIL to get their metadata!
This is the error in "ec2-metadata-api.log"
2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata [-]
X-Instance-ID-Signature:
b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62
does
not match the expected value:
5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc
for
id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From:
172.16.1.11
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-]
Unexpected error.
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
Traceback (most
recent call last):
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
line 90,
in __call__
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
requester =
self._get_requester(req)
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
line 182,
in _get_requester
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
self._unpack_neutron_request(req))
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
line 223,
in _unpack_neutron_request
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
self._validate_signature(signature, os_instance_id,
remote_ip)
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
"/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
line 263,
in _validate_signature
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata raise
webob.exc.HTTPForbidden(explanation=msg)
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
HTTPForbidden:
Invalid proxy request signature.
2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
10.140.6.181 GET /2009-04-04/meta-data/instance-id None 500
[Python-httplib2/0.9.2 (gzip)] text/plain text/plain
2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
172.16.1.11,10.140.6.181 "GET
/2009-04-04/meta-data/instance-id
HTTP/1.1" status: 500 len: 229 time: 0.0022879
while in the Dashboard LOG I see:
checking MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN
MALICIOUS: http://169.254.169.254/2009-04-04/instance-id [5]
failed 1/20: up 0.81. request failed
failed 2/20: up 3.05. request failed
failed 3/20: up 5.25. request failed
failed 4/20: up 7.27. request failed
failed 5/20: up 9.49. request failed
failed 6/20: up 11.51. request failed
failed 7/20: up 13.54. request failed
failed 8/20: up 15.92. request failed
failed 9/20: up 17.94. request failed
failed 10/20: up 20.36. request failed
failed 11/20: up 22.69. request failed
failed 12/20: up 24.72. request failed
failed 13/20: up 26.97. request failed
failed 14/20: up 29.00. request failed
failed 15/20: up 31.25. request failed
failed 16/20: up 33.57. request failed
failed 17/20: up 35.73. request failed
failed 18/20: up 38.00. request failed
failed 19/20: up 40.21. request failed
failed 20/20: up 42.54. request failed
failed to read iid from metadata. tried 20
no results found for mode=net. up 44.98. searched: nocloud
configdrive ec2
failed to get instance-id of datasource
Could you please help??
Regards,
George
Hello,
I desperately need your help in order to set up EC2-API
in Ocata.
I have installed and started the services but I am not
sure how to
configure the endpoints since the manual is refering to
ports as XXXX
and to version as Y.
I have guessed that these are XXXX=8788 and Y=2 but
without success.
When I am trying to check the configuration I am getting
this:
# aws --endpoint-url http://controller:8788 [1] ec2
describe-images
An error occurred (AuthFailure) when calling the
DescribeImages
operation: Not Found
I am 100% that the /root/.aws/config file has the correct
credentials.
In the logs there aren't any information worthing except
this:
2017-03-18 20:26:44.299 6717 INFO ec2api.api [-] 0.18514s
10.140.6.181 POST / None 404 [aws-cli/1.11.63
Python/2.7.5
Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
application/x-www-form-urlencoded text/xml
2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-]
10.140.6.181
"POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572
I desperately looking for your help...So please help!
Best regards,
George
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[2]
Post to : openstack@lists.openstack.org [3]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[4]
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[6]
Post to : openstack@lists.openstack.org [7]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[8]
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[12]
Post to : openstack@lists.openstack.org [13]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[14]
_______________________________________________
Mailing list:
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[15]
Post to : openstack@lists.openstack.org [16]
Unsubscribe :
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
[17]