[Openstack] {Disarmed} Re: {Disarmed} Re: EC2-API in Ocata - Help wanted
Anastasia Kravets
rtikitavi at gmail.com
Wed Jun 14 14:14:06 UTC 2017
Hi Georgios,
The difference was caused by the presence of caching metadata in nova and the lack of caching in ec2-api.
We’ve fixed it in ec2-api in master.
Thank you for your assistance.
Regards,
Anastasia
> On 21 Apr 2017, at 09:12, Andrey Pavlov <andrey.mp at gmail.com> wrote:
>
> Also it will be very helpful for us if you describe the cloud where this happens.
> How many projects/users. How many instances at all and in the tenant where you try to list it. How many networks/subnets/ports.
>
> Regards,
> Andrey.
>
> On Thu, Apr 20, 2017 at 11:50 PM, Georgios Dimitrakakis <giorgis at acmac.uoc.gr <mailto:giorgis at acmac.uoc.gr>> wrote:
> Hello,
>
> I will try to provide you with the logs in the next few days...
>
> Best,
>
> G.
>
> Hello Georgios,
>
> We will test it on our site, but for more careful investigations could
> you please turn on debug = True in ec2api.conf and send us the ec2api
> logs during problem.
> Any additional information you can provide is welcome.
>
> Thank you,
>
> BR,
> Anastasia
>
> On 18 Apr 2017, at 10:22, Georgios Dimitrakakis wrote:
>
> Hello Anastasia!
>
> Yes, 'nova list' is fast and I 've already given the requested
> information by replying to Jay's post.
>
> Jay asked someone from the the EC2 API team to look at it but so far
> no one has appeared...
>
> Best,
>
> G.
>
> Hello Georgios,
>
> We’ll update the doc in the near future.
>
> Did you see the question of Jay Pipes in the thread about slow
> performance? Did you try to run ’nova list’ and compare the
> time?
>
> Thank you
>
> Best regards,
> Anastasia Kravets
>
> Hello Alexandre,
>
> thank you very much for your time. I have a rough guide of what
> I
> did in order to have it working in case you need it to update
> the
> docs so please let me know if I can be of any assistance.
>
> By the way could you please check the following thread and let
> me
> know if you have any idea?
>
>
> http://lists.openstack.org/pipermail/openstack/2017-March/018972.html <http://lists.openstack.org/pipermail/openstack/2017-March/018972.html>
> [19]
>
> [21]
>
> All the best,
>
> G.
>
> Thank you Georgios,
>
> We'll definitely update the doc. We were away all of us so
> couldn't
> help you with your initial problems. Glad you'd figured them
> out.
> Sorry about your troubles.
>
> Best regards,
> Alex Levine
>
> On 4/1/17 12:00 PM, Georgios Dimitrakakis wrote:
>
> For people dealing with the same problem I was able to
> overcome
> the problem by installing the "openstack-ec2-api" package
> from
> the centos-openstack-ocata repository.
>
> Although the binaries were exactly the same as mine (did a
> checksum) installing the package revealed a much more
> detailed
> configuration file, which helped a lot.
>
> In there I found that the "metadata_shared_secret" should be
> under the "[metadata]" section instead of just putting it in
> the
> default as I was doing since there was no configuration.
>
> I believe that the documentation on EC2-API should be
> definitely updated for two reasons: 1) To instruct users to
> install the available package instead of letting them to
> build
> everything manually and 2) To inform them on the settings
> that
> should be present in the configuration file in order for it
> to
> work with the current OpenStack specifications and
> requirements.
>
> Regards,
>
> G.
>
> On Mon, 20 Mar 2017 00:27:35 +0200, Georgios Dimitrakakis
> wrote:
>
> Just to post an update.
>
> These are two different issues.
>
> The first one
>
> # aws --endpoint-url http://controller:8788 <http://controller:8788/> [1] [9] ec2
> describe-images
>
> An error occurred (AuthFailure) when calling the
> DescribeImages
> operation: Not Found
>
> was because of this line
>
> keystone_ec2_tokens_url =
> http://nefelus-controller:35357/v3/v3/ec2token <http://nefelus-controller:35357/v3/v3/ec2token> [2] [10]
>
> in the "ec2api.conf" file.
>
> Obviously they shouldn't be two "v3" there.
>
> This is coming from the "install.sh" script because of
> this:
>
> iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url
> "$OS_AUTH_URL/v3/ec2tokens"
>
> but in the new versions of OpenStack (I am on Ocata) the
> recommended
> way for "admin.rc" is to have
>
> OS_AUTH_URL=http://controller:35357/v3 <http://controller:35357/v3> [3] [11]
>
> So there is already a "v3" plus another from "install.sh"
> you
> have two.
>
> This sounds like a bug to me or at least is not compatible
> with the
> latest versions.
> What does the community think? Should I file a bug?
>
> The second one although not solved yet I believe is coming
> from the
> incorrect usage of "metadata_shared_secret" but I am not
> quiet sure
> yet how to make it work.
>
> I would really like some help here people......
>
> Looking forward for your answers and help.
>
> All the best,
>
> G.
>
> Furthermore,
>
> now all my instances FAIL to get their metadata!
>
> This is the error in "ec2-metadata-api.log"
>
> 2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata
> [-]
> X-Instance-ID-Signature:
>
>
> b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62
>
> does
> not match the expected value:
>
>
> 5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc
> for
> id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From:
> 172.16.1.11
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-]
> Unexpected error.
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> Traceback (most
> recent call last):
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
> line 90,
> in __call__
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> requester =
> self._get_requester(req)
> 2017-03-19 17:04:16.690 13635 ERROR ec2
>
> ome/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
> line 182,
> in _get_requester
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> self._unpack_neutron_request(req))
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
> line 223,
> in _unpack_neutron_request
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> self._validate_signature(signature, os_instance_id,
> remote_ip)
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
> line 263,
> in _validate_signature
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata raise
> webob.exc.HTTPForbidden(explanation=msg)
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> HTTPForbidden:
> Invalid proxy request signature.
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> 2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
> 10.140.6.181 GET /2009-04-04/meta-data/instance-id None
> 500
> [Python-httplib2/0.9.2 (gzip)] text/plain text/plain
> 2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
> 172.16.1.11,10.140.6.181 "GET
> /2009-04-04/meta-data/instance-id
> HTTP/1.1" status: 500 len: 229 time: 0.0022879
>
> while in the Dashboard LOG I see:
>
> checking MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN
> MALICIOUS: MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN
> MALICIOUS: http://169.254.169.254/2009-04-04/instance-id <http://169.254.169.254/2009-04-04/instance-id>
> [7] [5]
> failed 1/20: up 0.81. request failed
> failed 2/20: up 3.05. request failed
> failed 3/20: up 5.25. request failed
> failed 4/20: up 7.27. request failed
> failed 5/20: up 9.49. request failed
> failed 6/20: up 11.51. request failed
> failed 7/20: up 13.54. request failed
> failed 8/20: up 15.92. request failed
> failed 9/20: up 17.94. request failed
> failed 10/20: up 20.36. request failed
> failed 11/20: up 22.69. request failed
> failed 12/20: up 24.72. request failed
> failed 13/20: up 26.97. request failed
> failed 14/20: up 29.00. request failed
> failed 15/20: up 31.25. request failed
> failed 16/20: up 33.57. request failed
> failed 17/20: up 35.73. request failed
> failed 18/20: up 38.00. request failed
> failed 19/20: up 40.21. request failed
> failed 20/20: up 42.54. request failed
> failed to read iid from metadata. tried 20
> no results found for mode=net. up 44.98. searched: nocloud
> configdrive ec2
> failed to get instance-id of datasource
>
> Could you please help??
>
> Regards,
>
> George
>
> Hello,
>
> I desperately need your help in order to set up EC2-API
> in Ocata.
>
> I have installed and started the services but I am not
> sure how to
> configure the endpoints since the manual is refering to
> ports as XXXX
> and to version as Y.
>
> I have guessed that these are XXXX=8788 and Y=2 but
> without success.
>
> When I am trying to check the configuration I am getting
> this:
>
> # aws --endpoint-url http://controller:8788 <http://controller:8788/> [4] [1] ec2
> describe-images
>
> An error occurred (AuthFailure) when calling the
> DescribeImages
> operation: Not Found
>
> I am 100% that the /root/.aws/config file has the
> correct
> credentials.
>
> In the logs there aren't any information worthing except
> this:
>
> 2017-03-18 20:26:44.299 6717 INFO ec2api.api [-]
> 0.18514s
> 10.140.6.181 POST / None 404 [aws-cli/1.11.63
> Python/2.7.5
> Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
> application/x-www-form-urlencoded text/xml
> 2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-]
> 10.140.6.181
> "POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572
>
> I desperately looking for your help...So please help!
>
> Best regards,
>
> George
>
> _______________________________________________
> Mailing list:
>
>
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [8]
>
> [2]
> Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [5] [3]
> Unsubscribe :
>
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [9]
> [4]
>
> _______________________________________________
> Mailing list:
>
>
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [10]
> [6]
> Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [7]
> Unsubscribe :
> nstack.org/cgi-bin/mailman/listinfo/openstack <http://nstack.org/cgi-bin/mailman/listinfo/openstack>"
>
>
>
>
>
>
>
> class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [8]
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listin <http://lists.openstack.org/cgi-bin/mailman/listin>
>
> Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [6] [13]
> Unsubscribe :
> ack.org/cgi-bin/mailman/listinfo/openstack <http://ack.org/cgi-bin/mailman/listinfo/openstack>"
>
>
>
>
>
>
>
> class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [14]
>
> _______________________________________________
> Mailing list:
> openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [11] [16]
> Unsubscribe :
>
>
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [12]
> [17]
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [13] [18]
> Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [14] [19]
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [15] [20]
>
> _______________________________________________
> Mailing list:
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [16] [22]
> Post to : openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [17] [23]
> Unsubscribe :
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [18] [24]
>
> Links:
> ------
> [1] http://controller:8788/ <http://controller:8788/> [20]
> [2] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [21]
> [3] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [22]
> [4] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [23]
> [5] MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN MALICIOUS:
> http://169.254.169.254/2009-04-04/instance-id <http://169.254.169.254/2009-04-04/instance-id> [24]
> [6] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [25]
> [7] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [26]
> [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [27]
> [9] http://controller:8788/ <http://controller:8788/> [28]
> [10] http://nefelus-controller:35357/v3/v3/ec2token <http://nefelus-controller:35357/v3/v3/ec2token> [29]
> [11] http://controller:35357/v3 <http://controller:35357/v3> [30]
> [12] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [31]
> [13] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [32]
> [14] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [33]
> [15] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [34]
> [16] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [35]
> [17] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [36]
> [18] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [37]
> [19] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [38]
> [20] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [39]
> [21]
>
>
> http://lists.openstack.org/pipermail/openstack/2017-March/018972.html <http://lists.openstack.org/pipermail/openstack/2017-March/018972.html>
> [40]
> [22] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [41]
> [23] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org> [42]
> [24] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [43]
>
>
>
> Links:
> ------
> [1] http://controller:8788/ <http://controller:8788/>
> [2] http://nefelus-controller:35357/v3/v3/ec2token <http://nefelus-controller:35357/v3/v3/ec2token>
> [3] http://controller:35357/v3 <http://controller:35357/v3>
> [4] http://controller:8788/ <http://controller:8788/>
> [5] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [6] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [7] http://169.254.169.254/2009-04-04/instance-id <http://169.254.169.254/2009-04-04/instance-id>
> [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [9] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [11] http://lists <http://lists/><div>
>
> stinfo/openstack
> </div>tp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack></a>
> [15]
> Post to :<span class=
> [12] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [13] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [14] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [15] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [16] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [17] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [18] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [19] http://lists.openstack.org/pipermail/openstack/2017-March/018972.html <http://lists.openstack.org/pipermail/openstack/2017-March/018972.html>
> [20] http://controller:8788/ <http://controller:8788/>
> [21] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [22] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [23] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [24] http://169.254.169.254/2009-04-04/instance-id <http://169.254.169.254/2009-04-04/instance-id>
> [25] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [26] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [27] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [28] http://controller:8788/ <http://controller:8788/>
> [29] http://nefelus-controller:35357/v3/v3/ec2token <http://nefelus-controller:35357/v3/v3/ec2token>
> [30] http://controller:35357/v3 <http://controller:35357/v3>
> [31] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [32] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [33] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [34] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [35] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [36] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [37] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [38] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [39] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [40] http://lists.openstack.org/pipermail/openstack/2017-March/018972.html <http://lists.openstack.org/pipermail/openstack/2017-March/018972.html>
> [41] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [42] mailto:openstack at lists.openstack.org <mailto:openstack at lists.openstack.org>
> [43] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack <http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack>
> [44] mailto:giorgis at acmac.uoc.gr <mailto:giorgis at acmac.uoc.gr>
>
>
>
>
> --
> Kind regards,
> Andrey Pavlov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170614/843832cb/attachment.html>
More information about the Openstack
mailing list