[Openstack] EC2-API in Ocata - Help wanted

Georgios Dimitrakakis giorgis at acmac.uoc.gr
Mon Apr 10 20:22:14 UTC 2017 

 Hello Alexandre,

 thank you very much for your time. I have a rough guide of what I did 
 in order to have it working in case you need it to update the docs so 
 please let me know if I can be of any assistance.

 By the way could you please check the following thread and let me know 
 if you have any idea?

 http://lists.openstack.org/pipermail/openstack/2017-March/018972.html


 All the best,

 G.


> Thank you Georgios,
>
> We'll definitely update the doc. We were away all of us so couldn't
> help you with your initial problems. Glad you'd figured them out.
> Sorry about your troubles.
>
> Best regards,
>    Alex Levine
>
> On 4/1/17 12:00 PM, Georgios Dimitrakakis wrote:
>> For people dealing with the same problem I was able to overcome the 
>> problem by installing the "openstack-ec2-api" package from the 
>> centos-openstack-ocata repository.
>>
>> Although the binaries were exactly the same as mine (did a checksum) 
>> installing the package revealed a much more detailed configuration 
>> file, which helped a lot.
>>
>> In there I found that the "metadata_shared_secret" should be under 
>> the "[metadata]" section instead of just putting it in the default as 
>> I was doing since there was no configuration.
>>
>> I believe that the documentation on EC2-API should be definitely 
>> updated for two reasons: 1) To instruct users to install the available 
>> package instead of letting them to build everything manually and 2) To 
>> inform them on the settings that should be present in the 
>> configuration file in order for it to work with the current OpenStack 
>> specifications and requirements.
>>
>>
>> Regards,
>>
>> G.
>>
>>
>>
>>
>> On Mon, 20 Mar 2017 00:27:35 +0200, Georgios Dimitrakakis wrote:
>>> Just to post an update.
>>>
>>> These are two different issues.
>>>
>>> The first one
>>>
>>> # aws --endpoint-url http://controller:8788 ec2 describe-images
>>>
>>> An error occurred (AuthFailure) when calling the DescribeImages
>>> operation: Not Found
>>>
>>>
>>> was because of this line
>>>
>>> keystone_ec2_tokens_url = 
>>> http://nefelus-controller:35357/v3/v3/ec2token
>>>
>>> in the "ec2api.conf" file.
>>>
>>> Obviously they shouldn't be two "v3" there.
>>>
>>> This is coming from the "install.sh" script because of this:
>>>
>>> iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url 
>>> "$OS_AUTH_URL/v3/ec2tokens"
>>>
>>>
>>> but in the new versions of OpenStack (I am on Ocata) the 
>>> recommended
>>> way for "admin.rc" is to have
>>>
>>> OS_AUTH_URL=http://controller:35357/v3
>>>
>>> So there is already a "v3" plus another from "install.sh" you have 
>>> two.
>>>
>>> This sounds like a bug to me or at least is not compatible with the
>>> latest versions.
>>> What does the community think? Should I file a bug?
>>>
>>>
>>>
>>> The second one although not solved yet I believe is coming from the
>>> incorrect usage of "metadata_shared_secret" but I am not quiet sure
>>> yet how to make it work.
>>>
>>> I would really like some help here people......
>>>
>>> Looking forward for your answers and help.
>>>
>>> All the best,
>>>
>>>
>>> G.
>>>
>>>
>>>> Furthermore,
>>>>
>>>> now all my instances FAIL to get their metadata!
>>>>
>>>> This is the error in "ec2-metadata-api.log"
>>>>
>>>>
>>>> 2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata [-]
>>>> X-Instance-ID-Signature:
>>>> b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62 
>>>> does
>>>> not match the expected value:
>>>> 5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc 
>>>> for
>>>> id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From: 
>>>> 172.16.1.11
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-] Unexpected 
>>>> error.
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata Traceback 
>>>> (most
>>>> recent call last):
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
>>>> 90,
>>>> in __call__
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata requester =
>>>> self._get_requester(req)
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
>>>> 182,
>>>> in _get_requester
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>> self._unpack_neutron_request(req))
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
>>>> 223,
>>>> in _unpack_neutron_request
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>> self._validate_signature(signature, os_instance_id, remote_ip)
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
>>>> 263,
>>>> in _validate_signature
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata     raise
>>>> webob.exc.HTTPForbidden(explanation=msg)
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata HTTPForbidden:
>>>> Invalid proxy request signature.
>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>> 2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
>>>> 10.140.6.181 GET /2009-04-04/meta-data/instance-id None 500
>>>> [Python-httplib2/0.9.2 (gzip)] text/plain text/plain
>>>> 2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
>>>> 172.16.1.11,10.140.6.181 "GET /2009-04-04/meta-data/instance-id
>>>> HTTP/1.1" status: 500 len: 229 time: 0.0022879
>>>>
>>>>
>>>>
>>>> while in the Dashboard LOG I see:
>>>>
>>>> checking http://169.254.169.254/2009-04-04/instance-id
>>>> failed 1/20: up 0.81. request failed
>>>> failed 2/20: up 3.05. request failed
>>>> failed 3/20: up 5.25. request failed
>>>> failed 4/20: up 7.27. request failed
>>>> failed 5/20: up 9.49. request failed
>>>> failed 6/20: up 11.51. request failed
>>>> failed 7/20: up 13.54. request failed
>>>> failed 8/20: up 15.92. request failed
>>>> failed 9/20: up 17.94. request failed
>>>> failed 10/20: up 20.36. request failed
>>>> failed 11/20: up 22.69. request failed
>>>> failed 12/20: up 24.72. request failed
>>>> failed 13/20: up 26.97. request failed
>>>> failed 14/20: up 29.00. request failed
>>>> failed 15/20: up 31.25. request failed
>>>> failed 16/20: up 33.57. request failed
>>>> failed 17/20: up 35.73. request failed
>>>> failed 18/20: up 38.00. request failed
>>>> failed 19/20: up 40.21. request failed
>>>> failed 20/20: up 42.54. request failed
>>>> failed to read iid from metadata. tried 20
>>>> no results found for mode=net. up 44.98. searched: nocloud 
>>>> configdrive ec2
>>>> failed to get instance-id of datasource
>>>>
>>>>
>>>> Could you please help??
>>>>
>>>>
>>>> Regards,
>>>>
>>>> George
>>>>
>>>>
>>>>> Hello,
>>>>>
>>>>> I desperately need your help in order to set up EC2-API in Ocata.
>>>>>
>>>>> I have installed and started the services but I am not sure how 
>>>>> to
>>>>> configure the endpoints since the manual is refering to ports as 
>>>>> XXXX
>>>>> and to version as Y.
>>>>>
>>>>> I have guessed that these are XXXX=8788 and Y=2 but without 
>>>>> success.
>>>>>
>>>>>
>>>>> When I am trying to check the configuration I am getting this:
>>>>>
>>>>> # aws --endpoint-url http://controller:8788 ec2 describe-images
>>>>>
>>>>> An error occurred (AuthFailure) when calling the DescribeImages
>>>>> operation: Not Found
>>>>>
>>>>>
>>>>> I am 100% that the /root/.aws/config file has the correct 
>>>>> credentials.
>>>>>
>>>>>
>>>>> In the logs there aren't any information worthing except this:
>>>>>
>>>>> 2017-03-18 20:26:44.299 6717 INFO ec2api.api [-] 0.18514s
>>>>> 10.140.6.181 POST / None 404 [aws-cli/1.11.63 Python/2.7.5
>>>>> Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
>>>>> application/x-www-form-urlencoded text/xml
>>>>> 2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-] 
>>>>> 10.140.6.181
>>>>> "POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572
>>>>>
>>>>>
>>>>> I desperately looking for your help...So please help!
>>>>>
>>>>>
>>>>> Best regards,
>>>>>
>>>>>
>>>>> George
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list: 
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>> Post to     : openstack at lists.openstack.org
>>>>> Unsubscribe : 
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>
>>>> _______________________________________________
>>>> Mailing list: 
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> Post to     : openstack at lists.openstack.org
>>>> Unsubscribe : 
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>
>>>
>>>
>>> _______________________________________________
>>> Mailing list: 
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>> Post to     : openstack at lists.openstack.org
>>> Unsubscribe : 
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>
>>
>> _______________________________________________
>> Mailing list: 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
>
> _______________________________________________
> Mailing list: 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

More information about the Openstack mailing list