[Openstack] {Disarmed} Re: EC2-API in Ocata - Help wanted

Georgios Dimitrakakis giorgis at acmac.uoc.gr
Tue Apr 18 07:23:28 UTC 2017


 Adding list as well..

> Hello Anastasia!
>
> Yes, 'nova list' is fast and I 've already given the requested
> information by replying to Jay's post.
>
> Jay asked someone from the the EC2 API team to look at it but so far
> no one has appeared...
>
> Best,
>
> G.
>
>> Hello Georgios,
>>
>> We’ll update the doc in the near future.
>>
>> Did you see the question of Jay Pipes in the thread about slow
>> performance? Did you try to run ’nova list’ and compare the time?
>>
>> Thank you
>>
>> Best regards,
>> Anastasia Kravets
>>
>>> Hello Alexandre,
>>>
>>> thank you very much for your time. I have a rough guide of what I
>>> did in order to have it working in case you need it to update the
>>> docs so please let me know if I can be of any assistance.
>>>
>>> By the way could you please check the following thread and let me
>>> know if you have any idea?
>>>
>>>
>> 
>> http://lists.openstack.org/pipermail/openstack/2017-March/018972.html
>>> [21]
>>>
>>> All the best,
>>>
>>> G.
>>>
>>>> Thank you Georgios,
>>>>
>>>> We'll definitely update the doc. We were away all of us so
>>>> couldn't
>>>> help you with your initial problems. Glad you'd figured them out.
>>>> Sorry about your troubles.
>>>>
>>>> Best regards,
>>>> Alex Levine
>>>>
>>>> On 4/1/17 12:00 PM, Georgios Dimitrakakis wrote:
>>>>
>>>>> For people dealing with the same problem I was able to overcome
>>>>> the problem by installing the "openstack-ec2-api" package from
>>>>> the centos-openstack-ocata repository.
>>>>>
>>>>> Although the binaries were exactly the same as mine (did a
>>>>> checksum) installing the package revealed a much more detailed
>>>>> configuration file, which helped a lot.
>>>>>
>>>>> In there I found that the "metadata_shared_secret" should be
>>>>> under the "[metadata]" section instead of just putting it in the
>>>>> default as I was doing since there was no configuration.
>>>>>
>>>>> I believe that the documentation on EC2-API should be
>>>>> definitely updated for two reasons: 1) To instruct users to
>>>>> install the available package instead of letting them to build
>>>>> everything manually and 2) To inform them on the settings that
>>>>> should be present in the configuration file in order for it to
>>>>> work with the current OpenStack specifications and requirements.
>>>>>
>>>>> Regards,
>>>>>
>>>>> G.
>>>>>
>>>>> On Mon, 20 Mar 2017 00:27:35 +0200, Georgios Dimitrakakis
>>>>> wrote:
>>>>>
>>>>>> Just to post an update.
>>>>>>
>>>>>> These are two different issues.
>>>>>>
>>>>>> The first one
>>>>>>
>>>>>> # aws --endpoint-url http://controller:8788 [9] ec2
>>>>>> describe-images
>>>>>>
>>>>>> An error occurred (AuthFailure) when calling the
>>>>>> DescribeImages
>>>>>> operation: Not Found
>>>>>>
>>>>>> was because of this line
>>>>>>
>>>>>> keystone_ec2_tokens_url =
>>>>>> http://nefelus-controller:35357/v3/v3/ec2token [10]
>>>>>>
>>>>>> in the "ec2api.conf" file.
>>>>>>
>>>>>> Obviously they shouldn't be two "v3" there.
>>>>>>
>>>>>> This is coming from the "install.sh" script because of this:
>>>>>>
>>>>>> iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url
>>>>>> "$OS_AUTH_URL/v3/ec2tokens"
>>>>>>
>>>>>> but in the new versions of OpenStack (I am on Ocata) the
>>>>>> recommended
>>>>>> way for "admin.rc" is to have
>>>>>>
>>>>>> OS_AUTH_URL=http://controller:35357/v3 [11]
>>>>>>
>>>>>> So there is already a "v3" plus another from "install.sh" you
>>>>>> have two.
>>>>>>
>>>>>> This sounds like a bug to me or at least is not compatible
>>>>>> with the
>>>>>> latest versions.
>>>>>> What does the community think? Should I file a bug?
>>>>>>
>>>>>> The second one although not solved yet I believe is coming
>>>>>> from the
>>>>>> incorrect usage of "metadata_shared_secret" but I am not
>>>>>> quiet sure
>>>>>> yet how to make it work.
>>>>>>
>>>>>> I would really like some help here people......
>>>>>>
>>>>>> Looking forward for your answers and help.
>>>>>>
>>>>>> All the best,
>>>>>>
>>>>>> G.
>>>>>>
>>>>>>> Furthermore,
>>>>>>>
>>>>>>> now all my instances FAIL to get their metadata!
>>>>>>>
>>>>>>> This is the error in "ec2-metadata-api.log"
>>>>>>>
>>>>>>> 2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata [-]
>>>>>>> X-Instance-ID-Signature:
>>>>>>>
>>>>>>
>>>>> b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62
>>>>>>> does
>>>>>>> not match the expected value:
>>>>>>>
>>>>>>
>>>>> 5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc
>>>>>>> for
>>>>>>> id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From:
>>>>>>> 172.16.1.11
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-]
>>>>>>> Unexpected error.
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> Traceback (most
>>>>>>> recent call last):
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>> line 90,
>>>>>>> in __call__
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> requester =
>>>>>>> self._get_requester(req)
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>> line 182,
>>>>>>> in _get_requester
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> self._unpack_neutron_request(req))
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>> line 223,
>>>>>>> in _unpack_neutron_request
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> self._validate_signature(signature, os_instance_id,
>>>>>>> remote_ip)
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>> line 263,
>>>>>>> in _validate_signature
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata raise
>>>>>>> webob.exc.HTTPForbidden(explanation=msg)
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> HTTPForbidden:
>>>>>>> Invalid proxy request signature.
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> 2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
>>>>>>> 10.140.6.181 GET /2009-04-04/meta-data/instance-id None 500
>>>>>>> [Python-httplib2/0.9.2 (gzip)] text/plain text/plain
>>>>>>> 2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
>>>>>>> 172.16.1.11,10.140.6.181 "GET
>>>>>>> /2009-04-04/meta-data/instance-id
>>>>>>> HTTP/1.1" status: 500 len: 229 time: 0.0022879
>>>>>>>
>>>>>>> while in the Dashboard LOG I see:
>>>>>>>
>>>>>>> checking MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN
>>>>>>> MALICIOUS: http://169.254.169.254/2009-04-04/instance-id [5]
>>>>>>> failed 1/20: up 0.81. request failed
>>>>>>> failed 2/20: up 3.05. request failed
>>>>>>> failed 3/20: up 5.25. request failed
>>>>>>> failed 4/20: up 7.27. request failed
>>>>>>> failed 5/20: up 9.49. request failed
>>>>>>> failed 6/20: up 11.51. request failed
>>>>>>> failed 7/20: up 13.54. request failed
>>>>>>> failed 8/20: up 15.92. request failed
>>>>>>> failed 9/20: up 17.94. request failed
>>>>>>> failed 10/20: up 20.36. request failed
>>>>>>> failed 11/20: up 22.69. request failed
>>>>>>> failed 12/20: up 24.72. request failed
>>>>>>> failed 13/20: up 26.97. request failed
>>>>>>> failed 14/20: up 29.00. request failed
>>>>>>> failed 15/20: up 31.25. request failed
>>>>>>> failed 16/20: up 33.57. request failed
>>>>>>> failed 17/20: up 35.73. request failed
>>>>>>> failed 18/20: up 38.00. request failed
>>>>>>> failed 19/20: up 40.21. request failed
>>>>>>> failed 20/20: up 42.54. request failed
>>>>>>> failed to read iid from metadata. tried 20
>>>>>>> no results found for mode=net. up 44.98. searched: nocloud
>>>>>>> configdrive ec2
>>>>>>> failed to get instance-id of datasource
>>>>>>>
>>>>>>> Could you please help??
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> George
>>>>>>>
>>>>>>>> Hello,
>>>>>>>>
>>>>>>>> I desperately need your help in order to set up EC2-API
>>>>>>>> in Ocata.
>>>>>>>>
>>>>>>>> I have installed and started the services but I am not
>>>>>>>> sure how to
>>>>>>>> configure the endpoints since the manual is refering to
>>>>>>>> ports as XXXX
>>>>>>>> and to version as Y.
>>>>>>>>
>>>>>>>> I have guessed that these are XXXX=8788 and Y=2 but
>>>>>>>> without success.
>>>>>>>>
>>>>>>>> When I am trying to check the configuration I am getting
>>>>>>>> this:
>>>>>>>>
>>>>>>>> # aws --endpoint-url http://controller:8788 [1] ec2
>>>>>>>> describe-images
>>>>>>>>
>>>>>>>> An error occurred (AuthFailure) when calling the
>>>>>>>> DescribeImages
>>>>>>>> operation: Not Found
>>>>>>>>
>>>>>>>> I am 100% that the /root/.aws/config file has the correct
>>>>>>>> credentials.
>>>>>>>>
>>>>>>>> In the logs there aren't any information worthing except
>>>>>>>> this:
>>>>>>>>
>>>>>>>> 2017-03-18 20:26:44.299 6717 INFO ec2api.api [-] 0.18514s
>>>>>>>> 10.140.6.181 POST / None 404 [aws-cli/1.11.63
>>>>>>>> Python/2.7.5
>>>>>>>> Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
>>>>>>>> application/x-www-form-urlencoded text/xml
>>>>>>>> 2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-]
>>>>>>>> 10.140.6.181
>>>>>>>> "POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572
>>>>>>>>
>>>>>>>> I desperately looking for your help...So please help!
>>>>>>>>
>>>>>>>> Best regards,
>>>>>>>>
>>>>>>>> George
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Mailing list:
>>>>>>>>
>>>>>>>
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>>> [2]
>>>>>>>> Post to : openstack at lists.openstack.org [3]
>>>>>>>> Unsubscribe :
>>>>>>>>
>>>>>>>
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>>> [4]
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Mailing list:
>>>>>>>
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>> [6]
>>>>>>> Post to : openstack at lists.openstack.org [7]
>>>>>>> Unsubscribe :
>>>>>>>
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>> [8]
>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list:
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>> [12]
>>>>>> Post to : openstack at lists.openstack.org [13]
>>>>>> Unsubscribe :
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>> [14]
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list:
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>> [15]
>>>>> Post to : openstack at lists.openstack.org [16]
>>>>> Unsubscribe :
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>> [17]
>>>>
>>>> _______________________________________________
>>>> Mailing list:
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [18]
>>>> Post to : openstack at lists.openstack.org [19]
>>>> Unsubscribe :
>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [20]
>>>
>>> _______________________________________________
>>> Mailing list:
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [22]
>>> Post to : openstack at lists.openstack.org [23]
>>> Unsubscribe :
>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack [24]
>>
>>
>>
>> Links:
>> ------
>> [1] http://controller:8788/
>> [2] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [3] mailto:openstack at lists.openstack.org
>> [4] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [5] http://169.254.169.254/2009-04-04/instance-id
>> [6] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [7] mailto:openstack at lists.openstack.org
>> [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [9] http://controller:8788/
>> [10] http://nefelus-controller:35357/v3/v3/ec2token
>> [11] http://controller:35357/v3
>> [12] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [13] mailto:openstack at lists.openstack.org
>> [14] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [15] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [16] mailto:openstack at lists.openstack.org
>> [17] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [18] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [19] mailto:openstack at lists.openstack.org
>> [20] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [21] 
>> http://lists.openstack.org/pipermail/openstack/2017-March/018972.html
>> [22] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [23] mailto:openstack at lists.openstack.org
>> [24] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack






More information about the Openstack mailing list