[Openstack] {Disarmed} Re: {Disarmed} Re: EC2-API in Ocata - Help wanted
Andrey Pavlov
andrey.mp at gmail.com
Fri Apr 21 06:12:12 UTC 2017
Also it will be very helpful for us if you describe the cloud where this
happens.
How many projects/users. How many instances at all and in the tenant where
you try to list it. How many networks/subnets/ports.
Regards,
Andrey.
On Thu, Apr 20, 2017 at 11:50 PM, Georgios Dimitrakakis <
giorgis at acmac.uoc.gr> wrote:
> Hello,
>
> I will try to provide you with the logs in the next few days...
>
> Best,
>
> G.
>
> Hello Georgios,
>>
>> We will test it on our site, but for more careful investigations could
>> you please turn on debug = True in ec2api.conf and send us the ec2api
>> logs during problem.
>> Any additional information you can provide is welcome.
>>
>> Thank you,
>>
>> BR,
>> Anastasia
>>
>> On 18 Apr 2017, at 10:22, Georgios Dimitrakakis wrote:
>>>
>>> Hello Anastasia!
>>>
>>> Yes, 'nova list' is fast and I 've already given the requested
>>> information by replying to Jay's post.
>>>
>>> Jay asked someone from the the EC2 API team to look at it but so far
>>> no one has appeared...
>>>
>>> Best,
>>>
>>> G.
>>>
>>> Hello Georgios,
>>>>
>>>> We’ll update the doc in the near future.
>>>>
>>>> Did you see the question of Jay Pipes in the thread about slow
>>>> performance? Did you try to run ’nova list’ and compare the
>>>> time?
>>>>
>>>> Thank you
>>>>
>>>> Best regards,
>>>> Anastasia Kravets
>>>>
>>>> Hello Alexandre,
>>>>>
>>>>> thank you very much for your time. I have a rough guide of what
>>>>> I
>>>>> did in order to have it working in case you need it to update
>>>>> the
>>>>> docs so please let me know if I can be of any assistance.
>>>>>
>>>>> By the way could you please check the following thread and let
>>>>> me
>>>>> know if you have any idea?
>>>>>
>>>>
>>>>
>>> http://lists.openstack.org/pipermail/openstack/2017-March/018972.html
>>
>>> [19]
>>>>
>>>> [21]
>>>>>
>>>>> All the best,
>>>>>
>>>>> G.
>>>>>
>>>>> Thank you Georgios,
>>>>>>
>>>>>> We'll definitely update the doc. We were away all of us so
>>>>>> couldn't
>>>>>> help you with your initial problems. Glad you'd figured them
>>>>>> out.
>>>>>> Sorry about your troubles.
>>>>>>
>>>>>> Best regards,
>>>>>> Alex Levine
>>>>>>
>>>>>> On 4/1/17 12:00 PM, Georgios Dimitrakakis wrote:
>>>>>>
>>>>>> For people dealing with the same problem I was able to
>>>>>>> overcome
>>>>>>> the problem by installing the "openstack-ec2-api" package
>>>>>>> from
>>>>>>> the centos-openstack-ocata repository.
>>>>>>>
>>>>>>> Although the binaries were exactly the same as mine (did a
>>>>>>> checksum) installing the package revealed a much more
>>>>>>> detailed
>>>>>>> configuration file, which helped a lot.
>>>>>>>
>>>>>>> In there I found that the "metadata_shared_secret" should be
>>>>>>> under the "[metadata]" section instead of just putting it in
>>>>>>> the
>>>>>>> default as I was doing since there was no configuration.
>>>>>>>
>>>>>>> I believe that the documentation on EC2-API should be
>>>>>>> definitely updated for two reasons: 1) To instruct users to
>>>>>>> install the available package instead of letting them to
>>>>>>> build
>>>>>>> everything manually and 2) To inform them on the settings
>>>>>>> that
>>>>>>> should be present in the configuration file in order for it
>>>>>>> to
>>>>>>> work with the current OpenStack specifications and
>>>>>>> requirements.
>>>>>>>
>>>>>>> Regards,
>>>>>>>
>>>>>>> G.
>>>>>>>
>>>>>>> On Mon, 20 Mar 2017 00:27:35 +0200, Georgios Dimitrakakis
>>>>>>> wrote:
>>>>>>>
>>>>>>> Just to post an update.
>>>>>>>>
>>>>>>>> These are two different issues.
>>>>>>>>
>>>>>>>> The first one
>>>>>>>>
>>>>>>>> # aws --endpoint-url http://controller:8788 [1] [9] ec2
>>>>>>>> describe-images
>>>>>>>>
>>>>>>>> An error occurred (AuthFailure) when calling the
>>>>>>>> DescribeImages
>>>>>>>> operation: Not Found
>>>>>>>>
>>>>>>>> was because of this line
>>>>>>>>
>>>>>>>> keystone_ec2_tokens_url =
>>>>>>>> http://nefelus-controller:35357/v3/v3/ec2token [2] [10]
>>>>>>>>
>>>>>>>> in the "ec2api.conf" file.
>>>>>>>>
>>>>>>>> Obviously they shouldn't be two "v3" there.
>>>>>>>>
>>>>>>>> This is coming from the "install.sh" script because of
>>>>>>>> this:
>>>>>>>>
>>>>>>>> iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url
>>>>>>>> "$OS_AUTH_URL/v3/ec2tokens"
>>>>>>>>
>>>>>>>> but in the new versions of OpenStack (I am on Ocata) the
>>>>>>>> recommended
>>>>>>>> way for "admin.rc" is to have
>>>>>>>>
>>>>>>>> OS_AUTH_URL=http://controller:35357/v3 [3] [11]
>>>>>>>>
>>>>>>>> So there is already a "v3" plus another from "install.sh"
>>>>>>>> you
>>>>>>>> have two.
>>>>>>>>
>>>>>>>> This sounds like a bug to me or at least is not compatible
>>>>>>>> with the
>>>>>>>> latest versions.
>>>>>>>> What does the community think? Should I file a bug?
>>>>>>>>
>>>>>>>> The second one although not solved yet I believe is coming
>>>>>>>> from the
>>>>>>>> incorrect usage of "metadata_shared_secret" but I am not
>>>>>>>> quiet sure
>>>>>>>> yet how to make it work.
>>>>>>>>
>>>>>>>> I would really like some help here people......
>>>>>>>>
>>>>>>>> Looking forward for your answers and help.
>>>>>>>>
>>>>>>>> All the best,
>>>>>>>>
>>>>>>>> G.
>>>>>>>>
>>>>>>>> Furthermore,
>>>>>>>>>
>>>>>>>>> now all my instances FAIL to get their metadata!
>>>>>>>>>
>>>>>>>>> This is the error in "ec2-metadata-api.log"
>>>>>>>>>
>>>>>>>>> 2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata
>>>>>>>>> [-]
>>>>>>>>> X-Instance-ID-Signature:
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62
>>>>>
>>>>>>
>>>>>>> does
>>>>>>>>> not match the expected value:
>>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>> 5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc
>>>>>
>>>>>> for
>>>>>>> id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From:
>>>>>>> 172.16.1.11
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-]
>>>>>>> Unexpected error.
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> Traceback (most
>>>>>>> recent call last):
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>> line 90,
>>>>>>> in __call__
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>> requester =
>>>>>>> self._get_requester(req)
>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2
>>>>>>>
>>>>>>> ome/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>>> line 182,
>>>>>>>> in _get_requester
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>>> self._unpack_neutron_request(req))
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>>>
>>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>>
>>>>>>>> line 223,
>>>>>>>> in _unpack_neutron_request
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>>> self._validate_signature(signature, os_instance_id,
>>>>>>>> remote_ip)
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata File
>>>>>>>>
>>>>>>>> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py",
>>>>>>>
>>>>>>>> line 263,
>>>>>>>> in _validate_signature
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata raise
>>>>>>>> webob.exc.HTTPForbidden(explanation=msg)
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>>> HTTPForbidden:
>>>>>>>> Invalid proxy request signature.
>>>>>>>> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
>>>>>>>> 2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
>>>>>>>> 10.140.6.181 GET /2009-04-04/meta-data/instance-id None
>>>>>>>> 500
>>>>>>>> [Python-httplib2/0.9.2 (gzip)] text/plain text/plain
>>>>>>>> 2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
>>>>>>>> 172.16.1.11,10.140.6.181 "GET
>>>>>>>> /2009-04-04/meta-data/instance-id
>>>>>>>> HTTP/1.1" status: 500 len: 229 time: 0.0022879
>>>>>>>>
>>>>>>>> while in the Dashboard LOG I see:
>>>>>>>>
>>>>>>>> checking MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN
>>>>>>>> MALICIOUS: MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN
>>>>>>>> MALICIOUS: http://169.254.169.254/2009-04-04/instance-id
>>>>>>>> [7] [5]
>>>>>>>> failed 1/20: up 0.81. request failed
>>>>>>>> failed 2/20: up 3.05. request failed
>>>>>>>> failed 3/20: up 5.25. request failed
>>>>>>>> failed 4/20: up 7.27. request failed
>>>>>>>> failed 5/20: up 9.49. request failed
>>>>>>>> failed 6/20: up 11.51. request failed
>>>>>>>> failed 7/20: up 13.54. request failed
>>>>>>>> failed 8/20: up 15.92. request failed
>>>>>>>> failed 9/20: up 17.94. request failed
>>>>>>>> failed 10/20: up 20.36. request failed
>>>>>>>> failed 11/20: up 22.69. request failed
>>>>>>>> failed 12/20: up 24.72. request failed
>>>>>>>> failed 13/20: up 26.97. request failed
>>>>>>>> failed 14/20: up 29.00. request failed
>>>>>>>> failed 15/20: up 31.25. request failed
>>>>>>>> failed 16/20: up 33.57. request failed
>>>>>>>> failed 17/20: up 35.73. request failed
>>>>>>>> failed 18/20: up 38.00. request failed
>>>>>>>> failed 19/20: up 40.21. request failed
>>>>>>>> failed 20/20: up 42.54. request failed
>>>>>>>> failed to read iid from metadata. tried 20
>>>>>>>> no results found for mode=net. up 44.98. searched: nocloud
>>>>>>>> configdrive ec2
>>>>>>>> failed to get instance-id of datasource
>>>>>>>>
>>>>>>>> Could you please help??
>>>>>>>>
>>>>>>>> Regards,
>>>>>>>>
>>>>>>>> George
>>>>>>>>
>>>>>>>> Hello,
>>>>>>>>>
>>>>>>>>> I desperately need your help in order to set up EC2-API
>>>>>>>>> in Ocata.
>>>>>>>>>
>>>>>>>>> I have installed and started the services but I am not
>>>>>>>>> sure how to
>>>>>>>>> configure the endpoints since the manual is refering to
>>>>>>>>> ports as XXXX
>>>>>>>>> and to version as Y.
>>>>>>>>>
>>>>>>>>> I have guessed that these are XXXX=8788 and Y=2 but
>>>>>>>>> without success.
>>>>>>>>>
>>>>>>>>> When I am trying to check the configuration I am getting
>>>>>>>>> this:
>>>>>>>>>
>>>>>>>>> # aws --endpoint-url http://controller:8788 [4] [1] ec2
>>>>>>>>> describe-images
>>>>>>>>>
>>>>>>>>> An error occurred (AuthFailure) when calling the
>>>>>>>>> DescribeImages
>>>>>>>>> operation: Not Found
>>>>>>>>>
>>>>>>>>> I am 100% that the /root/.aws/config file has the
>>>>>>>>> correct
>>>>>>>>> credentials.
>>>>>>>>>
>>>>>>>>> In the logs there aren't any information worthing except
>>>>>>>>> this:
>>>>>>>>>
>>>>>>>>> 2017-03-18 20:26:44.299 6717 INFO ec2api.api [-]
>>>>>>>>> 0.18514s
>>>>>>>>> 10.140.6.181 POST / None 404 [aws-cli/1.11.63
>>>>>>>>> Python/2.7.5
>>>>>>>>> Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
>>>>>>>>> application/x-www-form-urlencoded text/xml
>>>>>>>>> 2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-]
>>>>>>>>> 10.140.6.181
>>>>>>>>> "POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572
>>>>>>>>>
>>>>>>>>> I desperately looking for your help...So please help!
>>>>>>>>>
>>>>>>>>> Best regards,
>>>>>>>>>
>>>>>>>>> George
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Mailing list:
>>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>
>>>>>>> [8]
>>>>>>>>
>>>>>>>> [2]
>>>>>>>>>> Post to : openstack at lists.openstack.org [5] [3]
>>>>>>>>>> Unsubscribe :
>>>>>>>>>>
>>>>>>>>>
>>>>>>>>
>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>
>>>>>>> [9]
>>>>>>>> [4]
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Mailing list:
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>
>>>>>>> [10]
>>>>>>>> [6]
>>>>>>>> Post to : openstack at lists.openstack.org [7]
>>>>>>>>
>>>>>>>>> Unsubscribe :
>>>>>>>>>
>>>>>>>> nstack.org/cgi-bin/mailman/listinfo/openstack"
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>> [8]
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Mailing list:
>>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listin
>>>>>>>>
>>>>>>>> Post to : openstack at lists.openstack.org [6] [13]
>>>>>>>>> Unsubscribe :
>>>>>>>>>
>>>>>>>> ack.org/cgi-bin/mailman/listinfo/openstack"
>>>>>>>>
>>>>>>>>
>>>>>>>
>>>>>>
>>>>>
>>>>
>>>
>> class="">http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>
>>> [14]
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Mailing list:
>>>>>>>> openstack at lists.openstack.org [11] [16]
>>>>>>>> Unsubscribe :
>>>>>>>>
>>>>>>>>
>>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>>
>>>>>>> [12]
>>>>>>>> [17]
>>>>>>>>
>>>>>>>
>>>>>> _______________________________________________
>>>>>> Mailing list:
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>> [13] [18]
>>>>>> Post to : openstack at lists.openstack.org [14] [19]
>>>>>> Unsubscribe :
>>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>>> [15] [20]
>>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Mailing list:
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>> [16] [22]
>>>>> Post to : openstack at lists.openstack.org [17] [23]
>>>>> Unsubscribe :
>>>>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>>> [18] [24]
>>>>>
>>>>
>>>> Links:
>>>> ------
>>>> [1] http://controller:8788/ [20]
>>>> [2] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [21]
>>>> [3] mailto:openstack at lists.openstack.org [22]
>>>> [4] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [23]
>>>> [5] MAILSCANNER WARNING: NUMERICAL LINKS ARE OFTEN MALICIOUS:
>>>> http://169.254.169.254/2009-04-04/instance-id [24]
>>>> [6] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [25]
>>>> [7] mailto:openstack at lists.openstack.org [26]
>>>> [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [27]
>>>> [9] http://controller:8788/ [28]
>>>> [10] http://nefelus-controller:35357/v3/v3/ec2token [29]
>>>> [11] http://controller:35357/v3 [30]
>>>> [12] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [31]
>>>> [13] mailto:openstack at lists.openstack.org [32]
>>>> [14] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [33]
>>>> [15] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [34]
>>>> [16] mailto:openstack at lists.openstack.org [35]
>>>> [17] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [36]
>>>> [18] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [37]
>>>> [19] mailto:openstack at lists.openstack.org [38]
>>>> [20] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [39]
>>>> [21]
>>>>
>>>>
>>> http://lists.openstack.org/pipermail/openstack/2017-March/018972.html
>>
>>> [40]
>>>> [22] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [41]
>>>> [23] mailto:openstack at lists.openstack.org [42]
>>>> [24] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>>>> [43]
>>>>
>>>
>>
>>
>> Links:
>> ------
>> [1] http://controller:8788/
>> [2] http://nefelus-controller:35357/v3/v3/ec2token
>> [3] http://controller:35357/v3
>> [4] http://controller:8788/
>> [5] mailto:openstack at lists.openstack.org
>> [6] mailto:openstack at lists.openstack.org
>> [7] http://169.254.169.254/2009-04-04/instance-id
>> [8] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [9] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [10] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [11] http://lists<div>
>>
>> stinfo/openstack
>>>
>> </div>tp://lists.openstack.org/cgi-bin/mailman/listinfo/openstack</a>
>> [15]
>> Post to :<span class=
>> [12] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [13] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [14] mailto:openstack at lists.openstack.org
>> [15] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [16] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [17] mailto:openstack at lists.openstack.org
>> [18] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [19] http://lists.openstack.org/pipermail/openstack/2017-March/
>> 018972.html
>> [20] http://controller:8788/
>> [21] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [22] mailto:openstack at lists.openstack.org
>> [23] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [24] http://169.254.169.254/2009-04-04/instance-id
>> [25] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [26] mailto:openstack at lists.openstack.org
>> [27] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [28] http://controller:8788/
>> [29] http://nefelus-controller:35357/v3/v3/ec2token
>> [30] http://controller:35357/v3
>> [31] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [32] mailto:openstack at lists.openstack.org
>> [33] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [34] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [35] mailto:openstack at lists.openstack.org
>> [36] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [37] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [38] mailto:openstack at lists.openstack.org
>> [39] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [40] http://lists.openstack.org/pipermail/openstack/2017-March/
>> 018972.html
>> [41] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [42] mailto:openstack at lists.openstack.org
>> [43] http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> [44] mailto:giorgis at acmac.uoc.gr
>>
>
>
--
Kind regards,
Andrey Pavlov.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20170421/64a96f2d/attachment.html>
More information about the Openstack
mailing list