[Openstack] EC2-API in Ocata - Help wanted

Georgios Dimitrakakis giorgis at acmac.uoc.gr
Sun Mar 19 22:27:35 UTC 2017 

 Just to post an update.

 These are two different issues.

 The first one

 # aws --endpoint-url http://controller:8788 ec2 describe-images

 An error occurred (AuthFailure) when calling the DescribeImages
 operation: Not Found


 was because of this line

 keystone_ec2_tokens_url = 
 http://nefelus-controller:35357/v3/v3/ec2token

 in the "ec2api.conf" file.

 Obviously they shouldn't be two "v3" there.

 This is coming from the "install.sh" script because of this:

 iniset $CONF_FILE DEFAULT keystone_ec2_tokens_url 
 "$OS_AUTH_URL/v3/ec2tokens"


 but in the new versions of OpenStack (I am on Ocata) the recommended 
 way for "admin.rc" is to have

 OS_AUTH_URL=http://controller:35357/v3

 So there is already a "v3" plus another from "install.sh" you have two.

 This sounds like a bug to me or at least is not compatible with the 
 latest versions.
 What does the community think? Should I file a bug?



 The second one although not solved yet I believe is coming from the 
 incorrect usage of "metadata_shared_secret" but I am not quiet sure yet 
 how to make it work.

 I would really like some help here people......

 Looking forward for your answers and help.

 All the best,


 G.


> Furthermore,
>
> now all my instances FAIL to get their metadata!
>
> This is the error in "ec2-metadata-api.log"
>
>
> 2017-03-19 17:04:16.689 13635 WARNING ec2api.metadata [-]
> X-Instance-ID-Signature:
> b80302f1bd7d744c40cabc35908d8f70f49093d5cd07763cdd769d90b925db62 does
> not match the expected value:
> 5188ed2e0813d6cfc007ed8695c8684ba2bbd18ee3e4376187f2ba82d17297dc for
> id: 2d632701-7ae7-45cc-9cdd-9cea382b3342. Request From: 172.16.1.11
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata [-] Unexpected 
> error.
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata Traceback (most
> recent call last):
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 90,
> in __call__
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata     requester =
> self._get_requester(req)
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
> 182,
> in _get_requester
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> self._unpack_neutron_request(req))
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
> 223,
> in _unpack_neutron_request
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> self._validate_signature(signature, os_instance_id, remote_ip)
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata   File
> "/home/giorgis/EC2-GIT/ec2-api/ec2api/metadata/__init__.py", line 
> 263,
> in _validate_signature
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata     raise
> webob.exc.HTTPForbidden(explanation=msg)
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata HTTPForbidden:
> Invalid proxy request signature.
> 2017-03-19 17:04:16.690 13635 ERROR ec2api.metadata
> 2017-03-19 17:04:16.691 13635 INFO ec2api.api [-] 0.1595s
> 10.140.6.181 GET /2009-04-04/meta-data/instance-id None 500
> [Python-httplib2/0.9.2 (gzip)] text/plain text/plain
> 2017-03-19 17:04:16.691 13635 INFO ec2api.wsgi.server [-]
> 172.16.1.11,10.140.6.181 "GET /2009-04-04/meta-data/instance-id
> HTTP/1.1" status: 500 len: 229 time: 0.0022879
>
>
>
> while in the Dashboard LOG I see:
>
> checking http://169.254.169.254/2009-04-04/instance-id
> failed 1/20: up 0.81. request failed
> failed 2/20: up 3.05. request failed
> failed 3/20: up 5.25. request failed
> failed 4/20: up 7.27. request failed
> failed 5/20: up 9.49. request failed
> failed 6/20: up 11.51. request failed
> failed 7/20: up 13.54. request failed
> failed 8/20: up 15.92. request failed
> failed 9/20: up 17.94. request failed
> failed 10/20: up 20.36. request failed
> failed 11/20: up 22.69. request failed
> failed 12/20: up 24.72. request failed
> failed 13/20: up 26.97. request failed
> failed 14/20: up 29.00. request failed
> failed 15/20: up 31.25. request failed
> failed 16/20: up 33.57. request failed
> failed 17/20: up 35.73. request failed
> failed 18/20: up 38.00. request failed
> failed 19/20: up 40.21. request failed
> failed 20/20: up 42.54. request failed
> failed to read iid from metadata. tried 20
> no results found for mode=net. up 44.98. searched: nocloud 
> configdrive ec2
> failed to get instance-id of datasource
>
>
> Could you please help??
>
>
> Regards,
>
> George
>
>
>> Hello,
>>
>> I desperately need your help in order to set up EC2-API in Ocata.
>>
>> I have installed and started the services but I am not sure how to
>> configure the endpoints since the manual is refering to ports as 
>> XXXX
>> and to version as Y.
>>
>> I have guessed that these are XXXX=8788 and Y=2 but without success.
>>
>>
>> When I am trying to check the configuration I am getting this:
>>
>> # aws --endpoint-url http://controller:8788 ec2 describe-images
>>
>> An error occurred (AuthFailure) when calling the DescribeImages
>> operation: Not Found
>>
>>
>> I am 100% that the /root/.aws/config file has the correct 
>> credentials.
>>
>>
>> In the logs there aren't any information worthing except this:
>>
>> 2017-03-18 20:26:44.299 6717 INFO ec2api.api [-] 0.18514s
>> 10.140.6.181 POST / None 404 [aws-cli/1.11.63 Python/2.7.5
>> Linux/3.10.0-514.10.2.el7.x86_64 botocore/1.5.26]
>> application/x-www-form-urlencoded text/xml
>> 2017-03-18 20:26:44.300 6717 INFO ec2api.wsgi.server [-] 
>> 10.140.6.181
>> "POST / HTTP/1.1" status: 404 len: 298 time: 0.0193572
>>
>>
>> I desperately looking for your help...So please help!
>>
>>
>> Best regards,
>>
>>
>> George
>>
>> _______________________________________________
>> Mailing list: 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>> Post to     : openstack at lists.openstack.org
>> Unsubscribe : 
>> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
>
> _______________________________________________
> Mailing list: 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack
> Post to     : openstack at lists.openstack.org
> Unsubscribe : 
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack

More information about the Openstack mailing list