[one-users] Strange behavior of ONE + EC2 API when using port forwaring

Christian Baun cray at unix-ag.uni-kl.de
Thu Aug 12 07:25:45 PDT 2010


Hi,

I try using the EC2 API with boto[1], a Python interface to Amazon Web Services.  
The oned and econe server are up an running.

When I try to access the econe server via Port 4567, it is working without problems. I send a request for a list of instances and econe-server.log says:

84.161.122.172 - - [12/Aug/2010 16:17:30] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A17%3A31&Version=2010-06-15&Signature=t9jOxhD3TYAmNCzDpuuFrsSDQ2BItvzDdJjNxGdoye8%3D HTTP/1.1" 200 1335 0.0377

It simply works.

The problem: For several reasons I need access to ONE via the EC2 API over port 8188.

I did a port forwarding via:
iptables -I INPUT -p tcp --dport 8188 -j ACCEPT
iptables -I PREROUTING -t nat -i eth0 -p tcp --dport 8188 -j REDIRECT --to-port 4567

the econe server can now be reached via 8188:

telnet 141.52.167.35 8188
Trying 141.52.167.35...
Connected to 141.52.167.35.
Escape character is '^]'.

But when I send a request for a list of instances, the result is:

boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not authorized</Message></Error></Errors><RequestID>0</RequestID></Response>

and econe-server.log says:

84.161.122.172 - - [12/Aug/2010 16:20:24] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A20%3A25&Version=2010-06-15&Signature=DRA%2BiKREW2MFyARp%2Bxk3JWKrFBFFnJldRISauZ%2Bz6cc%3D HTTP/1.1" 400 139 0.0042

Is this a known issue? 

The econe.conf has this values:
ONE_XMLRPC=http://localhost:2633/RPC2
SERVER=141.52.167.35
PORT=4567
VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
USER=...
PASSWORD=...
IMAGE_DIR=/srv/cloud/images

When I change in econe.conf to Port 8188 and the server vaule to a FQDN the econe server is not starting. These are the only vaules that allow me to start the econe server.

Any ideas?

Thanks in advance for any help

	Christian

[1] http://code.google.com/p/boto/


More information about the Users mailing list