[one-users] Strange behavior of ONE + EC2 API when using port forwaring
Christian Baun
cray at unix-ag.uni-kl.de
Thu Aug 12 07:25:45 PDT 2010
Hi,
I try using the EC2 API with boto[1], a Python interface to Amazon Web Services.
The oned and econe server are up an running.
When I try to access the econe server via Port 4567, it is working without problems. I send a request for a list of instances and econe-server.log says:
84.161.122.172 - - [12/Aug/2010 16:17:30] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A17%3A31&Version=2010-06-15&Signature=t9jOxhD3TYAmNCzDpuuFrsSDQ2BItvzDdJjNxGdoye8%3D HTTP/1.1" 200 1335 0.0377
It simply works.
The problem: For several reasons I need access to ONE via the EC2 API over port 8188.
I did a port forwarding via:
iptables -I INPUT -p tcp --dport 8188 -j ACCEPT
iptables -I PREROUTING -t nat -i eth0 -p tcp --dport 8188 -j REDIRECT --to-port 4567
the econe server can now be reached via 8188:
telnet 141.52.167.35 8188
Trying 141.52.167.35...
Connected to 141.52.167.35.
Escape character is '^]'.
But when I send a request for a list of instances, the result is:
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
and econe-server.log says:
84.161.122.172 - - [12/Aug/2010 16:20:24] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A20%3A25&Version=2010-06-15&Signature=DRA%2BiKREW2MFyARp%2Bxk3JWKrFBFFnJldRISauZ%2Bz6cc%3D HTTP/1.1" 400 139 0.0042
Is this a known issue?
The econe.conf has this values:
ONE_XMLRPC=http://localhost:2633/RPC2
SERVER=141.52.167.35
PORT=4567
VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
USER=...
PASSWORD=...
IMAGE_DIR=/srv/cloud/images
When I change in econe.conf to Port 8188 and the server vaule to a FQDN the econe server is not starting. These are the only vaules that allow me to start the econe server.
Any ideas?
Thanks in advance for any help
Christian
[1] http://code.google.com/p/boto/
More information about the Users
mailing list