[one-users] Strange behavior of ONE + EC2 API when using port forwaring

Jaime Melis j.melis at fdi.ucm.es
Thu Aug 12 15:42:28 PDT 2010


Hi Christian,

the way authentication works is by creating a "canonical string" which
includes the server port and matching it with your connection parameters.
Therefore if the port of the client differs from the one of the server it
will probably fail.

Can you change line 77 of EC2QueryServer.rb:
@server_port=@config[:port] => @server_port=8188

Can you test that? If that works we could create a fix using environment
variables.

Regards,
Jaime



On Thu, Aug 12, 2010 at 4:25 PM, Christian Baun <cray at unix-ag.uni-kl.de>wrote:

> Hi,
>
> I try using the EC2 API with boto[1], a Python interface to Amazon Web
> Services.
> The oned and econe server are up an running.
>
> When I try to access the econe server via Port 4567, it is working without
> problems. I send a request for a list of instances and econe-server.log
> says:
>
> 84.161.122.172 - - [12/Aug/2010 16:17:30] "GET
> /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A17%3A31&Version=2010-06-15&Signature=t9jOxhD3TYAmNCzDpuuFrsSDQ2BItvzDdJjNxGdoye8%3D
> HTTP/1.1" 200 1335 0.0377
>
> It simply works.
>
> The problem: For several reasons I need access to ONE via the EC2 API over
> port 8188.
>
> I did a port forwarding via:
> iptables -I INPUT -p tcp --dport 8188 -j ACCEPT
> iptables -I PREROUTING -t nat -i eth0 -p tcp --dport 8188 -j REDIRECT
> --to-port 4567
>
> the econe server can now be reached via 8188:
>
> telnet 141.52.167.35 8188
> Trying 141.52.167.35...
> Connected to 141.52.167.35.
> Escape character is '^]'.
>
> But when I send a request for a list of instances, the result is:
>
> boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
> and econe-server.log says:
>
> 84.161.122.172 - - [12/Aug/2010 16:20:24] "GET
> /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A20%3A25&Version=2010-06-15&Signature=DRA%2BiKREW2MFyARp%2Bxk3JWKrFBFFnJldRISauZ%2Bz6cc%3D
> HTTP/1.1" 400 139 0.0042
>
> Is this a known issue?
>
> The econe.conf has this values:
> ONE_XMLRPC=http://localhost:2633/RPC2
> SERVER=141.52.167.35
> PORT=4567
> VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
> USER=...
> PASSWORD=...
> IMAGE_DIR=/srv/cloud/images
>
> When I change in econe.conf to Port 8188 and the server vaule to a FQDN the
> econe server is not starting. These are the only vaules that allow me to
> start the econe server.
>
> Any ideas?
>
> Thanks in advance for any help
>
>        Christian
>
> [1] http://code.google.com/p/boto/
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20100813/fbf97372/attachment-0003.htm>


More information about the Users mailing list