[one-users] Strange behavior of ONE + EC2 API when using port forwaring

Christian Baun cray at unix-ag.uni-kl.de
Fri Aug 13 01:44:11 PDT 2010 

Hi Jaime,

I erased the forwarding rules, changed the line in 
/srv/cloud/one/lib/ruby/cloud/econe/EC2QueryServer.rb
and did a stop/start of econe-server.

When I send a request for a list of instances now, the result is a huge ammount of output.

...
boto.exception.BotoServerError: BotoServerError: 500 Internal Server Error
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/>
  <title>TypeError at /</title>

  <script type="text/javascript">
  //<!--
  function toggle(id) {
    var pre  = document.getElementById("pre-" + id);
    var post = document.getElementById("post-" + id);
    var context = document.getElementById("context-" + id);

    if (pre.style.display == 'block') {
      pre.style.display = 'none';
      post.style.display = 'none';

...
### several hundred lines of output ###
...
         <tr>
           <td>sinatra.error</td>
           <td class="code"><div>#<TypeError: can't convert Fixnum into String></div></td>
         </tr>

      </table>
      <div class="clear"></div>
    </div> <!-- /RACK ENV -->

    <p id="explanation">You're seeing this error because you have
enabled the <code>show_exceptions</code> setting.</p>
  </div> <!-- /WRAP -->
  </body>
</html>


The econe-server.log says: 

...
	/var/lib/gems/1.8/gems/eventmachine-0.12.10/lib/eventmachine.rb:256:in `run'
	/var/lib/gems/1.8/gems/thin-1.2.7/lib/thin/backends/base.rb:57:in `start'
	/var/lib/gems/1.8/gems/thin-1.2.7/lib/thin/server.rb:156:in `start'
	/usr/lib/ruby/1.8/rack/handler/thin.rb:14:in `run'
	/usr/lib/ruby/1.8/sinatra/base.rb:930:in `run!'
	/usr/lib/ruby/1.8/sinatra/main.rb:25
	/srv/cloud/one/lib/ruby/cloud/econe/econe-server.rb:110
84.161.124.220 - - [13/Aug/2010 10:37:20] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-13T08%3A37%3A01&Version=2010-06-15&Signature=Jp63548ALT6fTdJJTydhSoPaPU6Hj9X3xZZifGiEFyc%3D HTTP/1.1" 500 103926 0.0774


Is there anything else, I can try? 

Regads,
   Christian 


Am Freitag, 13. August 2010 schrieb Jaime Melis:
> Hi Christian,
> 
> the way authentication works is by creating a "canonical string" which
> includes the server port and matching it with your connection parameters.
> Therefore if the port of the client differs from the one of the server it
> will probably fail.
> 
> Can you change line 77 of EC2QueryServer.rb:
> @server_port=@config[:port] => @server_port=8188
> 
> Can you test that? If that works we could create a fix using environment
> variables.
> 
> Regards,
> Jaime
> 
> 
> 
> On Thu, Aug 12, 2010 at 4:25 PM, Christian Baun <cray at unix-ag.uni-kl.de>wrote:
> 
> > Hi,
> >
> > I try using the EC2 API with boto[1], a Python interface to Amazon Web
> > Services.
> > The oned and econe server are up an running.
> >
> > When I try to access the econe server via Port 4567, it is working without
> > problems. I send a request for a list of instances and econe-server.log
> > says:
> >
> > 84.161.122.172 - - [12/Aug/2010 16:17:30] "GET
> > /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A17%3A31&Version=2010-06-15&Signature=t9jOxhD3TYAmNCzDpuuFrsSDQ2BItvzDdJjNxGdoye8%3D
> > HTTP/1.1" 200 1335 0.0377
> >
> > It simply works.
> >
> > The problem: For several reasons I need access to ONE via the EC2 API over
> > port 8188.
> >
> > I did a port forwarding via:
> > iptables -I INPUT -p tcp --dport 8188 -j ACCEPT
> > iptables -I PREROUTING -t nat -i eth0 -p tcp --dport 8188 -j REDIRECT
> > --to-port 4567
> >
> > the econe server can now be reached via 8188:
> >
> > telnet 141.52.167.35 8188
> > Trying 141.52.167.35...
> > Connected to 141.52.167.35.
> > Escape character is '^]'.
> >
> > But when I send a request for a list of instances, the result is:
> >
> > boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request
> > <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> > authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
> >
> > and econe-server.log says:
> >
> > 84.161.122.172 - - [12/Aug/2010 16:20:24] "GET
> > /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A20%3A25&Version=2010-06-15&Signature=DRA%2BiKREW2MFyARp%2Bxk3JWKrFBFFnJldRISauZ%2Bz6cc%3D
> > HTTP/1.1" 400 139 0.0042
> >
> > Is this a known issue?
> >
> > The econe.conf has this values:
> > ONE_XMLRPC=http://localhost:2633/RPC2
> > SERVER=141.52.167.35
> > PORT=4567
> > VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
> > USER=...
> > PASSWORD=...
> > IMAGE_DIR=/srv/cloud/images
> >
> > When I change in econe.conf to Port 8188 and the server vaule to a FQDN the
> > econe server is not starting. These are the only vaules that allow me to
> > start the econe server.
> >
> > Any ideas?
> >
> > Thanks in advance for any help
> >
> >        Christian
> >
> > [1] http://code.google.com/p/boto/
> > _______________________________________________
> > Users mailing list
> > Users at lists.opennebula.org
> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
> >
>

More information about the Users mailing list