[one-users] AUTHENTICATION PROBLEM when using EC2 Tools

Tue Mar 1 08:45:53 PST 2011

Ok, lets try to find out the problem.
Could you change EC2QueryServer.rb not to include port for version
2010-08-31 and restart the econe-server?, but do not change the
encoding.

On 1 March 2011 17:32, Olivier Sallou <olivier.sallou at irisa.fr> wrote:
> nope, the same after reverting to original code and using "correct"
> endpoint.
>
> Olivier
>
> Le 3/1/11 4:44 PM, Daniel Molina Aranda a écrit :
>>
>> Have you tried without the changes you made? Try reinstalling because
>> maybe the problem only was in the endpoint you were using and there is
>> no need to change the source. If you are still having the problem with
>> the original source, let us know.
>>
>> On 1 March 2011 16:02, Olivier Sallou<olivier.sallou at irisa.fr>  wrote:
>>>
>>> no, it is the same
>>>
>>> Le 3/1/11 3:45 PM, Daniel Molina Aranda a écrit :
>>>>
>>>> In your request you are issuing the following command
>>>>   "I tried with econe-describe-instances -K osallou -S XXXX -U
>>>> http://localhost:4567, still fails"
>>>>
>>>> You have to use the same endpoint as shown in the econe configuration
>>>> file:
>>>> econe-describe-instances -K osallou -S XXXX -U
>>>> http://onemaster.genouest.org:4567
>>>>
>>>> And now it should work.
>>>>
>>>>
>>>> On 1 March 2011 15:25, Olivier Sallou<olivier.sallou at irisa.fr>    wrote:
>>>>>
>>>>> oneadmin at onemaster:/var/log/one$ ruby -v
>>>>> ruby 1.8.7 (2010-01-10 patchlevel 249) [x86_64-linux]
>>>>>
>>>>> API_VERSION = '2010-08-31'
>>>>>
>>>>> econe.conf:
>>>>>
>>>>> # OpenNebula sever contact information
>>>>> ONE_XMLRPC=http://localhost:2633/RPC2
>>>>>
>>>>> # Host and port where econe server will run
>>>>> SERVER=onemaster.genouest.org
>>>>> PORT=4567
>>>>>
>>>>> # SSL proxy that serves the API (set if is being used)
>>>>> #SSL_SERVER=fqdm.of.the.server
>>>>>
>>>>> # VM types allowed and its template file (inside templates directory)
>>>>> VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
>>>>>
>>>>>
>>>>> Olivier
>>>>>
>>>>> Le 3/1/11 3:22 PM, Daniel Molina Aranda a écrit :
>>>>>>
>>>>>> Hi Olivier,
>>>>>>
>>>>>> Would you mind to send us your $ONE_LOCATION/etc/econe.conf file and
>>>>>> the ruby and amazon-ec2 versions that you are working with?
>>>>>>
>>>>>> Regards.
>>>>>>
>>>>>>
>>>>>> On 1 March 2011 14:56, Olivier Sallou<olivier.sallou at irisa.fr>
>>>>>>  wrote:
>>>>>>>
>>>>>>> Hi,
>>>>>>> I face an issue with econe-describe-images and EC2 tools access. I
>>>>>>> have
>>>>>>> an
>>>>>>> authentication error.
>>>>>>>
>>>>>>> Following a previous mail I 've seen (see below), I updated encoding
>>>>>>> to
>>>>>>> HmacSHA256 and EC2QueryServer.rb not to include port for version
>>>>>>> 2010-08-31
>>>>>>>
>>>>>>> However I still have the issue.
>>>>>>>
>>>>>>> I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>>>> http://localhost:4567, still fails
>>>>>>>
>>>>>>> As a client I use ruby gem amazon-ec2.
>>>>>>>
>>>>>>>
>>>>>>> I check EC2Query ruby codes in repository to see if changes were made
>>>>>>> but
>>>>>>> I
>>>>>>> see no difference.
>>>>>>>
>>>>>>> Thanks
>>>>>>>
>>>>>>> Olivier
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>>
>>>>>>> Hi! I discovered an AUTHENTICATION PROBLEM when using EC2 Tools
>>>>>>> provided by OpenNebula.
>>>>>>>
>>>>>>> On client-side, the HMAC algorithm used is "HmacSHA256" while the
>>>>>>> passed parameter is "HmacSHA1" in
>>>>>>>
>>>>>>>   $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb:144
>>>>>>>
>>>>>>> this causes an authentication failure.
>>>>>>>
>>>>>>>
>>>>>>> I found another problem in the file
>>>>>>>
>>>>>>>   $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>
>>>>>>> While the issue disappeared executing the tool
>>>>>>>
>>>>>>>   econe-upload
>>>>>>>
>>>>>>> it is still present in the tools
>>>>>>>
>>>>>>>   econe-register
>>>>>>>   econe-describe-images
>>>>>>>
>>>>>>> This may be caused by the file
>>>>>>>
>>>>>>>   $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>
>>>>>>> where, in the function "signature_version_2()" definition, the
>>>>>>> variable "server_str" depends on the tool executed.
>>>>>>>
>>>>>>> 1. econe-upload
>>>>>>>
>>>>>>>    server_str = FQDN
>>>>>>>
>>>>>>> 2. econe-register
>>>>>>>
>>>>>>>    server_str = FQDN:PORT
>>>>>>>
>>>>>>> I think the issue is caused by the missing parameter "Version" which
>>>>>>> is not passed in last two utilities.
>>>>>>>
>>>>>>> Best,
>>>>>>>
>>>>>>>    PAOLO
>>>>>>>
>>>>>>>
>>>>>>> --
>>>>>>> PAOLO SMIRAGLIA
>>>>>>> http://portale.isf.polito.it/paolo-smiraglia
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at lists.opennebula.org
>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>
>>>>>>> --
>>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> Users mailing list
>>>>>>> Users at lists.opennebula.org
>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>
>>>>>>>
>>>>> --
>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>>
>>>>>
>>>>>
>>>>
>>> --
>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>
>>
>
> --
> gpg key id: 4096R/326D8438  (pgp.mit.edu)
> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>

-- 
Daniel Molina, Cloud Technology Engineer/Researcher
DSA Research Group: web http://dsa-research.org and blog
http://blog.dsa-research.org
OpenNebula Open Source Toolkit for Cloud Computing: http://www.OpenNebula.org