[one-users] AUTHENTICATION PROBLEM when using EC2 Tools

Olivier Sallou olivier.sallou at irisa.fr
Tue Mar 1 09:28:49 PST 2011


Hi,
I could make it with ElasticFox
In fact we need to put in password the SHA1 encoded password in the 
account password field.

Olivier

Le 3/1/11 5:45 PM, Daniel Molina Aranda a écrit :
> Ok, lets try to find out the problem.
> Could you change EC2QueryServer.rb not to include port for version
> 2010-08-31 and restart the econe-server?, but do not change the
> encoding.
>
> On 1 March 2011 17:32, Olivier Sallou<olivier.sallou at irisa.fr>  wrote:
>> nope, the same after reverting to original code and using "correct"
>> endpoint.
>>
>> Olivier
>>
>> Le 3/1/11 4:44 PM, Daniel Molina Aranda a écrit :
>>> Have you tried without the changes you made? Try reinstalling because
>>> maybe the problem only was in the endpoint you were using and there is
>>> no need to change the source. If you are still having the problem with
>>> the original source, let us know.
>>>
>>> On 1 March 2011 16:02, Olivier Sallou<olivier.sallou at irisa.fr>    wrote:
>>>> no, it is the same
>>>>
>>>> Le 3/1/11 3:45 PM, Daniel Molina Aranda a écrit :
>>>>> In your request you are issuing the following command
>>>>>    "I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>> http://localhost:4567, still fails"
>>>>>
>>>>> You have to use the same endpoint as shown in the econe configuration
>>>>> file:
>>>>> econe-describe-instances -K osallou -S XXXX -U
>>>>> http://onemaster.genouest.org:4567
>>>>>
>>>>> And now it should work.
>>>>>
>>>>>
>>>>> On 1 March 2011 15:25, Olivier Sallou<olivier.sallou at irisa.fr>      wrote:
>>>>>> oneadmin at onemaster:/var/log/one$ ruby -v
>>>>>> ruby 1.8.7 (2010-01-10 patchlevel 249) [x86_64-linux]
>>>>>>
>>>>>> API_VERSION = '2010-08-31'
>>>>>>
>>>>>> econe.conf:
>>>>>>
>>>>>> # OpenNebula sever contact information
>>>>>> ONE_XMLRPC=http://localhost:2633/RPC2
>>>>>>
>>>>>> # Host and port where econe server will run
>>>>>> SERVER=onemaster.genouest.org
>>>>>> PORT=4567
>>>>>>
>>>>>> # SSL proxy that serves the API (set if is being used)
>>>>>> #SSL_SERVER=fqdm.of.the.server
>>>>>>
>>>>>> # VM types allowed and its template file (inside templates directory)
>>>>>> VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
>>>>>>
>>>>>>
>>>>>> Olivier
>>>>>>
>>>>>> Le 3/1/11 3:22 PM, Daniel Molina Aranda a écrit :
>>>>>>> Hi Olivier,
>>>>>>>
>>>>>>> Would you mind to send us your $ONE_LOCATION/etc/econe.conf file and
>>>>>>> the ruby and amazon-ec2 versions that you are working with?
>>>>>>>
>>>>>>> Regards.
>>>>>>>
>>>>>>>
>>>>>>> On 1 March 2011 14:56, Olivier Sallou<olivier.sallou at irisa.fr>
>>>>>>>   wrote:
>>>>>>>> Hi,
>>>>>>>> I face an issue with econe-describe-images and EC2 tools access. I
>>>>>>>> have
>>>>>>>> an
>>>>>>>> authentication error.
>>>>>>>>
>>>>>>>> Following a previous mail I 've seen (see below), I updated encoding
>>>>>>>> to
>>>>>>>> HmacSHA256 and EC2QueryServer.rb not to include port for version
>>>>>>>> 2010-08-31
>>>>>>>>
>>>>>>>> However I still have the issue.
>>>>>>>>
>>>>>>>> I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>>>>> http://localhost:4567, still fails
>>>>>>>>
>>>>>>>> As a client I use ruby gem amazon-ec2.
>>>>>>>>
>>>>>>>>
>>>>>>>> I check EC2Query ruby codes in repository to see if changes were made
>>>>>>>> but
>>>>>>>> I
>>>>>>>> see no difference.
>>>>>>>>
>>>>>>>> Thanks
>>>>>>>>
>>>>>>>> Olivier
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>>>> Hi! I discovered an AUTHENTICATION PROBLEM when using EC2 Tools
>>>>>>>> provided by OpenNebula.
>>>>>>>>
>>>>>>>> On client-side, the HMAC algorithm used is "HmacSHA256" while the
>>>>>>>> passed parameter is "HmacSHA1" in
>>>>>>>>
>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb:144
>>>>>>>>
>>>>>>>> this causes an authentication failure.
>>>>>>>>
>>>>>>>>
>>>>>>>> I found another problem in the file
>>>>>>>>
>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>>
>>>>>>>> While the issue disappeared executing the tool
>>>>>>>>
>>>>>>>>    econe-upload
>>>>>>>>
>>>>>>>> it is still present in the tools
>>>>>>>>
>>>>>>>>    econe-register
>>>>>>>>    econe-describe-images
>>>>>>>>
>>>>>>>> This may be caused by the file
>>>>>>>>
>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>>
>>>>>>>> where, in the function "signature_version_2()" definition, the
>>>>>>>> variable "server_str" depends on the tool executed.
>>>>>>>>
>>>>>>>> 1. econe-upload
>>>>>>>>
>>>>>>>>     server_str = FQDN
>>>>>>>>
>>>>>>>> 2. econe-register
>>>>>>>>
>>>>>>>>     server_str = FQDN:PORT
>>>>>>>>
>>>>>>>> I think the issue is caused by the missing parameter "Version" which
>>>>>>>> is not passed in last two utilities.
>>>>>>>>
>>>>>>>> Best,
>>>>>>>>
>>>>>>>>     PAOLO
>>>>>>>>
>>>>>>>>
>>>>>>>> --
>>>>>>>> PAOLO SMIRAGLIA
>>>>>>>> http://portale.isf.polito.it/paolo-smiraglia
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at lists.opennebula.org
>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>
>>>>>>>> --
>>>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>>>>>
>>>>>>>>
>>>>>>>> _______________________________________________
>>>>>>>> Users mailing list
>>>>>>>> Users at lists.opennebula.org
>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>
>>>>>>>>
>>>>>> --
>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>>>
>>>>>>
>>>>>>
>>>> --
>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>
>> --
>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opennebula.org
>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>
>
>

-- 
gpg key id: 4096R/326D8438  (pgp.mit.edu)
Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438





More information about the Users mailing list