[one-users] AUTHENTICATION PROBLEM when using EC2 Tools

Zeeshan Ali Shah zashah at pdc.kth.se
Wed Mar 2 06:19:51 PST 2011


in which line you changed ? in EC2QueryServer.rb  and what is in it 
right now ?

also what is the version of rack and amazon-ec2 you have which is working ?

Zeeshan

On 03/01/2011 05:52 PM, Olivier Sallou wrote:
> gotcha, it works with changing version AND restarting....
> I did not restarted econe-server before, seems it did not take it into 
> account.
>
> So it works with econe-describe-instances
>
> Though it fails with ElasticFox.... with still User not authorized
>
>
> Olivier
>
> Le 3/1/11 5:45 PM, Daniel Molina Aranda a écrit :
>> Ok, lets try to find out the problem.
>> Could you change EC2QueryServer.rb not to include port for version
>> 2010-08-31 and restart the econe-server?, but do not change the
>> encoding.
>>
>> On 1 March 2011 17:32, Olivier Sallou<olivier.sallou at irisa.fr>  wrote:
>>> nope, the same after reverting to original code and using "correct"
>>> endpoint.
>>>
>>> Olivier
>>>
>>> Le 3/1/11 4:44 PM, Daniel Molina Aranda a écrit :
>>>> Have you tried without the changes you made? Try reinstalling because
>>>> maybe the problem only was in the endpoint you were using and there is
>>>> no need to change the source. If you are still having the problem with
>>>> the original source, let us know.
>>>>
>>>> On 1 March 2011 16:02, Olivier Sallou<olivier.sallou at irisa.fr>    
>>>> wrote:
>>>>> no, it is the same
>>>>>
>>>>> Le 3/1/11 3:45 PM, Daniel Molina Aranda a écrit :
>>>>>> In your request you are issuing the following command
>>>>>>    "I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>>> http://localhost:4567, still fails"
>>>>>>
>>>>>> You have to use the same endpoint as shown in the econe 
>>>>>> configuration
>>>>>> file:
>>>>>> econe-describe-instances -K osallou -S XXXX -U
>>>>>> http://onemaster.genouest.org:4567
>>>>>>
>>>>>> And now it should work.
>>>>>>
>>>>>>
>>>>>> On 1 March 2011 15:25, Olivier 
>>>>>> Sallou<olivier.sallou at irisa.fr>      wrote:
>>>>>>> oneadmin at onemaster:/var/log/one$ ruby -v
>>>>>>> ruby 1.8.7 (2010-01-10 patchlevel 249) [x86_64-linux]
>>>>>>>
>>>>>>> API_VERSION = '2010-08-31'
>>>>>>>
>>>>>>> econe.conf:
>>>>>>>
>>>>>>> # OpenNebula sever contact information
>>>>>>> ONE_XMLRPC=http://localhost:2633/RPC2
>>>>>>>
>>>>>>> # Host and port where econe server will run
>>>>>>> SERVER=onemaster.genouest.org
>>>>>>> PORT=4567
>>>>>>>
>>>>>>> # SSL proxy that serves the API (set if is being used)
>>>>>>> #SSL_SERVER=fqdm.of.the.server
>>>>>>>
>>>>>>> # VM types allowed and its template file (inside templates 
>>>>>>> directory)
>>>>>>> VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
>>>>>>>
>>>>>>>
>>>>>>> Olivier
>>>>>>>
>>>>>>> Le 3/1/11 3:22 PM, Daniel Molina Aranda a écrit :
>>>>>>>> Hi Olivier,
>>>>>>>>
>>>>>>>> Would you mind to send us your $ONE_LOCATION/etc/econe.conf 
>>>>>>>> file and
>>>>>>>> the ruby and amazon-ec2 versions that you are working with?
>>>>>>>>
>>>>>>>> Regards.
>>>>>>>>
>>>>>>>>
>>>>>>>> On 1 March 2011 14:56, Olivier Sallou<olivier.sallou at irisa.fr>
>>>>>>>>   wrote:
>>>>>>>>> Hi,
>>>>>>>>> I face an issue with econe-describe-images and EC2 tools 
>>>>>>>>> access. I
>>>>>>>>> have
>>>>>>>>> an
>>>>>>>>> authentication error.
>>>>>>>>>
>>>>>>>>> Following a previous mail I 've seen (see below), I updated 
>>>>>>>>> encoding
>>>>>>>>> to
>>>>>>>>> HmacSHA256 and EC2QueryServer.rb not to include port for version
>>>>>>>>> 2010-08-31
>>>>>>>>>
>>>>>>>>> However I still have the issue.
>>>>>>>>>
>>>>>>>>> I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>>>>>> http://localhost:4567, still fails
>>>>>>>>>
>>>>>>>>> As a client I use ruby gem amazon-ec2.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I check EC2Query ruby codes in repository to see if changes 
>>>>>>>>> were made
>>>>>>>>> but
>>>>>>>>> I
>>>>>>>>> see no difference.
>>>>>>>>>
>>>>>>>>> Thanks
>>>>>>>>>
>>>>>>>>> Olivier
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> Hi! I discovered an AUTHENTICATION PROBLEM when using EC2 Tools
>>>>>>>>> provided by OpenNebula.
>>>>>>>>>
>>>>>>>>> On client-side, the HMAC algorithm used is "HmacSHA256" while the
>>>>>>>>> passed parameter is "HmacSHA1" in
>>>>>>>>>
>>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb:144
>>>>>>>>>
>>>>>>>>> this causes an authentication failure.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> I found another problem in the file
>>>>>>>>>
>>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>>>
>>>>>>>>> While the issue disappeared executing the tool
>>>>>>>>>
>>>>>>>>>    econe-upload
>>>>>>>>>
>>>>>>>>> it is still present in the tools
>>>>>>>>>
>>>>>>>>>    econe-register
>>>>>>>>>    econe-describe-images
>>>>>>>>>
>>>>>>>>> This may be caused by the file
>>>>>>>>>
>>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>>>
>>>>>>>>> where, in the function "signature_version_2()" definition, the
>>>>>>>>> variable "server_str" depends on the tool executed.
>>>>>>>>>
>>>>>>>>> 1. econe-upload
>>>>>>>>>
>>>>>>>>>     server_str = FQDN
>>>>>>>>>
>>>>>>>>> 2. econe-register
>>>>>>>>>
>>>>>>>>>     server_str = FQDN:PORT
>>>>>>>>>
>>>>>>>>> I think the issue is caused by the missing parameter "Version" 
>>>>>>>>> which
>>>>>>>>> is not passed in last two utilities.
>>>>>>>>>
>>>>>>>>> Best,
>>>>>>>>>
>>>>>>>>>     PAOLO
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>>> PAOLO SMIRAGLIA
>>>>>>>>> http://portale.isf.polito.it/paolo-smiraglia
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>
>>>>>>>>> -- 
>>>>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 
>>>>>>>>> 326D 8438
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> _______________________________________________
>>>>>>>>> Users mailing list
>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>
>>>>>>>>>
>>>>>>> -- 
>>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 
>>>>>>> 8438
>>>>>>>
>>>>>>>
>>>>>>>
>>>>> -- 
>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> Users mailing list
>>>>> Users at lists.opennebula.org
>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>
>>>>
>>> -- 
>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>
>>>
>>> _______________________________________________
>>> Users mailing list
>>> Users at lists.opennebula.org
>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>
>>
>>
>


-- 
Regards


Zeeshan Ali Shah
System Administrator
PDC-Center for High Performance Computing
KTH-Royal Institute of Technology, Sweden
+46 8 790 9115




More information about the Users mailing list