[one-users] AUTHENTICATION PROBLEM when using EC2 Tools

Zeeshan Ali Shah zashah at pdc.kth.se
Wed Mar 2 06:39:17 PST 2011 

got it on line 268 it shd be like this

server_str = server_str + ":" + @server_port unless %w{2010-08-31 
2009-11-30}.include? params["Version"]

On 03/02/2011 03:19 PM, Zeeshan Ali Shah wrote:
> in which line you changed ? in EC2QueryServer.rb  and what is in it 
> right now ?
>
> also what is the version of rack and amazon-ec2 you have which is 
> working ?
>
> Zeeshan
>
> On 03/01/2011 05:52 PM, Olivier Sallou wrote:
>> gotcha, it works with changing version AND restarting....
>> I did not restarted econe-server before, seems it did not take it 
>> into account.
>>
>> So it works with econe-describe-instances
>>
>> Though it fails with ElasticFox.... with still User not authorized
>>
>>
>> Olivier
>>
>> Le 3/1/11 5:45 PM, Daniel Molina Aranda a écrit :
>>> Ok, lets try to find out the problem.
>>> Could you change EC2QueryServer.rb not to include port for version
>>> 2010-08-31 and restart the econe-server?, but do not change the
>>> encoding.
>>>
>>> On 1 March 2011 17:32, Olivier Sallou<olivier.sallou at irisa.fr>  wrote:
>>>> nope, the same after reverting to original code and using "correct"
>>>> endpoint.
>>>>
>>>> Olivier
>>>>
>>>> Le 3/1/11 4:44 PM, Daniel Molina Aranda a écrit :
>>>>> Have you tried without the changes you made? Try reinstalling because
>>>>> maybe the problem only was in the endpoint you were using and 
>>>>> there is
>>>>> no need to change the source. If you are still having the problem 
>>>>> with
>>>>> the original source, let us know.
>>>>>
>>>>> On 1 March 2011 16:02, Olivier Sallou<olivier.sallou at irisa.fr>    
>>>>> wrote:
>>>>>> no, it is the same
>>>>>>
>>>>>> Le 3/1/11 3:45 PM, Daniel Molina Aranda a écrit :
>>>>>>> In your request you are issuing the following command
>>>>>>>    "I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>>>> http://localhost:4567, still fails"
>>>>>>>
>>>>>>> You have to use the same endpoint as shown in the econe 
>>>>>>> configuration
>>>>>>> file:
>>>>>>> econe-describe-instances -K osallou -S XXXX -U
>>>>>>> http://onemaster.genouest.org:4567
>>>>>>>
>>>>>>> And now it should work.
>>>>>>>
>>>>>>>
>>>>>>> On 1 March 2011 15:25, Olivier 
>>>>>>> Sallou<olivier.sallou at irisa.fr>      wrote:
>>>>>>>> oneadmin at onemaster:/var/log/one$ ruby -v
>>>>>>>> ruby 1.8.7 (2010-01-10 patchlevel 249) [x86_64-linux]
>>>>>>>>
>>>>>>>> API_VERSION = '2010-08-31'
>>>>>>>>
>>>>>>>> econe.conf:
>>>>>>>>
>>>>>>>> # OpenNebula sever contact information
>>>>>>>> ONE_XMLRPC=http://localhost:2633/RPC2
>>>>>>>>
>>>>>>>> # Host and port where econe server will run
>>>>>>>> SERVER=onemaster.genouest.org
>>>>>>>> PORT=4567
>>>>>>>>
>>>>>>>> # SSL proxy that serves the API (set if is being used)
>>>>>>>> #SSL_SERVER=fqdm.of.the.server
>>>>>>>>
>>>>>>>> # VM types allowed and its template file (inside templates 
>>>>>>>> directory)
>>>>>>>> VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]
>>>>>>>>
>>>>>>>>
>>>>>>>> Olivier
>>>>>>>>
>>>>>>>> Le 3/1/11 3:22 PM, Daniel Molina Aranda a écrit :
>>>>>>>>> Hi Olivier,
>>>>>>>>>
>>>>>>>>> Would you mind to send us your $ONE_LOCATION/etc/econe.conf 
>>>>>>>>> file and
>>>>>>>>> the ruby and amazon-ec2 versions that you are working with?
>>>>>>>>>
>>>>>>>>> Regards.
>>>>>>>>>
>>>>>>>>>
>>>>>>>>> On 1 March 2011 14:56, Olivier Sallou<olivier.sallou at irisa.fr>
>>>>>>>>>   wrote:
>>>>>>>>>> Hi,
>>>>>>>>>> I face an issue with econe-describe-images and EC2 tools 
>>>>>>>>>> access. I
>>>>>>>>>> have
>>>>>>>>>> an
>>>>>>>>>> authentication error.
>>>>>>>>>>
>>>>>>>>>> Following a previous mail I 've seen (see below), I updated 
>>>>>>>>>> encoding
>>>>>>>>>> to
>>>>>>>>>> HmacSHA256 and EC2QueryServer.rb not to include port for version
>>>>>>>>>> 2010-08-31
>>>>>>>>>>
>>>>>>>>>> However I still have the issue.
>>>>>>>>>>
>>>>>>>>>> I tried with econe-describe-instances -K osallou -S XXXX -U
>>>>>>>>>> http://localhost:4567, still fails
>>>>>>>>>>
>>>>>>>>>> As a client I use ruby gem amazon-ec2.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I check EC2Query ruby codes in repository to see if changes 
>>>>>>>>>> were made
>>>>>>>>>> but
>>>>>>>>>> I
>>>>>>>>>> see no difference.
>>>>>>>>>>
>>>>>>>>>> Thanks
>>>>>>>>>>
>>>>>>>>>> Olivier
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> Hi! I discovered an AUTHENTICATION PROBLEM when using EC2 Tools
>>>>>>>>>> provided by OpenNebula.
>>>>>>>>>>
>>>>>>>>>> On client-side, the HMAC algorithm used is "HmacSHA256" while 
>>>>>>>>>> the
>>>>>>>>>> passed parameter is "HmacSHA1" in
>>>>>>>>>>
>>>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryClient.rb:144
>>>>>>>>>>
>>>>>>>>>> this causes an authentication failure.
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> I found another problem in the file
>>>>>>>>>>
>>>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>>>>
>>>>>>>>>> While the issue disappeared executing the tool
>>>>>>>>>>
>>>>>>>>>>    econe-upload
>>>>>>>>>>
>>>>>>>>>> it is still present in the tools
>>>>>>>>>>
>>>>>>>>>>    econe-register
>>>>>>>>>>    econe-describe-images
>>>>>>>>>>
>>>>>>>>>> This may be caused by the file
>>>>>>>>>>
>>>>>>>>>>    $ONE_LOCATION/lib/ruby/cloud/econe/EC2QueryServer.rb
>>>>>>>>>>
>>>>>>>>>> where, in the function "signature_version_2()" definition, the
>>>>>>>>>> variable "server_str" depends on the tool executed.
>>>>>>>>>>
>>>>>>>>>> 1. econe-upload
>>>>>>>>>>
>>>>>>>>>>     server_str = FQDN
>>>>>>>>>>
>>>>>>>>>> 2. econe-register
>>>>>>>>>>
>>>>>>>>>>     server_str = FQDN:PORT
>>>>>>>>>>
>>>>>>>>>> I think the issue is caused by the missing parameter 
>>>>>>>>>> "Version" which
>>>>>>>>>> is not passed in last two utilities.
>>>>>>>>>>
>>>>>>>>>> Best,
>>>>>>>>>>
>>>>>>>>>>     PAOLO
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>> PAOLO SMIRAGLIA
>>>>>>>>>> http://portale.isf.polito.it/paolo-smiraglia
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>>
>>>>>>>>>> -- 
>>>>>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 
>>>>>>>>>> 326D 8438
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>>>> _______________________________________________
>>>>>>>>>> Users mailing list
>>>>>>>>>> Users at lists.opennebula.org
>>>>>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>>>>>
>>>>>>>>>>
>>>>>>>> -- 
>>>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 
>>>>>>>> 8438
>>>>>>>>
>>>>>>>>
>>>>>>>>
>>>>>> -- 
>>>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> Users mailing list
>>>>>> Users at lists.opennebula.org
>>>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>>>
>>>>>
>>>> -- 
>>>> gpg key id: 4096R/326D8438  (pgp.mit.edu)
>>>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335  D26D 78DC 68DB 326D 8438
>>>>
>>>>
>>>> _______________________________________________
>>>> Users mailing list
>>>> Users at lists.opennebula.org
>>>> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>>>
>>>
>>>
>>
>
>


-- 
Regards


Zeeshan Ali Shah
System Administrator
PDC-Center for High Performance Computing
KTH-Royal Institute of Technology, Sweden
+46 8 790 9115

More information about the Users mailing list