[one-users] ec2 access problem after upgrading to ONE 3.0

[Daniel Molina]

Hi,

On 10 October 2011 19:10, Schwickerath Ulrich
<ulrich.schwickerath at cern.ch> wrote:
> Hi, all,
>
> we've recently upgraded our internal cloud to ONE3.0, and since then one of our major customer has problems to connect to it. Everything works with euca-tools,
> but this customer is using the perl EC2 client implementation from Amazon, specifically
>
> #  Amazon EC2 Perl Library
> #  API Version: 2010-06-15
> #  Generated: Wed Jul 21 13:37:54 PDT 2010
>
> Since the update we get authorization errors. The logs are not conclusive. We are running an SSL proxy, and the apache logs only show
> 128.142.192.52 - - [10/Oct/2011:18:39:22 +0200] "POST / HTTP/1.1" 400 139
> (ssl_access_log)
> [10/Oct/2011:18:39:22 +0200] 128.142.192.52 TLSv1 DHE-RSA-AES256-SHA "POST / HTTP/1.1" 139
> (ssl_requests_log)
> The error code translates into a user authorization error. As I said, the same works fine with euca-tools
>
> I've tried both with HmacSHA1 (which he used until now) and HmacSHA256, none of them works.

I have tried with the following configuration using the OpenNebula
dummy Cloud [1] that is running OpenNebula 3.0 and an SSL proxy too
and the same perl client version and it works:

 my $AWS_ACCESS_KEY_ID            = "username";
 my $AWS_SECRET_ACCESS_KEY  = "sha1_password";
 my $ec2Config =  {ServiceURL => "https://cloud.opennebula.org/"};

 use Amazon::EC2::Client;
 my $service = Amazon::EC2::Client->new($AWS_ACCESS_KEY_ID,
$AWS_SECRET_ACCESS_KEY, $ec2Config);

Let's check the following items:
1. Are you using sha1_password as AWS_SECRET_ACCESS_KEY?. You can
retrieve this value from the onuser list commnad.
2. Any relevant information in the econe.log and oned.log?
3. Did you activate the new AUTH driver in the oned.conf?

Kind Regards.

[1] http://www.opennebula.org/cloud:cloud

-- 
Daniel Molina
Project Engineer
OpenNebula - The Open Source Toolkit for Cloud Computing
www.OpenNebula.org | @dmamolina