[one-users] Problem with EC2 interface

Riccardo Brunetti brunetti.riccardo at gmail.com
Tue Mar 5 06:58:47 PST 2013


Dear Daniel.
Thank you very much for the hint.
I manage to execute a few commands (describe-instances, run-instance etc..)
using curl as you suggested.

Best Regards,
Riccardo

2013/3/5 Daniel Molina <dmolina at opennebula.org>

> Hi,
>
> On 1 March 2013 16:58, gmail <brunetti.riccardo at gmail.com> wrote:
> > Dear opennebula users.
> >
> > I'm trying to setup a public cloud using OpenNebula and the EC2
> interface.
> >
> > I configured the server side (/etc/one/econe.conf) using these
> parameters:
> >
> > :one_xmlrpc: http://localhost:2633/RPC2
> > :host: <FQDN-of-the-OpenNebula-instance>
> > :port: 4567
> >
> > :ssl_server: https://<FQDN-of-the-OpenNebula-instance>:443/ec2
> > :auth: x509
> >
> > The :ssl_server is the URL of a proxy which forwards the requests
> > according to this apache-ssl configuration:
> >
> > ...
> > <Location />
> >       RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
> >       RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
> >       RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s"
> >       RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
> >       RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
> >
> >       ProxyPass        http://<FQDN-of-the-OpenNebula-instance>:9869/
> >       ProxyPassReverse  http://<FQDN-of-the-OpenNebula-instance>:9869/
> > </Location>
> >
> > <Location /ec2>
> >       RequestHeader set SSL_CLIENT_S_DN "%{SSL_CLIENT_S_DN}s"
> >       RequestHeader set SSL_CLIENT_I_DN "%{SSL_CLIENT_I_DN}s"
> >       RequestHeader set SSL_SERVER_S_DN_OU "%{SSL_SERVER_S_DN_OU}s"
> >       RequestHeader set SSL_CLIENT_VERIFY "%{SSL_CLIENT_VERIFY}s"
> >       RequestHeader set SSL_CLIENT_CERT "%{SSL_CLIENT_CERT}s"
> >
> >       ProxyPass        http://<FQDN-of-the-OpenNebula-instance>:4567/
> >       ProxyPassReverse  http://<FQDN-of-the-OpenNebula-instance>:4567/
> > </Location>
> > ...
> >
> > On client side I installed the OpenNebula EC2 API (econe....) and
> > defined the following environment variables:
> >
> > EC2_URL=https://<FQDN-of-the-OpenNebula-instance>:443/ec2
> > EC2_ACCESS_KEY=<username-of-a-user>
> > EC2_SECRET_KEY=<DN-of-the-user-certificate>
> >
> > The user can login using his x509 certificate on sunstone, but when I
> > try to execute the econe-... commands I get the following error:
> >
> > "econe-describe-images: SSL_connect returned=1 errno=0 state=SSLv3 read
> > server session ticket A: sslv3 alert handshake failure"
> >
> > Everything works fine if I use the :auth: ec2 authentication using
> > username/password and pointing to the econe-server URL without using the
> > ssl proxy (http://<FQDN-of-the-OpenNebula-instance>:4567/)
> >
> > Can anybody give me some suggestion?
>
> Currently, econe commands do not support x509 authentication.
>
> In this thread [1] Hyunwoo faced the same problem, maybe he can share more
> info
>
> [1]
> http://lists.opennebula.org/pipermail/users-opennebula.org/2013-January/021644.html
>
> --
> Daniel Molina
> Project Engineer
> OpenNebula - The Open Source Solution for Data Center Virtualization
> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20130305/4634425f/attachment-0002.htm>


More information about the Users mailing list