Hi Christian,<div><br></div><div>the way authentication works is by creating a "canonical string" which includes the server port and matching it with your connection parameters. Therefore if the port of the client differs from the one of the server it will probably fail.</div>
<div><br></div><div>Can you change line 77 of EC2QueryServer.rb:</div><div>@server_port=@config[:port] => @server_port=8188</div><div><br></div><div>Can you test that? If that works we could create a fix using environment variables.</div>
<div><br></div><div>Regards,</div><div>Jaime</div><div><br><div><br><br><div class="gmail_quote">On Thu, Aug 12, 2010 at 4:25 PM, Christian Baun <span dir="ltr"><<a href="mailto:cray@unix-ag.uni-kl.de">cray@unix-ag.uni-kl.de</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi,<br>
<br>
I try using the EC2 API with boto[1], a Python interface to Amazon Web Services.<br>
The oned and econe server are up an running.<br>
<br>
When I try to access the econe server via Port 4567, it is working without problems. I send a request for a list of instances and econe-server.log says:<br>
<br>
84.161.122.172 - - [12/Aug/2010 16:17:30] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A17%3A31&Version=2010-06-15&Signature=t9jOxhD3TYAmNCzDpuuFrsSDQ2BItvzDdJjNxGdoye8%3D HTTP/1.1" 200 1335 0.0377<br>
<br>
It simply works.<br>
<br>
The problem: For several reasons I need access to ONE via the EC2 API over port 8188.<br>
<br>
I did a port forwarding via:<br>
iptables -I INPUT -p tcp --dport 8188 -j ACCEPT<br>
iptables -I PREROUTING -t nat -i eth0 -p tcp --dport 8188 -j REDIRECT --to-port 4567<br>
<br>
the econe server can now be reached via 8188:<br>
<br>
telnet 141.52.167.35 8188<br>
Trying 141.52.167.35...<br>
Connected to 141.52.167.35.<br>
Escape character is '^]'.<br>
<br>
But when I send a request for a list of instances, the result is:<br>
<br>
boto.exception.EC2ResponseError: EC2ResponseError: 400 Bad Request<br>
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not authorized</Message></Error></Errors><RequestID>0</RequestID></Response><br>
<br>
and econe-server.log says:<br>
<br>
84.161.122.172 - - [12/Aug/2010 16:20:24] "GET /?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-08-12T14%3A20%3A25&Version=2010-06-15&Signature=DRA%2BiKREW2MFyARp%2Bxk3JWKrFBFFnJldRISauZ%2Bz6cc%3D HTTP/1.1" 400 139 0.0042<br>
<br>
Is this a known issue?<br>
<br>
The econe.conf has this values:<br>
ONE_XMLRPC=<a href="http://localhost:2633/RPC2" target="_blank">http://localhost:2633/RPC2</a><br>
SERVER=141.52.167.35<br>
PORT=4567<br>
VM_TYPE=[NAME=m1.small, TEMPLATE=m1.small.erb]<br>
USER=...<br>
PASSWORD=...<br>
IMAGE_DIR=/srv/cloud/images<br>
<br>
When I change in econe.conf to Port 8188 and the server vaule to a FQDN the econe server is not starting. These are the only vaules that allow me to start the econe server.<br>
<br>
Any ideas?<br>
<br>
Thanks in advance for any help<br>
<br>
Christian<br>
<br>
[1] <a href="http://code.google.com/p/boto/" target="_blank">http://code.google.com/p/boto/</a><br>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
</blockquote></div><br></div></div>