<div dir="ltr">Hi Ricardo,<div class="gmail_extra"><br><br><div class="gmail_quote">On 2 April 2013 01:25, Ricardo Duarte <span dir="ltr"><<a href="mailto:rjtd21@hotmail.com" target="_blank">rjtd21@hotmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div dir="ltr">Hi,<br><br>I will answer my own question, because I find the solution.<br>The problem was that I was using the fqdn instead of the IP address, for the EC2_URL. <br>I had a look at the EC2CloudAuth.rb, and what was happening was the following:<br>
<br>- The signature_v1 function requires the host to be stripped from the params.<br>- The current implementation only deletes the host name that matches the :host: parameter from econe.conf (params.delete('econe_host'). )<br>
- So, signature_v1 would consider the host for the calculation when I was using the fqdn != :host:<br><br>I had the IP as the :host: parameter. As soon as I changed it to the fqdn, I could use <a href="http://fqdn" target="_blank">http://fqdn</a>:<econe port> as the ec2 endpoint.<br>
But then, http://<ip>:<econe port> stops working.<br></div></div></blockquote><div><br></div><div style>The host and port are used to generate the signature (v2), so they have to be the same in both server and client sides, otherwise the signature will be different and the authentication will fail. In the server side, these values are retrieved from the configuration, included in the params hash (econe-server.rb) and passed to the do_auth method (EC2CloudAuth.rb).</div>
<div style><br></div><div style>In the signature_v1 case the host and port are not needed to generate the signature, hence they are deleted from the params before generating the signature in the server (signature_v1() EC2CloudAuth.rb).</div>
<div style><br></div><div style>Cheers.</div><div><br></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<div><div dir="ltr"><br>Regards,<br>Ricardo<br><br><div><div></div><hr>From: <a href="mailto:rjtd21@hotmail.com" target="_blank">rjtd21@hotmail.com</a><br>To: <a href="mailto:users@lists.opennebula.org" target="_blank">users@lists.opennebula.org</a><br>
Date: Mon, 1 Apr 2013 22:48:25 +0000<br>Subject: [one-users] econe auth not working (4.0 and 3.8.3) ?<div><div class="h5"><br><br>
<div dir="ltr">Hi there,<br><br>On both 3.8.3 and 4.0 I'm getting the following error when trying to use the EC2 API:<br><br>- AuthFailure: The username or password is not correct<br><br>I'm using ACCESS_KEY = username, and EC2_SECRET_KEY= <sha1 password, shown with oneuser show <id> . <br>
I'm pointing EC2_URL to http://<one controller>:<econe port>.<br>My ec2_auth has the correct serveradmin credential.<br>My users are using Core as the auth driver, and were created with Sunstone.<br>Oned.log shows "Message received: AUTHENTICATE SUCCESS 1731 -".<br>
<br>Any idea of what can be the problem?<br><br>Thanks,<br>Ricardo<br> </div>
<br></div></div>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a></div> </div></div>
<br>_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opennebula.org">Users@lists.opennebula.org</a><br>
<a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
<br></blockquote></div><br><br clear="all"><div><br></div>-- <br>Daniel Molina<br>Project Engineer<br>OpenNebula - The Open Source Solution for Data Center Virtualization<br><a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a> | @OpenNebula
</div></div>