Ubuntu
euca2ools package

euca-bundle-vol dies with "Invalid cert"

Bug #505482 reported by Eric Hammond
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
euca2ools (Ubuntu)
Invalid
High
Unassigned

Bug Description

Binary package hint: euca2ools

On a fresh copy of the latest 32-bit Ubuntu Lucid daily AMI

  ami-6a28c503
  ubuntu-images-testing-us/ubuntu-lucid-daily-i386-desktop-20100110.manifest.xml

I installed a copy of ec2-ami-tools (to get the EC2 certificate)

  echo "deb http://us.ec2.archive.ubuntu.com/ubuntu/ lucid multiverse" |
    sudo tee /etc/apt/sources.list.d/multiverse.list > /dev/null
  sudo apt-get update && sudo apt-get install -y ec2-ami-tools

And then I ran the following euca2ools command:

  sudo -E euca-bundle-vol \
    -r $arch \
    -d /mnt \
    -p $prefix \
    -u $AWS_USER_ID \
    -k /mnt/pk-*.pem \
    -c /mnt/cert-*.pem \
    -s 10240 \
    -e /mnt,/root/.ssh,/home/ubuntu/.ssh \
    --ec2cert /etc/ec2/amitools/cert-ec2.pem

This failed with the simple error:

  Invalid cert

Unfortunately, it's not telling me what cert is invalid. When I leave off the --ec2cert option, it still gives the same error.

This exact same process works fine on an Ubuntu 9.10 Karmic AMI like

  ami-1515f67c
  ubuntu-images-us/ubuntu-karmic-9.10-i386-server-20091027.1.manifest.xml

This problem is preventing me from completing the testing of the fix in bug 479823.

ProblemType: Bug
Architecture: i386
Date: Sun Jan 10 13:39:54 2010
DistroRelease: Ubuntu 10.04
Ec2AMI: ami-6a28c503
Ec2AMIManifest: ubuntu-images-testing-us/ubuntu-lucid-daily-i386-desktop-20100110.manifest.xml
Ec2AvailabilityZone: us-east-1a
Ec2InstanceType: m1.small
Ec2Kernel: aki-60cb2609
Ec2Ramdisk: ari-e629c48f
Package: euca2ools 1.1~bzr238-0ubuntu2
PackageArchitecture: all
ProcEnviron:
 LANG=en_US.UTF-8
 SHELL=/bin/bash
ProcVersionSignature: User Name 2.6.32-301.4-ec2
SourcePackage: euca2ools
Tags: lucid ec2-images
Uname: Linux 2.6.32-301-ec2 i686

See original description
Revision history for this message
Eric Hammond (esh) wrote :
description: updated
Scott Moser (smoser)
Changed in euca2ools (Ubuntu):
importance: Undecided → High
Revision history for this message
Neil Soman (neilsoman) wrote :

The cert that it is complaining about is the user cert. I don't think euca-bundle-vol accepts wildcards.

Dustin Kirkland  (kirkland)
Changed in euca2ools (Ubuntu):
status: New → Incomplete
Revision history for this message
Scott Moser (smoser) wrote :

Niel, euca-bundle-vol doesn't accept wildcards. It doesn't need to. The command Eric listed was evaluated via shell, which expands those wildcards.

Revision history for this message
Scott Moser (smoser) wrote :

@Eric
I can't reproduce this at the moment, I'm testing on ubuntu-lucid-daily-i386-server-20100301.manifest.xml . I don't actually know what would have changed to fix the problem you reported though.

I can verify failure, but only if I pass it invalid key to '--ec2cert <key>'.

It succeeds for me in either:
a.) no key given (the default in the ubuntu packages is now to use /usr/share/euca2ools/cert-ec2.pem -- bug 479836)
b.) ami-tools installed and --ec2cert /etc/ec2/amitools/cert-ec2.pem given.

The only time it fails is when there is, in fact, an invalid key given (such as non-existant file).

Revision history for this message
Eric Hammond (esh) wrote :

Scott: Thanks for checking. The original AMI no longer exists, and I am also unable to reproduce this on the latest Lucid daily:
  ami-e9b95680
  ubuntu-images-testing-us/ubuntu-lucid-daily-i386-server-20100301.manifest.xml
I have marked the bug invalid.

Changed in euca2ools (Ubuntu):
status: Incomplete → Invalid
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.