EC2_ACCESS_KEY improperly formed
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
OpenStack Compute (nova) |
Invalid
|
Undecided
|
Unassigned |
Bug Description
Using nova revision 1558 ( even early )
If I use
nova-manage project zipfile 1234 joeuser
I obtain a zipfile with novarc formed like this:
NOVARC=$(readlink -f "${BASH_
NOVARC=$(python -c 'import os,sys; print os.path.
NOVA_KEY_
export EC2_ACCESS_
export EC2_SECRET_
export EC2_URL="http://
export S3_URL="http://
export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
export EC2_PRIVATE_
export EC2_CERT=
export NOVA_CERT=
export EUCALYPTUS_
alias ec2-bundle-
alias ec2-upload-
export NOVA_API_
export NOVA_USERNAME=
export NOVA_PROJECT_
export NOVA_URL="http://
I use keystone so I've substituted last row like this:
export NOVA_URL="http://
and then
source novarc
well...
[root@hostname joeuser_bis]# euca-describe-
Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
EC2ResponseError: 403 Forbidden
403 Forbidden
Access was denied to this resource.
but...
[root@hostname joeuser_bis]# export EC2_ACCESS_
[root@hostname joeuser_bis]# euca-describe-
IMAGE ami-00000009 None (prova_di_snapshot) creating private machine instance-store
IMAGE ami-00000008 None (centos-5.2) available public machine instance-store
it seems that nova-manage or authentication considers the wrong field in db
summary: |
- nova-manage zipfile problem + EC2_ACCESS_KEY improperly formed |
Changed in nova: | |
status: | New → Invalid |
If you use --use_deprecate d_auth you will get the old style access key when you use nova-manage project zipfile. We should also add some sort of flag to add the nova url properly. Unfortunately when using keystone properly, nova doesn't know the access key for a user, so we probably will need to generate the rc file somewhere else.
It looks like you are using the keystone shim, so --use_deprecate d_auth should solve your particular issue.
Vish
On Sep 14, 2011, at 6:43 AM, truijllo wrote:
> Public bug reported: SOURCE: -${0}}" 2>/dev/null) || abspath( os.path. realpath( sys.argv[ 1]))' "${BASH_ SOURCE: -${0}}" ) DIR=${NOVARC% /*} KEY="joeuser: 1234" KEY="6c374b36- ad41-426d- 8ddd-7c450b842f b6" 192.168. 0.100:8773/ services/ Cloud" 192.168. 0.100:3333" KEY=${NOVA_ KEY_DIR} /pk.pem ${NOVA_ KEY_DIR} /cert.pem ${NOVA_ KEY_DIR} /cacert. pem CERT=${ NOVA_CERT} # euca-bundle-image seems to require this set image=" ec2-bundle- image --cert ${EC2_CERT} --privatekey ${EC2_PRIVATE_KEY} --user 42 --ec2cert ${NOVA_CERT}" bundle= "ec2-upload- bundle -a ${EC2_ACCESS_KEY} -s ${EC2_SECRET_KEY} --url ${S3_URL} --ec2cert ${NOVA_CERT}" KEY="joeuser" "joeuser" ID="1234" 192.168. 0.100:8774/ v1.1/" 192.168. 0.100:5000/ v2.0/" images KEY=fdf50e55- 8f02-4aac- ac02-0adcb08832 5d:1234 images /bugs.launchpad .net/bugs/ 849982
>
> Using nova revision 1558 ( even early )
>
> If I use
> nova-manage project zipfile 1234 joeuser
> I obtain a zipfile with novarc formed like this:
>
> NOVARC=$(readlink -f "${BASH_
> NOVARC=$(python -c 'import os,sys; print os.path.
> NOVA_KEY_
> export EC2_ACCESS_
> export EC2_SECRET_
> export EC2_URL="http://
> export S3_URL="http://
> export EC2_USER_ID=42 # nova does not use user id, but bundling requires it
> export EC2_PRIVATE_
> export EC2_CERT=
> export NOVA_CERT=
> export EUCALYPTUS_
> alias ec2-bundle-
> alias ec2-upload-
> export NOVA_API_
> export NOVA_USERNAME=
> export NOVA_PROJECT_
> export NOVA_URL="http://
>
> I use keystone so I've substituted last row like this:
> export NOVA_URL="http://
>
> and then
> source novarc
>
> well...
>
> [root@hostname joeuser_bis]# euca-describe-
> Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
> EC2ResponseError: 403 Forbidden
> 403 Forbidden
>
> Access was denied to this resource.
>
>
> but...
> [root@hostname joeuser_bis]# export EC2_ACCESS_
> [root@hostname joeuser_bis]# euca-describe-
> IMAGE ami-00000009 None (prova_di_snapshot) creating private machine instance-store
> IMAGE ami-00000008 None (centos-5.2) available public machine instance-store
>
> it seems that nova-manage or authentication considers the wrong field in
> db
>
> ** Affects: nova
> Importance: Undecided
> Status: New
>
>
> ** Tags: nova nova-manage zip
>
> --
> You received this bug notification because you are a member of Nova Bug
> Team, which is subscribed to OpenStack Compute (nova).
> https:/
>
> Title:
> nova-manage zipfile problem
>
> Status in OpenStack Compute (Nova):
> New
>
> Bug description:
> Using nova revision 1558 ( even early )
>
> If I use
> nova-manage project zipfile 1234...