heat autoscaling aws authentication failure

asked 2014-02-26 08:09:10 -0500

anonymous user


updated 2014-02-27 02:34:48 -0500

I installed devstack, (single node, stable/havana, heat and ceilometer included) and was hoping to test the autoscaling feature. I am using a custom meter ("testcounter") in ceilometer. The meter seems to be working fine, I post samples to trigger the alarm using the REST API.

When I launch the stack, one instance is booted. But when the alarm is triggered, no additional instance is booting.. Any advice is most appreciated.

This is the h-api-cfn output, which seems to indicate that heat receives the ceilometer alarm, but that there is an authentication failure that might be preventing the extra instance to be launched:

2014-02-26 13:41:47.776 DEBUG heat.api.middleware.version_negotiation [-] Processing request: POST /v1/signal/arn:openstack:heat::574192af441e4e0487b0ad60a9fda946:stacks/test/f04974cc-3d64-4fc1-ab0c-04518a595477/resources/WebServerScaleDownPolicy Accept: */* from (pid=21822) process_request /opt/stack/heat/heat/api/middleware/version_negotiation.py:53
2014-02-26 13:41:47.776 DEBUG heat.api.middleware.version_negotiation [-] Matched versioned URI. Version: 1.0 from (pid=21822) process_request /opt/stack/heat/heat/api/middleware/version_negotiation.py:68
2014-02-26 13:41:47.777 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2014-02-26 13:41:47.777 INFO heat.api.aws.ec2token [-] AWS credentials found, checking against keystone.
2014-02-26 13:41:47.778 INFO heat.api.aws.ec2token [-] Authenticating with http://<ip_controller>:5000/v2.0/ec2tokens
2014-02-26 13:41:47.791 INFO requests.packages.urllib3.connectionpool [-] Starting new HTTP connection (1): <proxy>
2014-02-26 13:41:47.803 DEBUG requests.packages.urllib3.connectionpool [-] "POST http://<ip_controller>:5000/v2.0/ec2tokens HTTP/1.1" 500 183 from (pid=21822) _make_request /usr/local/lib/python2.7/dist-packages/requests/packages/urllib3/connectionpool.py:344
2014-02-26 13:41:47.804 INFO heat.api.aws.ec2token [-] AWS authentication failure.
2014-02-26 13:41:47.805 DEBUG root [-] XML response : <ErrorResponse><Error><Message>User is not authorized to perform action</Message><Code>AccessDenied</Code><Type>Sender</Type></Error></ErrorResponse> from (pid=21822) to_xml /opt/stack/heat/heat/common/wsgi.py:604

This is the keystone log:

2014-02-26 13:41:47.609 INFO access [-] - - [26/Feb/2014:12:41:47 +0000] "POST http://<ip_controller>:5000/v2.0/tokens HTTP/1
.0" 200 9697
2014-02-26 13:41:47.797 DEBUG routes.middleware [-] Matched POST /ec2tokens from (pid=11474) __call__ /usr/lib/python2.7/dist-packages
2014-02-26 13:41:47.797 DEBUG routes.middleware [-] Route path: '/ec2tokens', defaults: {'action': u'authenticate', 'controller': <keystone.contrib.ec2.controllers.Ec2Controller object at 0x4518f50>} from (pid=11474) __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:102
2014-02-26 13:41:47.797 DEBUG routes.middleware [-] Match dict: {'action': u'authenticate', 'controller': <keystone.contrib.ec2.controllers.Ec2Controller object at 0x4518f50>} from (pid=11474) __call__ /usr/lib/python2.7/dist-packages/routes/middleware.py:103
2014-02-26 13:41:47.801 ERROR keystone.common.wsgi [-] 'unicode' object has no attribute 'get'
2014-02-26 13:41:47.801 TRACE keystone.common.wsgi Traceback (most recent call last):
2014-02-26 13:41:47.801 TRACE keystone.common.wsgi   File "/opt/stack/keystone/keystone/common/wsgi ...
edit retag flag offensive close merge delete


I haven't (properly )solved the problem yet, but i confirmed the autoscaling didn't work because of the authentication failure: setting "insecure = true" in /etc/heat/heat.conf in the [keystone_authtoken] section solves the problem and enables the extra instance to be launched

lvh gravatar imagelvh ( 2014-03-04 08:04:49 -0500 )edit

Have you encountered the problem mentioned in the following link. https://ask.openstack.org/en/question... . I have posted it. I was also trying to autoscale but got DB session is already flushing error

Syed Awais Ali gravatar imageSyed Awais Ali ( 2014-05-17 02:46:43 -0500 )edit

1 answer

Sort by ยป oldest newest most voted

answered 2015-01-18 21:14:35 -0500

asalkeld gravatar image

This may be due to a change in boto (to mirror a change in AWS).


edit flag offensive delete link more

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower


Asked: 2014-02-26 08:09:10 -0500

Seen: 1,470 times

Last updated: Jan 18 '15