Ask Your Question
0

normal user authorization failed

asked 2010-12-29 22:00:01 -0500

Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs. Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error EC2ResponseError: 401 Unauthorized 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Thanks,

Anping

edit retag flag offensive close merge delete

8 answers

Sort by » oldest newest most voted
0

answered 2010-12-30 18:57:30 -0500

Hi Vish,

Thank you very much for your response. Does a normal user need to have the netadmin role? After I did bundle/upload/register images, I tried to run euca-run-instance. I got the same output of NotAuthorized as I got from running euca-authorize. It's important for us to know if a normal openstack user can do what a normal Eucalyptus user can. Your help is highly appreciated. Thanks.

Anping

----- Original Message ----- From: "Vish Ishaya" vishvananda@gmail.com To: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:01:07 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

By default, you need the netadmin role to authorize security groups and associate public ips. Use BOTH of the following to give the user the netadmin access to a project:

nova-manage role add (user) netadmin nova-manage role add (user) netadmin (project)

Vish On Thursday, December 30, 2010, Launchpad Bug Tracker 695504@bugs.launchpad.net wrote:

You have been subscribed to a public bug:

Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs.  Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error EC2ResponseError: 401 Unauthorized 401 Unauthorized

This server could not verify that you are authorized to access the document you requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Thanks,

Anping

** Affects: nova     Importance: Undecided         Status: New


normal user authorization failed https://bugs.launchpad.net/bugs/695504 You received this bug notification because you are a member of Nova Bug Team, which is subscribed to OpenStack Compute (nova).


You received this bug notification because you are a direct subscriber of the bug. https://bugs.launchpad.net/bugs/695504

Title: normal user authorization failed

Status in OpenStack Compute (Nova): New

Bug description: Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs. Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error EC2ResponseError: 401 Unauthorized 401 Unauthorized

This server could not verify that you are authorized to access the document you requested. Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Thanks,

Anping

To unsubscribe from this bug, go to: https://bugs.launchpad.net/nova/+bug/695504/+subscribe (https://bugs.launchpad.net/nova/+bug/...)

edit flag offensive delete link more
0

answered 2010-12-30 20:59:43 -0500

Hi Vish,

I created a normal user anna and registered images. when I ran jobs, I got

euca-describe-images

IMAGE ami-paqlq8l5 anna/ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz.manifest.xml anna available private x86_64 kernel true
IMAGE ami-xy70vc7p anna/ttylinux-uec-amd64-12.1_2.6.35-22_1-initrd.manifest.xml anna available private x86_64 ramdisk true IMAGE ami-unwifk1z anna/ttylinux-uec-amd64-12.1_2.6.35-22_1.img.manifest.xml anna available private x86_64 machine
root@user07:~/images2# euca-run-instances ami-unwifk1z --kernel ami-paqlq8l5 --ramdisk ami-xy70vc7p -t m1.tiny NotAuthorized: None

-Anping

----- Original Message ----- From: "Anping Liu" aliu@mcs.anl.gov To: "Bug 695504" 695504@bugs.launchpad.net Cc: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:57:30 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

Hi Vish,

Thank you very much for your response. Does a normal user need to have the netadmin role? After I did bundle/upload/register images, I tried to run euca-run-instance. I got the same output of NotAuthorized as I got from running euca-authorize. It's important for us to know if a normal openstack user can do what a normal Eucalyptus user can. Your help is highly appreciated. Thanks.

Anping

----- Original Message ----- From: "Vish Ishaya" vishvananda@gmail.com To: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:01:07 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

By default, you need the netadmin role to authorize security groups and associate public ips. Use BOTH of the following to give the user the netadmin access to a project:

nova-manage role add (user) netadmin nova-manage role add (user) netadmin (project)

Vish On Thursday, December 30, 2010, Launchpad Bug Tracker 695504@bugs.launchpad.net wrote:

You have been subscribed to a public bug:

Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs.  Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error EC2ResponseError: 401 Unauthorized 401 Unauthorized

This server could not verify that you are authorized to access the document you requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Thanks,

Anping

** Affects: nova     Importance: Undecided         Status: New


normal user authorization failed https://bugs.launchpad.net/bugs/695504 You received this bug notification because you are a member of Nova Bug Team, which is subscribed to OpenStack Compute (nova).


You received this bug notification because you are a direct subscriber of the bug. https://bugs.launchpad.net/bugs/695504

Title: normal user authorization failed

Status in OpenStack Compute (Nova): New

Bug description: Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs. Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error ...

(more)
edit flag offensive delete link more
0

answered 2010-12-30 21:17:04 -0500

I did nova-manage role add anna netadmin nova-namage role add anna netadmin anna I can now do "euca-authorize", but still cannot run jobs euca-run-instances ami-unwifk1z --kernel ami-paqlq8l5 --ramdisk ami-xy70vc7p -t m1.tiny NotAuthorized: None

-Anping

----- Original Message ----- From: "Anping Liu" aliu@mcs.anl.gov To: "Bug 695504" 695504@bugs.launchpad.net Cc: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 2:59:43 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

Hi Vish,

I created a normal user anna and registered images. when I ran jobs, I got

euca-describe-images

IMAGE ami-paqlq8l5 anna/ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz.manifest.xml anna available private x86_64 kernel true
IMAGE ami-xy70vc7p anna/ttylinux-uec-amd64-12.1_2.6.35-22_1-initrd.manifest.xml anna available private x86_64 ramdisk true IMAGE ami-unwifk1z anna/ttylinux-uec-amd64-12.1_2.6.35-22_1.img.manifest.xml anna available private x86_64 machine
root@user07:~/images2# euca-run-instances ami-unwifk1z --kernel ami-paqlq8l5 --ramdisk ami-xy70vc7p -t m1.tiny NotAuthorized: None

-Anping

----- Original Message ----- From: "Anping Liu" aliu@mcs.anl.gov To: "Bug 695504" 695504@bugs.launchpad.net Cc: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:57:30 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

Hi Vish,

Thank you very much for your response. Does a normal user need to have the netadmin role? After I did bundle/upload/register images, I tried to run euca-run-instance. I got the same output of NotAuthorized as I got from running euca-authorize. It's important for us to know if a normal openstack user can do what a normal Eucalyptus user can. Your help is highly appreciated. Thanks.

Anping

----- Original Message ----- From: "Vish Ishaya" vishvananda@gmail.com To: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:01:07 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

By default, you need the netadmin role to authorize security groups and associate public ips. Use BOTH of the following to give the user the netadmin access to a project:

nova-manage role add (user) netadmin nova-manage role add (user) netadmin (project)

Vish On Thursday, December 30, 2010, Launchpad Bug Tracker 695504@bugs.launchpad.net wrote:

You have been subscribed to a public bug:

Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs.  Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error EC2ResponseError: 401 Unauthorized 401 Unauthorized

This server could not verify that you are authorized to access the document you requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Thanks,

Anping

** Affects: nova     Importance: Undecided         Status: New


normal user authorization failed https://bugs.launchpad.net/bugs/695504 You received this bug notification because you are a member of Nova Bug Team, which is subscribed to OpenStack Compute (nova).


You received this bug notification because you are a direct subscriber ...

(more)
edit flag offensive delete link more
0

answered 2010-12-30 18:01:07 -0500

vishvananda gravatar image

By default, you need the netadmin role to authorize security groups and associate public ips. Use BOTH of the following to give the user the netadmin access to a project:

nova-manage role add (user) netadmin nova-manage role add (user) netadmin (project)

Vish On Thursday, December 30, 2010, Launchpad Bug Tracker 695504@bugs.launchpad.net wrote:

You have been subscribed to a public bug:

Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs.  Normal users can bundle, upload and register images but cannot run jobs.

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0 Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error EC2ResponseError: 401 Unauthorized 401 Unauthorized

This server could not verify that you are authorized to access the document you requested.  Either you supplied the wrong credentials (e.g., bad password), or your browser does not understand how to supply the credentials required.

Thanks,

Anping

** Affects: nova     Importance: Undecided         Status: New


normal user authorization failed https://bugs.launchpad.net/bugs/695504 You received this bug notification because you are a member of Nova Bug Team, which is subscribed to OpenStack Compute (nova).

edit flag offensive delete link more
0

answered 2010-12-29 22:08:59 -0500

the bug had been filed as Question #139287. in nova-api.log nova-api(root): INFO Looking up user: '96bb3b1e-cab5-4d68-b5af-47592bb3dfe7' nova-api(root): INFO user: User('anna', 'anna', '96bb3b1e-cab5-4d68-b5af-47592bb3dfe7', 'f9c918e9-cde4-42e5-8689-bfe3d4364b09', False) nova-api(root): DEBUG using _calc_signature_2 nova-api(root): DEBUG query string: AWSAccessKeyId=96bb3b1e-cab5-4d68-b5af-47592bb3dfe7%3Aanna&Action=AuthorizeSecurityGroupIngress&CidrIp=0.0.0.0%2F0&FromPort=22&GroupName=default&IpProtocol=tcp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-12-29T21%3A18%3A20&ToPort=22&Version=2009-11-30 nova-api(root): DEBUG string_to_sign: GET 172.16.60.250:8773 /services/Cloud/ AWSAccessKeyId=96bb3b1e-cab5-4d68-b5af-47592bb3dfe7%3Aanna&Action=AuthorizeSecurityGroupIngress&CidrIp=0.0.0.0%2F0&FromPort=22&GroupName=default&IpProtocol=tcp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-12-29T21%3A18%3A20&ToPort=22&Version=2009-11-30 nova-api(root): DEBUG len(b64)=44 nova-api(root): DEBUG base64 encoded digest: wgzv+Jo8NaLBw9gZckh33Qg0ijMEf3nJw6du00eTcls= nova-api(root): DEBUG user.secret: f9c918e9-cde4-42e5-8689-bfe3d4364b09 nova-api(root): DEBUG expected_signature: wgzv+Jo8NaLBw9gZckh33Qg0ijMEf3nJw6du00eTcls= nova-api(root): DEBUG signature: wgzv+Jo8NaLBw9gZckh33Qg0ijMEf3nJw6du00eTcls= nova-api(api): DEBUG action: AuthorizeSecurityGroupIngress nova-api(api): DEBUG arg: GroupName val: default nova-api(api): DEBUG arg: CidrIp val: 0.0.0.0/0 nova-api(api): DEBUG arg: FromPort val: 22 nova-api(api): DEBUG arg: ToPort val: 22 nova-api(api): DEBUG arg: IpProtocol val: tcp

edit flag offensive delete link more
0

answered 2011-01-05 10:26:32 -0500

From Vish:

By default, you need the netadmin role to authorize security groups and associate public ips. Use BOTH of the following to give the user the netadmin access to a project:

nova-manage role add (user) netadmin nova-manage role add (user) netadmin (project)


To call RunInstances, your user needs to have 'projectmanager' or 'sysadmin' roles. Looking at the code, by default, "normal" users can only run Describe commands, and Create/Delete keypairs.

edit flag offensive delete link more
0

answered 2010-12-30 22:32:56 -0500

in nova-api.log: Thu, 30 Dec 2010 22:21:52 GMT /_images/ nova-api(boto): DEBUG Method: GET nova-api(boto): DEBUG Path: /_images/ nova-api(boto): DEBUG Data: nova-api(boto): DEBUG Headers: {'Date': 'Thu, 30 Dec 2010 22:21:52 GMT', 'Content-Length': '0', 'Authorization': 'AWS 96bb3b1e-cab5-4d68-b5af-47592bb3dfe7:anna:5jcbWfLwBX9rr27e8QBNetp6M6E=', 'User-Agent': 'Boto/1.9b (linux2)'} nova-api(boto): DEBUG Host: 172.16.60.250:3333 nova-api(boto): DEBUG establishing HTTP connection nova-api(root): DEBUG Going to run 1 instances... nova-api(root): ERROR NotAuthorized: None

----- Original Message ----- From: "Anping Liu" aliu@mcs.anl.gov To: "Bug 695504" 695504@bugs.launchpad.net Cc: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 3:17:04 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

I did nova-manage role add anna netadmin nova-namage role add anna netadmin anna I can now do "euca-authorize", but still cannot run jobs euca-run-instances ami-unwifk1z --kernel ami-paqlq8l5 --ramdisk ami-xy70vc7p -t m1.tiny NotAuthorized: None

-Anping

----- Original Message ----- From: "Anping Liu" aliu@mcs.anl.gov To: "Bug 695504" 695504@bugs.launchpad.net Cc: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 2:59:43 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

Hi Vish,

I created a normal user anna and registered images. when I ran jobs, I got

euca-describe-images

IMAGE ami-paqlq8l5 anna/ttylinux-uec-amd64-12.1_2.6.35-22_1-vmlinuz.manifest.xml anna available private x86_64 kernel true
IMAGE ami-xy70vc7p anna/ttylinux-uec-amd64-12.1_2.6.35-22_1-initrd.manifest.xml anna available private x86_64 ramdisk true IMAGE ami-unwifk1z anna/ttylinux-uec-amd64-12.1_2.6.35-22_1.img.manifest.xml anna available private x86_64 machine
root@user07:~/images2# euca-run-instances ami-unwifk1z --kernel ami-paqlq8l5 --ramdisk ami-xy70vc7p -t m1.tiny NotAuthorized: None

-Anping

----- Original Message ----- From: "Anping Liu" aliu@mcs.anl.gov To: "Bug 695504" 695504@bugs.launchpad.net Cc: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:57:30 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

Hi Vish,

Thank you very much for your response. Does a normal user need to have the netadmin role? After I did bundle/upload/register images, I tried to run euca-run-instance. I got the same output of NotAuthorized as I got from running euca-authorize. It's important for us to know if a normal openstack user can do what a normal Eucalyptus user can. Your help is highly appreciated. Thanks.

Anping

----- Original Message ----- From: "Vish Ishaya" vishvananda@gmail.com To: aliu@alcf.anl.gov Sent: Thursday, December 30, 2010 12:01:07 PM Subject: Re: [Bug 695504] [NEW] normal user authorization failed

By default, you need the netadmin role to authorize security groups and associate public ips. Use BOTH of the following to give the user the netadmin access to a project:

nova-manage role add (user) netadmin nova-manage role add (user) netadmin (project)

Vish On Thursday, December 30, 2010, Launchpad Bug Tracker 695504@bugs.launchpad.net wrote:

You have been subscribed to a public bug:

Upgrade Openstack to 2011.1~bzr456-0ubuntu1. admin user doesn't have problems to run jobs.  Normal users can bundle, upload and register images but cannot run ...

(more)
edit flag offensive delete link more
0

answered 2011-01-05 10:16:42 -0500

This is not a bug, but a question.

edit flag offensive delete link more

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

Stats

Asked: 2010-12-29 22:00:01 -0500

Seen: 103 times

Last updated: Jan 05 '11