Ask Your Question
0

Heats webhook respond 'incomplete-signature'-error (not conform to AWS standards)

asked 2014-11-05 23:20:37 -0600

mc__ gravatar image

updated 2014-11-09 20:50:11 -0600

Hi there,

as I wanted to check out the autoscaling features of heat in combination with ceilometer, I tried to adapt one of the example HOT's. Meanwhile, the HOT is starting successfully, but whatever I do to stress my VM in the web_server_group, no scaling reaction is observable.
Executing the webhook manually, there's an error response, which google hardly knows, so I try my best here - maybe you can help me to solve this problem.
Additionally I'm wondering, why AWS is mentioned in the error - actually I don't want to use it. Are webhooks only possible via AWS?

Core Issue: 

 curl -XPOST -i http://xxx.xxx.xxx.xxx:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3A9036a06bb9f648beb8b4d4592e693735%3Astacks%2FTestStack%2F3d0054f4-401a-4578-b9fd-4b6374bc69b2%2Fresources%2Fweb_server_scaleup_policy?Timestamp=2014-11-06T02%3A47%3A19Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=e4f6cefc18a34695b1aba1bd5e0bbb0a&SignatureVersion=2&Signature=dOjsDdfO37Ym0%2F3t5A1qzxNmrjfYHdohJZ%2FQ3HBJafU%3D
[1] 7073
[2] 7074
[3] 7075
[4] 7076
root@foo:/home/bar# HTTP/1.1 400 IncompleteSignature
Content-Type: application/xml; charset=UTF-8
Content-Length: 171
Date: Thu, 06 Nov 2014 03:11:55 GMT

<ErrorResponse><Error><Message>The request signature does not conform to AWS standards</Message><Code>IncompleteSignature</Code><Type>Sender</Type></Error></ErrorResponse>

Another try: 

curl -X POST http://xxx.xxx.xxx.xxx:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3A9036a06bb9f648beb8b4d4592e693735%3Astacks%2FTestStack%2F3d0054f4-401a-4578-b9fd-4b6374bc69b2%2Fresources%2Fweb_server_scaleup_policy?Timestamp=2014-11-06T02%3A47%3A19Z
[3]   Done                    SignatureMethod=HmacSHA256
[4]   Done                    AWSAccessKeyId=e4f6cefc18a34695b1aba1bd5e0bbb0a
[5]   Done                    SignatureVersion=2
user@vm-foo:~$ <ErrorResponse><Error><Message>The request signature does not conform to AWS standards</Message><Code>IncompleteSignature</Code><Type>Sender</Type></Error></ErrorResponse>

Further specs:
Version OpenStack Icehouse VM: Ubuntu 14.04
stress command: 'stress --cpu 8 --io 8 --vm 2 --vm-bytes 256M &' causing permanent usage of ~60% CPU usage. On the host, heat-api-cfn is running, and port 8000 is in use.

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-11-06 02:47:24 -0600

shardy gravatar image

Hi, please can you try the following:

curl -XPOST -i "http://xxx.xxx.xxx.xxx:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3A9036a06bb9f648beb8b4d4592e693735%3Astacks%2FTestStack%2F3d0054f4-401a-4578-b9fd-4b6374bc69b2%2Fresources%2Fweb_server_scaleup_policy?Timestamp=2014-11-06T02%3A47%3A19Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=e4f6cefc18a34695b1aba1bd5e0bbb0a&SignatureVersion=2&Signature=dOjsDdfO37Ym0%2F3t5A1qzxNmrjfYHdohJZ%2FQ3HBJafU%3D"

If you don't quote the URL, then the & character before the first query-string argument backgrounds the curl and fails to pass the arguments via the request

edit flag offensive delete link more
add a comment
0

answered 2014-11-06 03:33:06 -0600

mc__ gravatar image

updated 2014-11-06 03:34:27 -0600

Ok thanks, better. Now the error turns to 

HTTP/1.1 403 AccessDenied
Content-Type: application/xml; charset=UTF-8
Content-Length: 149
Date: Thu, 06 Nov 2014 09:30:00 GMT

<ErrorResponse><Error><Message>User is not authorized to perform action</Message><Code>AccessDenied</Code><Type>Sender</Type></Error></ErrorResponse>

/var/log/heat/heat-api-cfn.log and /var/log/heat/heat-api-cloudwatch.log is empty,

But /var/log/heat/heat-engine.log returns repetitious 

 2014-11-06 16:51:26.327 2086 WARNING heat.common.keystoneclient [req-d3f4ebed-f380-422e-93a3-c995f4fb2427 None] stack_user_domain ID not set in heat.conf falling back to using default

Should I split the question and open a new one?

edit flag offensive delete link more

Comments

See https://ask.openstack.org/en/question... for the resolution to this problem

shardy gravatar imageshardy ( 2014-11-10 05:50:15 -0600 )edit
add a comment

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-11-05 23:20:37 -0600

Seen: 2,018 times

Last updated: Nov 09 '14

Related questions

Rolling updates with heat autoscaling.

Heat (Stein) create stack fails on nics

devstack: fails HTTPMultipleChoices (HTTP 300) Requested version of OpenStack Images API is not available

How to switch to different backend db from gnocchi in ceilometer

Ceilometer meter query fails?

delete hanging security group

For resource management, how to scale Hosts Online ex: scale cpu, ram , disks , ...etc.

Ceilometer not working with authentication

How can I use a 1 based index for naming servers in a ResourceGroup?

Can I instantiate bare metal using ironic via Heat ?