Ask Your Question
0

Heats webhook respond 'incomplete-signature'-error (not conform to AWS standards)

asked 2014-11-05 23:20:37 -0600

mc__ gravatar image

updated 2014-11-09 20:50:11 -0600

Hi there,

as I wanted to check out the autoscaling features of heat in combination with ceilometer, I tried to adapt one of the example HOT's. Meanwhile, the HOT is starting successfully, but whatever I do to stress my VM in the web_server_group, no scaling reaction is observable.
Executing the webhook manually, there's an error response, which google hardly knows, so I try my best here - maybe you can help me to solve this problem.
Additionally I'm wondering, why AWS is mentioned in the error - actually I don't want to use it. Are webhooks only possible via AWS?

Core Issue: 

 curl -XPOST -i http://xxx.xxx.xxx.xxx:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3A9036a06bb9f648beb8b4d4592e693735%3Astacks%2FTestStack%2F3d0054f4-401a-4578-b9fd-4b6374bc69b2%2Fresources%2Fweb_server_scaleup_policy?Timestamp=2014-11-06T02%3A47%3A19Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=e4f6cefc18a34695b1aba1bd5e0bbb0a&SignatureVersion=2&Signature=dOjsDdfO37Ym0%2F3t5A1qzxNmrjfYHdohJZ%2FQ3HBJafU%3D
[1] 7073
[2] 7074
[3] 7075
[4] 7076
root@foo:/home/bar# HTTP/1.1 400 IncompleteSignature
Content-Type: application/xml; charset=UTF-8
Content-Length: 171
Date: Thu, 06 Nov 2014 03:11:55 GMT

<ErrorResponse><Error><Message>The request signature does not conform to AWS standards</Message><Code>IncompleteSignature</Code><Type>Sender</Type></Error></ErrorResponse>

Another try: 

curl -X POST http://xxx.xxx.xxx.xxx:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3A9036a06bb9f648beb8b4d4592e693735%3Astacks%2FTestStack%2F3d0054f4-401a-4578-b9fd-4b6374bc69b2%2Fresources%2Fweb_server_scaleup_policy?Timestamp=2014-11-06T02%3A47%3A19Z
[3]   Done                    SignatureMethod=HmacSHA256
[4]   Done                    AWSAccessKeyId=e4f6cefc18a34695b1aba1bd5e0bbb0a
[5]   Done                    SignatureVersion=2
user@vm-foo:~$ <ErrorResponse><Error><Message>The request signature does not conform to AWS standards</Message><Code>IncompleteSignature</Code><Type>Sender</Type></Error></ErrorResponse>

Further specs:
Version OpenStack Icehouse VM: Ubuntu 14.04
stress command: 'stress --cpu 8 --io 8 --vm 2 --vm-bytes 256M &' causing permanent usage of ~60% CPU usage. On the host, heat-api-cfn is running, and port 8000 is in use.

edit retag flag offensive close merge delete
add a comment

2 answers

Sort by ยป oldest newest most voted
1

answered 2014-11-06 02:47:24 -0600

shardy gravatar image

Hi, please can you try the following:

curl -XPOST -i "http://xxx.xxx.xxx.xxx:8000/v1/signal/arn%3Aopenstack%3Aheat%3A%3A9036a06bb9f648beb8b4d4592e693735%3Astacks%2FTestStack%2F3d0054f4-401a-4578-b9fd-4b6374bc69b2%2Fresources%2Fweb_server_scaleup_policy?Timestamp=2014-11-06T02%3A47%3A19Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=e4f6cefc18a34695b1aba1bd5e0bbb0a&SignatureVersion=2&Signature=dOjsDdfO37Ym0%2F3t5A1qzxNmrjfYHdohJZ%2FQ3HBJafU%3D"

If you don't quote the URL, then the & character before the first query-string argument backgrounds the curl and fails to pass the arguments via the request

edit flag offensive delete link more
add a comment
0

answered 2014-11-06 03:33:06 -0600

mc__ gravatar image

updated 2014-11-06 03:34:27 -0600

Ok thanks, better. Now the error turns to 

HTTP/1.1 403 AccessDenied
Content-Type: application/xml; charset=UTF-8
Content-Length: 149
Date: Thu, 06 Nov 2014 09:30:00 GMT

<ErrorResponse><Error><Message>User is not authorized to perform action</Message><Code>AccessDenied</Code><Type>Sender</Type></Error></ErrorResponse>

/var/log/heat/heat-api-cfn.log and /var/log/heat/heat-api-cloudwatch.log is empty,

But /var/log/heat/heat-engine.log returns repetitious 

 2014-11-06 16:51:26.327 2086 WARNING heat.common.keystoneclient [req-d3f4ebed-f380-422e-93a3-c995f4fb2427 None] stack_user_domain ID not set in heat.conf falling back to using default

Should I split the question and open a new one?

edit flag offensive delete link more

Comments

See https://ask.openstack.org/en/question... for the resolution to this problem

shardy gravatar imageshardy ( 2014-11-10 05:50:15 -0600 )edit
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Get to know Ask OpenStack

Resources for moderators

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2014-11-05 23:20:37 -0600

Seen: 1,805 times

Last updated: Nov 09 '14

Related questions

autoscaling policy fails authentication but heat template works fine without

Heat Orchestration

OS::Heat::ResourceGroup resources modified in unexpected order

How can I start Gnocchi ?

Ceilometer central agent failing

ceilometer meter-list error

gnocchi-api running error, Address already in use

highly available heat?

create ceilometer alarm for one specific instanace

Calculate cpu utilization of a complete host ?