euca2ools returns HTTP/1.1 500 Internal Server Error
Hello,
I have an Openstack deployment in HA, with 2 compute nodes and 3 controllers. Everything is working fine, however as soon as I try using EC2 Compatibility APIs though euca2ools commands I am always getting HTTP 500 error. nova*.log do not show anything that could help me pointing out where the problem could be. Native openstack calls works properly. I haven't find much documentation on how troubleshooting this issue and I would appreciate if anybody can provide some hints, ideas.
Here few information gathered from the controllers
1) ec2 credential in keystone ec-credentials-list --user-id match with the EC2 Access and Secret keys. EC2_AUTH is not set as not not defined in my ec2rc.sh. I did not have to create keystone credentials as many tutorial describe as it seems they are created when downloading the .zip file
2) api-paste.ini is the same in the 3 controllers, I paste here the config for ec2 and ec2cloud
####### # EC2 # ####### [composite:ec2] use = egg:Paste#urlmap /services/Cloud: ec2cloud [composite:ec2cloud] use = call:nova.api.auth:pipeline_factory noauth = ec2faultwrap logrequest ec2noauth cloudrequest validator ec2executor keystone = ec2faultwrap logrequest ec2keystoneauth cloudrequest validator ec2executor [filter:ec2faultwrap] paste.filter_factory = nova.api.ec2:FaultWrapper.factory [filter:logrequest] paste.filter_factory = nova.api.ec2:RequestLogging.factory [filter:ec2lockout] paste.filter_factory = nova.api.ec2:Lockout.factory [filter:ec2keystoneauth] paste.filter_factory = nova.api.ec2:EC2KeystoneAuth.factory [filter:ec2noauth] paste.filter_factory = nova.api.ec2:NoAuth.factory [filter:cloudrequest] controller = nova.api.ec2.cloud.CloudController paste.filter_factory = nova.api.ec2:Requestify.factory [filter:authorizer] paste.filter_factory = nova.api.ec2:Authorizer.factory [filter:validator] paste.filter_factory = nova.api.ec2:Validator.factory [app:ec2executor] paste.app_factory = nova.api.ec2:Executor.factory
3) In /etc/nova/nova.conf enabled_apis include ec2, however in my nova.conf ec2_listen_port=8873 is not present but only ec2_listen.
As I previously indicated his as an HA configuration, with 3 controllers with the current partial configuration on the /etc/haproxy/haproxy.cfg
listen nova-api-1 bind 172.16.0.254:8773 bind 192.168.1.254:8773 balance roundrobin option httplog server controller-01 192.168.1.231:8773 check server controller-02 192.168.1.232:8773 check server controller-03 192.168.1.233:8773 check
ec2_listen_port is not defined in the /etc/nova/nova.conf, however 8773 is the default port for nova-api, would anything change by adding it to the nova.conf?
enabled_apis=ec2,osapi_compute,
4) rest query response from Chrome:
<response>
<errors>
<error>
Unauthorized
<message>Signature not provided</message>
</error>
</errors>
<requestid>req-0fef8417-77b0-4b0f-9553-da2c5957e80b</requestid>
</response>
and from an instance using wget (this is the same instance I am running euca2tools)
ubuntu@instance02:~$ wget http://172.16.0.254:8773/services/Cloud/ --2013-10-28 15:59:47-- http://172.16.0.254:8773/services/Cloud/ Connecting to 172.16.0.254:8773... connected. HTTP request sent, awaiting response... 400 Bad Request 2013-10-28 15:59:48 ERROR 400: Bad Request. ubuntu@instance02:~$
ubuntu@instance02:~$ curl -skv -H "Content-Type: application/x-www-form-urlencoded; charset=UTF-8" "http://172.16.0.254:8773/services/Cloud/?AWSAccessKeyId ...