Hello guys,
I wonder is it a bug. I started a stack and get the alarm_url output of ScalingPolicy:
ScaleUpURL:
description: url to scale up
value: { get_attr : [web_server_scaleup_policy, alarm_url] }
This is the output url:
http://176.31.105.64:8000/signal/arn:openstack:heat::704a532a5260484ba56b069b7219d3ff:stacks/wordpress3/5ce9fe67-3643-4ca0-9b95-e58c953098da/resources/web_server_scaleup_policy?Timestamp=2014-06-12T07:48:43Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=6fadfed3020f4156be194824da3a3f8b&SignatureVersion=2&Signature=JWtPkySatWeJ7Wv7Jgm4PtA4tz4wwy6plkD7Yz+eIyE=
They I tried to trigged it by sending POST request, and got 404 error. I checked the heat-api-cfn.log and found out that a middleware tried to check the version of this link, and it failed:
2014-06-12 12:01:57.972 2690 DEBUG heat.api.middleware.version_negotiation [-] Processing request: POST /signal/arn:openstack:heat::704a532a5260484ba56b069b7219d3ff:stacks/wordpress3/5ce9fe67-3643-4ca0-9b95-e58c953098da/resources/web_server_scaleup_policy/v1.0 Accept: */* process_request /usr/lib/python2.7/dist-packages/heat/api/middleware/version_negotiation.py:53
2014-06-12 12:01:57.973 2690 DEBUG heat.api.middleware.version_negotiation [-] Unknown accept header: */*...returning HTTP not found. process_request /usr/lib/python2.7/dist-packages/heat/api/middleware/version_negotiation.py:104
I don't know if the URL is wrong or not. Then I tried to manually add version v1.0 to the link:
http://176.31.105.64:8000/v1.0/signal/arn:openstack:heat::704a532a5260484ba56b069b7219d3ff:stacks/wordpress3/5ce9fe67-3643-4ca0-9b95-e58c953098da/resources/web_server_scaleup_policy?Timestamp=2014-06-12T07:48:43Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=6fadfed3020f4156be194824da3a3f8b&SignatureVersion=2&Signature=JWtPkySatWeJ7Wv7Jgm4PtA4tz4wwy6plkD7Yz+eIyE=
It passed the version check, then failed at AWS credential check:
2014-06-12 12:06:35.234 2690 INFO heat.api.aws.ec2token [-] Checking AWS credentials..
2014-06-12 12:06:35.234 2690 INFO heat.api.aws.ec2token [-] No AWS Signature found.
2014-06-12 12:06:35.235 2690 DEBUG root [-] XML response : <ErrorResponse><Error><Message>The request signature does not conform to AWS standards</Message><Code>IncompleteSignature</Code><Type>Sender</Type></Error></ErrorResponse> to_xml /usr/lib/python2.7/dist-packages/heat/common/wsgi.py:619
I don't use anything related to AWS, why there is an AWS check here?
I believe this is a misconfiguration in your heat.conf. Please check this setting:
heat_waitcondit ion_server_ url = http:// 127.0.0. 1:8000/ v1/waitconditio n
That's how I have heat configured (single node devstack environment) and curl -X POST to the alarm URL works fine.
So in your case this should probably be:
heat_waitcondit ion_server_ url = http:// 176.31. 105.64: 8000/v1/ waitcondition
The reason you see an AWS authentication failure is the pre-signed URL uses the ec2tokens authentication middleware, and you're accessing the Cloudformation- compatible API, which supports AWS style authentication.
FWIW, we should probably look at making the *url heat.conf options optional and by default using the keystone catalog entries instead, which would probably avoid these sort of misconfiguration problems in many cases.