Cannot work with Nova using RightAWS

Bug #753660 reported by Masanori Itoh on 2011-04-07
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
OpenStack Compute (nova)
Medium
Masanori Itoh

Bug Description

Hi,

A colleague of mine mentioned that Nova cannot work with Ruby RightAWS, and
here is result of our analysis.

When RightAWS generates a Signature, it drops port number (e.g., ':8773'
or ':443') from the given server_string. On the contrary, Python boto does not
drop it.

Actually, Amazon AWS accepts Signatures generated both with and without port
numbers. Therefore, Amazon AWS must be generating 2 Signatures for each
request and pick one which matches with Signature with the given Request,
I think. I heard that Eucalyptus also does like the above.

The below are some evidence logs. I got both of the log lines below using
euca-describe-availability-zones and a simple RightAWS script issuing
DescribeAvailabilityZones using exactly the same EC2_URL:

  EC2_URL="http://192.168.138.135:8773/services/Cloud/"

1) boto (euca-describe-availability-zones) case

2011-04-07 23:04:29,343 DEBUG nova.signer [-] string_to_sign: GET
192.168.138.135:8773 *** NOTE(itoumsn): WITH PORT NUMBER ":8773" ***
/services/Cloud/
AWSAccessKeyId=admin%3Aadmin&Action=DescribeAvailabilityZones&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-04-07T14%3A04%3A28&Version=2009-11-30 from (pid=2307) _calc_signature_2 /home/itoumsn/nova/nova/auth/signer.py:144

2) RightAWS case

2011-04-07 23:05:10,544 DEBUG nova.signer [-] string_to_sign: GET
192.168.138.135 *** NOTE(itoumsn): WITHOUT PORT NUMBER ":8773" ***
/services/Cloud
AWSAccessKeyId=admin%3Aadmin&Action=DescribeAvailabilityZones&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-04-07T14%3A05%3A10.000Z&Version=2008-12-01 from (pid=2307) _calc_signature_2 /home/itoumsn/nova/nova/auth/signer.py:144

I wrote a patch for EC2 API authentication code retrying authentication
using server_string without port number on Signature un-match failure:

  lp:~itoumsn/nova/enable-rightaws

, and I would like to know thoughts of people on this issue.

# Should I post a merge proposal right now...???

-Masanori

Related branches

Masanori Itoh (itohm) on 2011-04-07
Changed in nova:
assignee: nobody → Masanori Itoh (itoumsn)
Masanori Itoh (itohm) on 2011-04-10
Changed in nova:
status: New → In Progress
Thierry Carrez (ttx) on 2011-04-11
Changed in nova:
importance: Undecided → Medium
Masanori Itoh (itohm) on 2011-05-10
Changed in nova:
status: In Progress → Fix Committed
Thierry Carrez (ttx) on 2011-06-02
Changed in nova:
milestone: none → diablo-1
Thierry Carrez (ttx) on 2011-09-22
Changed in nova:
milestone: diablo-1 → 2011.3
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers