euca-authorize default failing

Bug #452556 reported by Dustin Kirkland  on 2009-10-15
14
This bug affects 3 people
Affects Status Importance Assigned to Milestone
Eucalyptus
Fix Released
Medium
chris grzegorczyk
Release Notes for Ubuntu
Undecided
Unassigned
euca2ools (Ubuntu)
Low
Unassigned
eucalyptus (Ubuntu)
Low
Unassigned

Bug Description

ubuntu@cluster:~$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0
Warning: failed to parse error message from AWS: <unknown>:2:42: not well-formed (invalid token)
Traceback (most recent call last):
  File "/usr/bin/euca-authorize", line 180, in <module>
    main()
  File "/usr/bin/euca-authorize", line 157, in main
    euca.display_error_and_exit('%s' % ex)
  File "/usr/lib/python2.6/dist-packages/euca2ools/__init__.py", line 996, in display_error_and_exit
    dom = minidom.parseString(msg)
  File "/usr/lib/python2.6/xml/dom/minidom.py", line 1928, in parseString
    return expatbuilder.parseString(string)
  File "/usr/lib/python2.6/xml/dom/expatbuilder.py", line 940, in parseString
    return builder.parseString(string)
  File "/usr/lib/python2.6/xml/dom/expatbuilder.py", line 223, in parseString
    parser.Parse(string, True)
xml.parsers.expat.ExpatError: not well-formed (invalid token): line 1, column 147

summary: - euca-authorize-default failing
+ euca-authorize default failing
Changed in eucalyptus (Ubuntu):
importance: Undecided → Medium
Changed in euca2ools (Ubuntu):
importance: Undecided → Medium
status: New → Confirmed
Changed in eucalyptus (Ubuntu):
status: New → Confirmed
Changed in eucalyptus:
status: New → Confirmed
Changed in euca2ools (Ubuntu):
importance: Medium → Low
Changed in eucalyptus (Ubuntu):
importance: Medium → Low
Neil Soman (neilsoman) wrote :

I am unable to reproduce this problem. I am using Eucalyptus revno 931 and Euca2ools revno 221.

Perhaps something went wrong in the packaging?

$ euca-authorize default -P tcp -p 22 -s 0.0.0.0/0
GROUP default
PERMISSION default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

$ euca-describe-groups
GROUP admin default default group
PERMISSION admin default ALLOWS tcp 22 22 FROM CIDR 0.0.0.0/0

On Thu, Oct 15, 2009 at 10:42:55PM -0000, Neil Soman wrote:
> I am unable to reproduce this problem. I am using Eucalyptus revno 931
> and Euca2ools revno 221.
>

I've seen that problem as well. But it's not reliably reproducible.
After some time the command succeeds. If that happens again where can
more information be found?

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Nick Barcet (nijaba) wrote :

I am seeing this problem as well. Knowing where to collect debug info from would help.

Neil Soman (neilsoman) wrote :

Please check the wire. I'd be interested in what the cloud is
actually responding with (ngrep -d <iface> -Wbyline port 8773) on the
front end.

It is likely something to do with packaging. I have never seen it with the source install.

Nick Barcet (nijaba) wrote :

I have ran a capture of the traffic while the error is occuring:

Request:
CGET /services/Eucalyptus/?AWSAccessKeyId=***************************&Action=AuthorizeSecurityGroupIngress&CidrIp=0.0.0.0%2F0&FromPort=22&GroupName=default&IpProtocol=tcp&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2009-10-16T16%3A42%3A34&ToPort=22&Version=2009-04-04&Signature=*****************%3D HTTP/1.1
Host: 192.168.0.65:8773
Accept-Encoding: identity
User-Agent: Boto/1.8d (linux2)

Reply:
HTTP/1.1 400 Bad Request
Content-Length: 381
Content-Type: application/xml; charset=UTF-8

<?xml version="1.0"?><Response><Errors><Error><Code>Groups</Code><Message>Error locating information for
<com.eucalyptus.entities.NetworkRulesGroup@e5d14fd3 uniqueName=admindefault description=null networkRules=[] userName=admin displayName=default id=null version=0 lastUpdate=null></Message></Error></Errors><RequestID>29083f78-9759-46ad-8205-0f867c2b21b9</RequestID></Response>

Hope this helps. I've replaced signature elements by *.

Neil Soman (neilsoman) wrote :

Nick,

do you have a server side exception/stack trace?

Are there other exceptions?

Something is definitely not right with the package.

thanks.

Mathias Gug (mathiaz) wrote :

On Fri, Oct 16, 2009 at 04:56:26PM -0000, Neil Soman wrote:
> Nick,
>
> do you have a server side exception/stack trace?
>
> Are there other exceptions?

Which file(s) should be looked at?

> Something is definitely not right with the package.
>

Note that the error will disappear after some time and several retries.

--
Mathias Gug
Ubuntu Developer http://www.ubuntu.com

Nick Barcet (nijaba) wrote :

Unfortunately, the only report of an error on the server side is the one I got from capturing network traffic. As mathias pointed I cannot reproduce the error anymore...

Changed in eucalyptus:
assignee: nobody → chris grzegorczyk (chris-grze)
status: Confirmed → Incomplete
Nick Barcet (nijaba) wrote :

Perusing the /var/log/eucalyptus/cloud-output.log which seems to contain an interesting stack trace. Attaching the relevant section.

Changed in eucalyptus:
status: Incomplete → Confirmed
Daniel Nurmi (nurmi) wrote :

I looks like this bug happens when an authorize is called before the group is used in another context (run-instances, describe-group, etc). For example:

euca-authorize (fails)
euca-describe-groups
euca-authorize (success)

Attaching the log file showing exception, and exact commands

Changed in eucalyptus:
importance: Undecided → Medium
Thierry Carrez (ttx) on 2009-10-19
Changed in euca2ools (Ubuntu):
status: Confirmed → Incomplete
Thierry Carrez (ttx) wrote :

If systematic, we might need to document it in the release notes.

Thierry Carrez (ttx) wrote :

Only first use error, I don't think it warrants a release note entry.

Changed in ubuntu-release-notes:
status: New → Invalid
Thierry Carrez (ttx) on 2009-10-26
Changed in eucalyptus (Ubuntu):
status: Confirmed → Triaged
Thierry Carrez (ttx) on 2009-10-29
tags: added: eucalyptus
Thierry Carrez (ttx) wrote :

Probably an issue in eucalyptus rather than euca2ools, since the same command works after issuing a group command (and no state is kept client-side)

Changed in euca2ools (Ubuntu):
status: Incomplete → Invalid
chris grzegorczyk (chris-grze) wrote :

Actually, this bug has been closed a while ago and I can confirm it is not present in the current trunk. I'm afraid that it was closed incidentally and I don't know the revno, sorry.

Changed in eucalyptus:
status: Confirmed → Fix Released
tags: added: iso-testing
Changed in eucalyptus (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers