Problems with ec2-service on Ocata

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
3 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Problems with ec2-service on Ocata

Massimo Sgaravatto
Hi

We are trying to configure the ec2-service on a Ocata OpenStack installation.

If I try a euca-describe-images it works, but if I try to get the list of instances (euca-describe-instances) it fails.
Looking at the log [*], it looks like to me that it initially uses the correct nova endpoint: 


but then it tries to use:


i.e. http instead of https, and the connection fails, as expected. 
I am not able to understand why it tries to use that endpoint ...

Any hints ?

Thanks, Massimo


[*]
2017-06-07 18:10:10.371 16470 DEBUG ec2api.wsgi.server [-] (16470) accepted ('192.168.60.24', 45185) server /usr/lib/python2.7/site-packages/eventlet/wsgi.py:867
2017-06-07 18:10:10.549 16470 DEBUG ec2api.api [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -] action: DescribeInstances __call__ /usr/lib/python2.7/site-packages/ec2api/api/__init__.py:286
2017-06-07 18:10:10.565 16470 DEBUG novaclient.v2.client [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -] REQ: curl -g -i --cacert "/etc/grid-security/certificates/INFN-CA-2015.pem" -X GET https://cloud-areapd-test.pd.infn.it:8774/v2.1 -H "User-Agent: python-novaclient" -H "Accept: application/json" -H "X-OpenStack-Nova-API-Version: 2.1" -H "X-Auth-Token: {SHA1}9f9eb3c7cea14ac54b243338281afa0a59b3d06b" _http_log_request /usr/lib/python2.7/site-packages/keystoneclient/session.py:216
2017-06-07 18:10:11.320 16470 DEBUG novaclient.v2.client [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -] RESP: [302] Content-Type: text/plain; charset=utf8 Location: http://cloud-areapd-test.pd.infn.it:8774/v2.1/ X-Compute-Request-Id: req-6ed38429-784b-4fc9-a80d-f886b106ba6e Content-Length: 0 Date: Wed, 07 Jun 2017 16:10:11 GMT Connection: close 
RESP BODY: Omitted, Content-Type is set to text/plain; charset=utf8. Only application/json responses have their bodies logged.
 _http_log_response /usr/lib/python2.7/site-packages/keystoneclient/session.py:256
2017-06-07 18:10:11.323 16470 ERROR ec2api.api [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -] Unexpected ConnectFailure raised: Unable to establish connection to http://cloud-areapd-test.pd.infn.it:8774/v2.1/
2017-06-07 18:10:11.323 16470 ERROR ec2api.api Traceback (most recent call last):


_______________________________________________
OpenStack-operators mailing list
[hidden email]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with ec2-service on Ocata

Sean Dague-2
Are you using a tls proxy in front of Nova API? if so, you need to
adjust the osapi compute_link_prefix -
https://docs.openstack.org/ocata/config-reference/compute/api.html to be
the https url, otherwise it will autodetect as http. The ec2-service (or
novaclient) is probably doing link following from returned links, and
thus fails hitting the http ones.

        -Sean

On 06/07/2017 12:18 PM, Massimo Sgaravatto wrote:

> Hi
>
> We are trying to configure the ec2-service on a Ocata OpenStack
> installation.
>
> If I try a euca-describe-images it works, but if I try to get the list
> of instances (euca-describe-instances) it fails.
> Looking at the log [*], it looks like to me that it initially uses the
> correct nova endpoint:
>
> https://cloud-areapd-test.pd.infn.it:8774/v2.1
>
> but then it tries to use:
>
> http://cloud-areapd-test.pd.infn.it:8774/v2.1
>
> i.e. http instead of https, and the connection fails, as expected.
> I am not able to understand why it tries to use that endpoint ...
>
> Any hints ?
>
> Thanks, Massimo
>
>
> [*]
> 2017-06-07 18:10:10.371 16470 DEBUG ec2api.wsgi.server [-] (16470)
> accepted ('192.168.60.24', 45185) server
> /usr/lib/python2.7/site-packages/eventlet/wsgi.py:867
> 2017-06-07 18:10:10.549 16470 DEBUG ec2api.api
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> action: DescribeInstances __call__
> /usr/lib/python2.7/site-packages/ec2api/api/__init__.py:286
> 2017-06-07 18:10:10.565 16470 DEBUG novaclient.v2.client
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> REQ: curl -g -i --cacert
> "/etc/grid-security/certificates/INFN-CA-2015.pem" -X GET
> https://cloud-areapd-test.pd.infn.it:8774/v2.1 -H "User-Agent:
> python-novaclient" -H "Accept: application/json" -H
> "X-OpenStack-Nova-API-Version: 2.1" -H "X-Auth-Token:
> {SHA1}9f9eb3c7cea14ac54b243338281afa0a59b3d06b" _http_log_request
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:216
> 2017-06-07 18:10:11.320 16470 DEBUG novaclient.v2.client
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> RESP: [302] Content-Type: text/plain; charset=utf8 Location:
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/ X-Compute-Request-Id:
> req-6ed38429-784b-4fc9-a80d-f886b106ba6e Content-Length: 0 Date: Wed, 07
> Jun 2017 16:10:11 GMT Connection: close
> RESP BODY: Omitted, Content-Type is set to text/plain; charset=utf8.
> Only application/json responses have their bodies logged.
>  _http_log_response
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:256
> 2017-06-07 18:10:11.323 16470 ERROR ec2api.api
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> Unexpected ConnectFailure raised: Unable to establish connection to
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/
> 2017-06-07 18:10:11.323 16470 ERROR ec2api.api Traceback (most recent
> call last):
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> [hidden email]
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>


--
Sean Dague
http://dague.net

_______________________________________________
OpenStack-operators mailing list
[hidden email]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: Problems with ec2-service on Ocata

Massimo Sgaravatto
Looks like setting:

enable_proxy_headers_parsing=true

in nova,conf helped. 

Actually it still doesn't work, but for other reasons (Expecting to find domain in project. The server could not comply with the request since it is either malformed or otherwise incorrect. The client is assumed to be in error)

Cheers, Massimo

2017-06-08 9:40 GMT+02:00 Massimo Sgaravatto <[hidden email]>:
I am indeed using a HAProxy which also acts as SSL proxy.

And, indeed I have the same problem using the nova CLI:

# nova list
ERROR (ConnectFailure): Unable to establish connection to http://cloud-areapd-test.pd.infn.it:8774/v2.1/: ('Connection aborted.', BadStatusLine("''",))

while the openstack cli works (i.e. "openstack server list" works).

I tried to set:
 

as you suggested (I hope to had your comment right), but this didn't help ...

Cheers, Massimo

2017-06-07 19:21 GMT+02:00 Sean Dague <[hidden email]>:
Are you using a tls proxy in front of Nova API? if so, you need to
adjust the osapi compute_link_prefix -
https://docs.openstack.org/ocata/config-reference/compute/api.html to be
the https url, otherwise it will autodetect as http. The ec2-service (or
novaclient) is probably doing link following from returned links, and
thus fails hitting the http ones.

        -Sean

On 06/07/2017 12:18 PM, Massimo Sgaravatto wrote:
> Hi
>
> We are trying to configure the ec2-service on a Ocata OpenStack
> installation.
>
> If I try a euca-describe-images it works, but if I try to get the list
> of instances (euca-describe-instances) it fails.
> Looking at the log [*], it looks like to me that it initially uses the
> correct nova endpoint:
>
> https://cloud-areapd-test.pd.infn.it:8774/v2.1
>
> but then it tries to use:
>
> http://cloud-areapd-test.pd.infn.it:8774/v2.1
>
> i.e. http instead of https, and the connection fails, as expected.
> I am not able to understand why it tries to use that endpoint ...
>
> Any hints ?
>
> Thanks, Massimo
>
>
> [*]
> 2017-06-07 18:10:10.371 16470 DEBUG ec2api.wsgi.server [-] (16470)
> accepted ('192.168.60.24', 45185) server
> /usr/lib/python2.7/site-packages/eventlet/wsgi.py:867
> 2017-06-07 18:10:10.549 16470 DEBUG ec2api.api
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> action: DescribeInstances __call__
> /usr/lib/python2.7/site-packages/ec2api/api/__init__.py:286
> 2017-06-07 18:10:10.565 16470 DEBUG novaclient.v2.client
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> REQ: curl -g -i --cacert
> "/etc/grid-security/certificates/INFN-CA-2015.pem" -X GET
> https://cloud-areapd-test.pd.infn.it:8774/v2.1 -H "User-Agent:
> python-novaclient" -H "Accept: application/json" -H
> "X-OpenStack-Nova-API-Version: 2.1" -H "X-Auth-Token:
> {SHA1}9f9eb3c7cea14ac54b243338281afa0a59b3d06b" _http_log_request
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:216
> 2017-06-07 18:10:11.320 16470 DEBUG novaclient.v2.client
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> RESP: [302] Content-Type: text/plain; charset=utf8 Location:
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/ X-Compute-Request-Id:
> req-6ed38429-784b-4fc9-a80d-f886b106ba6e Content-Length: 0 Date: Wed, 07
> Jun 2017 16:10:11 GMT Connection: close
> RESP BODY: Omitted, Content-Type is set to text/plain; charset=utf8.
> Only application/json responses have their bodies logged.
>  _http_log_response
> /usr/lib/python2.7/site-packages/keystoneclient/session.py:256
> 2017-06-07 18:10:11.323 16470 ERROR ec2api.api
> [req-7aa79c03-bf95-4e4d-9795-0c7d2d2b84a2
> 30de175a645a4258984bdb89cbf436f5 b9629ae5c480455397cfaa5ab0c2db43 - - -]
> Unexpected ConnectFailure raised: Unable to establish connection to
> http://cloud-areapd-test.pd.infn.it:8774/v2.1/
> 2017-06-07 18:10:11.323 16470 ERROR ec2api.api Traceback (most recent
> call last):
>
>
>
> _______________________________________________
> OpenStack-operators mailing list
> [hidden email]
> http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
>


--
Sean Dague
http://dague.net

_______________________________________________
OpenStack-operators mailing list
[hidden email]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators



_______________________________________________
OpenStack-operators mailing list
[hidden email]
http://lists.openstack.org/cgi-bin/mailman/listinfo/openstack-operators
Loading...