OpenStack Compute (nova)

euca-describe-availibility-zones errors out for non admin users

Asked by Sonali Parthasarathy

When i source the credentials for a non admin user and execute the euca-describe-availibility-zones commans, it give me a 401 unauthorized user error. However, if i sue the admin creds it works just fine. here's the error I get:

2011-03-28 17:35:39,743 DEBUG nova.auth.manager [-] Looking up user: 'f2d35104-1131-46dc-9a70-8d44662cb8a4' from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:259
2011-03-28 17:35:39,745 DEBUG nova.auth.manager [-] user: User('nonadmin', 'nonadmin', 'f2d35104-1131-46dc-9a70-8d44662cb8a4', '289bd39d-b0d7-463b-91ae-699533c1cb36', False) from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:261
2011-03-28 17:35:39,768 DEBUG nova.signer [-] using _calc_signature_2 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:126
2011-03-28 17:35:39,768 DEBUG nova.signer [-] query string: AWSAccessKeyId=f2d35104-1131-46dc-9a70-8d44662cb8a4%3Anonadmin&Action=DescribeAvailabilityZones&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-03-28T22%3A35%3A39&Version=2009-11-30 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:142
2011-03-28 17:35:39,768 DEBUG nova.signer [-] string_to_sign: GET
127.0.0.1:8773
/services/Cloud/
AWSAccessKeyId=f2d35104-1131-46dc-9a70-8d44662cb8a4%3Anonadmin&Action=DescribeAvailabilityZones&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-03-28T22%3A35%3A39&Version=2009-11-30 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:144
2011-03-28 17:35:39,768 DEBUG nova.signer [-] len(b64)=44 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:147
2011-03-28 17:35:39,769 DEBUG nova.signer [-] base64 encoded digest: WHCHUQJNUP3hcf7OID7HN3n1WPXV8ZXZlvP1lKmc9oU= from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:148
2011-03-28 17:35:39,769 DEBUG nova.auth.manager [-] user.secret: 289bd39d-b0d7-463b-91ae-699533c1cb36 from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:305
2011-03-28 17:35:39,769 DEBUG nova.auth.manager [-] expected_signature: WHCHUQJNUP3hcf7OID7HN3n1WPXV8ZXZlvP1lKmc9oU= from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:306
2011-03-28 17:35:39,769 DEBUG nova.auth.manager [-] signature: WHCHUQJNUP3hcf7OID7HN3n1WPXV8ZXZlvP1lKmc9oU= from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:307
2011-03-28 17:35:39,785 AUDIT nova.api [GFXYQKI6BDWCA845S8I8 nonadmin nonadmin] Authenticated Request For nonadmin:nonadmin)
2011-03-28 17:35:39,786 DEBUG nova.api [-] action: DescribeAvailabilityZones from MainProcess (pid=11271) __call__ /home/administrator/nova-2011.1/nova/api/ec2/__init__.py:212
2011-03-28 17:35:39,793 AUDIT nova.api [GFXYQKI6BDWCA845S8I8 nonadmin nonadmin] Unauthorized request for controller=CloudController and action=DescribeAvailabilityZones
2011-03-28 17:35:39,794 INFO nova.api [GFXYQKI6BDWCA845S8I8 nonadmin nonadmin] 0.8462s 127.0.0.1 GET / None:None 401 [Boto/1.9b (linux2)] text/plain text/html

Any idea why this is?

Thanks
Sonali

Question information

Language:
English Edit question
Status:
Answered
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Last query:
Last reply:
Revision history for this message
Vish Ishaya (vishvananda) said : 		#1

This was fixed post bexar:

https://code.launchpad.net/~vishvananda/nova/lp723938/+merge/51001

Vish

On Mar 28, 2011, at 3:38 PM, Sonali Parthasarathy wrote:

> New question #150831 on OpenStack Compute (nova):
> https://answers.launchpad.net/nova/+question/150831
>
> When i source the credentials for a non admin user and execute the euca-describe-availibility-zones commans, it give me a 401 unauthorized user error. However, if i sue the admin creds it works just fine. here's the error I get:
>
> 2011-03-28 17:35:39,743 DEBUG nova.auth.manager [-] Looking up user: 'f2d35104-1131-46dc-9a70-8d44662cb8a4' from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:259
> 2011-03-28 17:35:39,745 DEBUG nova.auth.manager [-] user: User('nonadmin', 'nonadmin', 'f2d35104-1131-46dc-9a70-8d44662cb8a4', '289bd39d-b0d7-463b-91ae-699533c1cb36', False) from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:261
> 2011-03-28 17:35:39,768 DEBUG nova.signer [-] using _calc_signature_2 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:126
> 2011-03-28 17:35:39,768 DEBUG nova.signer [-] query string: AWSAccessKeyId=f2d35104-1131-46dc-9a70-8d44662cb8a4%3Anonadmin&Action=DescribeAvailabilityZones&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-03-28T22%3A35%3A39&Version=2009-11-30 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:142
> 2011-03-28 17:35:39,768 DEBUG nova.signer [-] string_to_sign: GET
> 127.0.0.1:8773
> /services/Cloud/
> AWSAccessKeyId=f2d35104-1131-46dc-9a70-8d44662cb8a4%3Anonadmin&Action=DescribeAvailabilityZones&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2011-03-28T22%3A35%3A39&Version=2009-11-30 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:144
> 2011-03-28 17:35:39,768 DEBUG nova.signer [-] len(b64)=44 from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:147
> 2011-03-28 17:35:39,769 DEBUG nova.signer [-] base64 encoded digest: WHCHUQJNUP3hcf7OID7HN3n1WPXV8ZXZlvP1lKmc9oU= from MainProcess (pid=11271) _calc_signature_2 /home/administrator/nova-2011.1/nova/auth/signer.py:148
> 2011-03-28 17:35:39,769 DEBUG nova.auth.manager [-] user.secret: 289bd39d-b0d7-463b-91ae-699533c1cb36 from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:305
> 2011-03-28 17:35:39,769 DEBUG nova.auth.manager [-] expected_signature: WHCHUQJNUP3hcf7OID7HN3n1WPXV8ZXZlvP1lKmc9oU= from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:306
> 2011-03-28 17:35:39,769 DEBUG nova.auth.manager [-] signature: WHCHUQJNUP3hcf7OID7HN3n1WPXV8ZXZlvP1lKmc9oU= from MainProcess (pid=11271) authenticate /home/administrator/nova-2011.1/nova/auth/manager.py:307
> 2011-03-28 17:35:39,785 AUDIT nova.api [GFXYQKI6BDWCA845S8I8 nonadmin nonadmin] Authenticated Request For nonadmin:nonadmin)
> 2011-03-28 17:35:39,786 DEBUG nova.api [-] action: DescribeAvailabilityZones from MainProcess (pid=11271) __call__ /home/administrator/nova-2011.1/nova/api/ec2/__init__.py:212
> 2011-03-28 17:35:39,793 AUDIT nova.api [GFXYQKI6BDWCA845S8I8 nonadmin nonadmin] Unauthorized request for controller=CloudController and action=DescribeAvailabilityZones
> 2011-03-28 17:35:39,794 INFO nova.api [GFXYQKI6BDWCA845S8I8 nonadmin nonadmin] 0.8462s 127.0.0.1 GET / None:None 401 [Boto/1.9b (linux2)] text/plain text/html
>
> Any idea why this is?
>
> Thanks
> Sonali
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Can you help with this problem?

Provide an answer of your own, or ask Sonali Parthasarathy for more information if necessary.

To post a message you must log in.