nova-manage zip novarc strange EC2_ACCESS_KEY NOVA_API_KEY

Asked by Anton Haldin on 2011-09-01

Hello ,
i'm trying d4 openstack. and have a trouble with using euca commands: "EC2ResponseError: 403 Forbidden"

# nova-manage user create admin70
# nova-manage project create project70 admin70
# nova-manage project zip project70 admin70 /tmp/nova_creds70.zip
# cd /tmp/
# unzip nova_creds70.zip
# source novarc
# euca-describe-instances

Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
EC2ResponseError: 403 Forbidden
403 Forbidden

Access was denied to this resource.

# tail /var/log/nova/nova-api.log
Aug 31 16:52:10 gm nova-api 2011-08-31 16:52:04,276 nova.auth.manager: Looking up user: u'admin70'
Aug 31 16:52:10 gm nova-api 2011-08-31 16:52:04,281 nova.api: Authentication Failure: Access Key admin70 could not be found.

# grep “ACCESS_KEY=” /tmp/novarc
export EC2_ACCESS_KEY="admin70:project70"
# grep NOVA_API_KEY /tmp/novarc
export NOVA_API_KEY="admin70"

# mysql -unova -pnova nova -e"select * from users where id='admin70';"
+---------------------+------------+------------+---------+---------+------+--------------------------------------+--------------------------------------+----------+
| created_at | updated_at | deleted_at | deleted | id | name | access_key | secret_key | is_admin |
+---------------------+------------+------------+---------+---------+------+--------------------------------------+--------------------------------------+----------+
| 2011-08-31 23:51:53 | NULL | NULL | 0 | admin70 | NULL | ca4ef8a5-e530-49f2-8ebf-8fc2a200ce63 | f1e0b7a0-585e-4cb8-89b8-00c4dea2a5e3 | 0 |
+---------------------+------------+------------+---------+---------+------+--------------------------------------+--------------------------------------+----------+
grep revision_id /usr/lib/python2.6/site-packages/nova/vcsversion.py
 'revision_id': 'tarmac-20110825234031-sqwfb0kwnj0aw26t',

i can use euca commands after change novarc like this
# grep ACCESS_KEY /tmp/novarc
export EC2_ACCESS_KEY="ca4ef8a5-e530-49f2-8ebf-8fc2a200ce63:project70"
# grep NOVA_API_KEY /tmp/novarc
export NOVA_API_KEY="ca4ef8a5-e530-49f2-8ebf-8fc2a200ce63"

may be there is something wrong and command nova-manage zip make a bad novarc in my case.

Any ideas ?

Question information

Language:
English Edit question
Status:
Solved
For:
OpenStack Compute (nova) Edit question
Assignee:
No assignee Edit question
Solved by:
Vish Ishaya
Solved:
2011-09-01
Last query:
2011-09-01
Last reply:
2011-09-01
Best Vish Ishaya (vishvananda) said : #1

It looks like you are trying to use deprecated auth. You need to either:
a) use the default paste.ini that is included in the etc directory (this will use NoAuth)
b) set the --use-deprecated-auth flag in your flag file (this will cause the zipfile export to return the access key like it used to)

Vish

On Sep 1, 2011, at 7:20 AM, Anton Haldin wrote:

> New question #169804 on OpenStack Compute (nova):
> https://answers.launchpad.net/nova/+question/169804
>
> Hello ,
> i'm trying d4 openstack. and have a trouble with using euca commands: "EC2ResponseError: 403 Forbidden"
>
> # nova-manage user create admin70
> # nova-manage project create project70 admin70
> # nova-manage project zip project70 admin70 /tmp/nova_creds70.zip
> # cd /tmp/
> # unzip nova_creds70.zip
> # source novarc
> # euca-describe-instances
>
> Warning: failed to parse error message from AWS: <unknown>:1:0: syntax error
> EC2ResponseError: 403 Forbidden
> 403 Forbidden
>
> Access was denied to this resource.
>
> # tail /var/log/nova/nova-api.log
> Aug 31 16:52:10 gm nova-api 2011-08-31 16:52:04,276 nova.auth.manager: Looking up user: u'admin70'
> Aug 31 16:52:10 gm nova-api 2011-08-31 16:52:04,281 nova.api: Authentication Failure: Access Key admin70 could not be found.
>
> # grep “ACCESS_KEY=” /tmp/novarc
> export EC2_ACCESS_KEY="admin70:project70"
> # grep NOVA_API_KEY /tmp/novarc
> export NOVA_API_KEY="admin70"
>
>
> # mysql -unova -pnova nova -e"select * from users where id='admin70';"
> +---------------------+------------+------------+---------+---------+------+--------------------------------------+--------------------------------------+----------+
> | created_at | updated_at | deleted_at | deleted | id | name | access_key | secret_key | is_admin |
> +---------------------+------------+------------+---------+---------+------+--------------------------------------+--------------------------------------+----------+
> | 2011-08-31 23:51:53 | NULL | NULL | 0 | admin70 | NULL | ca4ef8a5-e530-49f2-8ebf-8fc2a200ce63 | f1e0b7a0-585e-4cb8-89b8-00c4dea2a5e3 | 0 |
> +---------------------+------------+------------+---------+---------+------+--------------------------------------+--------------------------------------+----------+
> grep revision_id /usr/lib/python2.6/site-packages/nova/vcsversion.py
> 'revision_id': 'tarmac-20110825234031-sqwfb0kwnj0aw26t',
>
> i can use euca commands after change novarc like this
> # grep ACCESS_KEY /tmp/novarc
> export EC2_ACCESS_KEY="ca4ef8a5-e530-49f2-8ebf-8fc2a200ce63:project70"
> # grep NOVA_API_KEY /tmp/novarc
> export NOVA_API_KEY="ca4ef8a5-e530-49f2-8ebf-8fc2a200ce63"
>
>
> may be there is something wrong and command nova-manage zip make a bad novarc in my case.
>
> Any ideas ?
>
> --
> You received this question notification because you are a member of Nova
> Core, which is an answer contact for OpenStack Compute (nova).

Anton Haldin (ahaldin) said : #2

excuse me.

few minutes ago i have found __generate_rc
and found this flag.

echo "--use_deprecated_auth=true" >> /etc/nova/nova.conf
all is fine.

Anton Haldin (ahaldin) said : #3

Thanks Vish Ishaya, that solved my question.

Anton Haldin (ahaldin) said : #4

Thanks Vish Ishaya for information about alternative way to resolve my problem - a) paste.ini