Cannot get EC2 Metadata over SSL
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
ec2-api |
Fix Released
|
Undecided
|
Andrey Pavlov |
Bug Description
Hello,
I am looking for your help since I cannot get EC2 metadata over SSL.
To start with I have an OpenStack Ocata installation and have installed OpenStack Ec2api Service (openstack-
I have configured EC2 to work over SSL and indeed when I am doing "aws --endpoint-url https:/
In order to do so I have changed the following parameters in "ec2api.conf" file
ec2api_use_ssl=true
ssl_ca_
ssl_cert_
ssl_key_
changed endpoints to reflect the correct to :
# openstack endpoint list | grep ec2
| 37503a78d3564e4
| 85f57f60099c4c6
| a4fece6c839242e
#
and have restarted both "openstack-
So far so good since as I wrote before I can get the results for EC2.
The problem comes when I set the "metadata_
After that I can no longer receive metadata when I spawn an instance.
The log file of a Cirros VM shows:
http://
failed 1/20: up 1.37. request failed
failed 2/20: up 3.62. request failed
failed 3/20: up 5.67. request failed
failed 4/20: up 7.92. request failed
failed 5/20: up 10.09. request failed
failed 6/20: up 12.34. request failed
failed 7/20: up 14.58. request failed
failed 8/20: up 16.64. request failed
failed 9/20: up 18.88. request failed
failed 10/20: up 20.94. request failed
failed 11/20: up 22.99. request failed
failed 12/20: up 25.16. request failed
failed 13/20: up 27.22. request failed
failed 14/20: up 29.29. request failed
failed 15/20: up 31.46. request failed
failed 16/20: up 33.62. request failed
failed 17/20: up 35.68. request failed
failed 18/20: up 37.81. request failed
failed 19/20: up 39.99. request failed
failed 20/20: up 42.05. request failed
failed to read iid from metadata. tried 20
and even after it boots I cannot get any reply from either "curl http://
or "curl https:/
Could you please check it and let me know where the problem lies?
Best regards,
G.
Changed in ec2-api: | |
assignee: | nobody → Andrey Pavlov (apavlov-e) |
Changed in ec2-api: | |
status: | New → In Progress |
Couldn't set up devstack with SSL even for base services for now. Neither for master branch nor for ocata.
Will try later...
BTW - you can try to set 'debug=true' for more logging.
'verbose' flag doesn't work now as I know.