euca2ools give 'SignatureDoesNotMatch' error

I've done a little digging.
This works:
   python2.6 /usr/bin/euca-describe-instances

This fails:
   python /usr/bin/euca-describe-instances

Ie, this is fallout of a change from 2.6 to 2.7 in python.

please could you explain how to reproduce? installing euca2tools and running the command:

$ euca-describe-instances
EC2_ACCESS_KEY environment variable must be set.
Connection failed

The problem seems to be related to the boto version. Here's a request using Python 2.7.1, boto 1.9b on natty:

>>> import boto
>>> c = boto.connect_ec2('0GN9DKJ90KCX6A32JFR2', 'C6LIffj0F2ekC7u3Ubw9j64lpvOQ6guG66R4dr+0')
>>> c.get_all_instances()
Traceback (most recent call last):
  File "<stdin>", line 1, in <module>
  File "/home/ubuntu/boto-1.9b/boto/ec2/connection.py", line 376, in get_all_instances
    return self.get_list('DescribeInstances', params, [('item', Reservation)])
  File "/home/ubuntu/boto-1.9b/boto/connection.py", line 615, in get_list
    raise self.ResponseError(response.status, response.reason, body)
boto.exception.EC2ResponseError: EC2ResponseError: 403 Forbidden
<?xml version="1.0" encoding="UTF-8"?>
<Response><Errors><Error><Code>SignatureDoesNotMatch</Code><Message>The request signature we calculated does not match the signature you provided. Check your AWS Secret Access Key and signing method. Consult the service documentation for details.</Message></Error></Errors><RequestID>aa2652b2-98bb-49af-8f06-5946f6cb0896</RequestID></Response>
>>>

Here's the same request on Python 2.7.1, boto 2.0b3 and natty:

>>> import boto
>>> c = boto.connect_ec2('0GN9DKJ90KCX6A32JFR2', 'C6LIffj0F2ekC7u3Ubw9j64lpvOQ6guG66R4dr+0')
>>> c.get_all_instances()
[Reservation:r-f175d599, Reservation:r-c85523a0, Reservation:r-fa384392, Reservation:r-1c396c74, Reservation:r-5e3a6a36, Reservation:r-4cf2af24, Reservation:r-6492bf0c, Reservation:r-cbc9b9a1, Reservation:r-69d5af03]
>>>

I'm still not exactly sure what the problem is but upgrading to the newest version of boto fixes it. I'll track down the exact issue and then we can figure out how we want to fix it in natty.

BTW, don't worry about the AWS credentials in the above comment. I use IAM to generate test users in my account and then delete them after the tests. They are no longer of any use.

at this point we can update python-boto, but it has other reverse dependencies:

$ apt-cache rdepends python-boto
python-boto
Reverse Depends:
  tilecache
  python-vm-builder-ec2
  python-scrapy
  python-nova
  python-fs
  python-django-extensions
  mc
  duplicity
  deja-dup
  euca2ools

@Mathias,
  testing requires that you have an ec2 (or UEC) account set up.

If you did have access to an AWS secret key and access key, recreating would look like:

$ cat > .eucarc <<"EOF"
aws_access_key="AAAAAAAAAAAAAAAAAAAA" # your key here
aws_secret_key="BBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBBB" # your key here
EC2_URL=https://ec2.amazonaws.com
EC2_ACCESS_KEY=${aws_access_key}
EC2_SECRET_KEY=${aws_secret_key}
EOF
$ euca-describe-instances
SignatureDoesNotMatch: The request signature we calculated does not match
the signature you provided. Check your AWS Secret Access Key and signing
method. Consult the service documentation for details.
$ python --version
Python 2.7.1+

One piece of information, euca2ools on python2.7 (natty) still works fine when pointed at a lucid UEC installation.

I have tracked the problem down to this revision that was applied to boto on July 6th, 2010:

https://github.com/boto/boto/commit/6760075073c34d6dddb7e13b80dfa8d09f0f4f79

If I apply this same diff to boto 1.9b, the signature problem goes away.

lucky that 2.7 is the last 2.x version ...

This bug was fixed in the package python-boto - 1.9b-1ubuntu4

---------------
python-boto (1.9b-1ubuntu4) natty; urgency=low

  * Handle 2.7 the same way as 2.6 for httplib compatibility. LP: #688773.
 -- Matthias Klose <email address hidden> Tue, 14 Dec 2010 19:28:01 +0100