Last active
August 29, 2015 13:55
-
-
Save larsks/8725413 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Given this (partial template): | |
| wait0_handle: | |
| type: AWS::CloudFormation::WaitConditionHandle | |
| wait0: | |
| type: AWS::CloudFormation::WaitCondition | |
| properties: | |
| Handle: {get_resource: wait0_handle} | |
| Timeout: 1800 | |
| instance0: | |
| type: OS::Nova::Server | |
| properties: | |
| flavor: {get_param: flavor} | |
| image: {get_param: image} | |
| key_name: { get_param: key_name } | |
| networks: | |
| - port: { get_resource: instance0_eth0 } | |
| metadata: | |
| internal_ip: {"Fn::Select": ["ip_address", {"Fn::Select": [ 0, { get_attr: [ instance0_eth0, fixed_ips ] }]}]} | |
| user_data: | |
| str_replace: | |
| template: | | |
| #!/bin/sh | |
| cat > /root/wait-url.txt <<EOF | |
| WAIT_URL | |
| EOF | |
| params: | |
| WAIT_URL: {"Ref": wait0_handle} | |
| I end up with the following in /root/wait-url.txt: | |
| http://192.168.200.1:8000/v1/waitcondition/arn%3Aopenstack%3Aheat%3A%3A28a490a259974817b88ce490a74df8d2%3Astacks%2Fs0%2F36b013ca-1e46-4340-bf0e-44a609ae6758%2Fresources%2Fwait0_handle?Timestamp=2014-01-31T02%3A09%3A16Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=cd6fbf4ebaed4ea1886ead9f98451f5a&SignatureVersion=2&Signature=9c2bvEYoedkm3uQwVOAcIA5xxy3x9q%2BO1KncY8Eeo%2BQ%3D | |
| If I use that URL with cfn-signal, I get: | |
| DEBUG [2014-01-31 02:11:35,654] Running command: curl -X PUT -H 'Content-Type:' --data-binary '{"Status": "FAILURE", "Reason": "it worked", "Data": "Application has completed configuration.", "UniqueId": "00000"}' "http://192.168.200.1:8000/v1/waitcondition/arn%3Aopenstack%3Aheat%3A%3A28a490a259974817b88ce490a74df8d2%3Astacks%2Fs0%2F36b013ca-1e46-4340-bf0e-44a609ae6758%2Fresources%2Fwait0_handle?Timestamp=2014-01-31T02%3A09%3A16Z&SignatureMethod=HmacSHA256&AWSAccessKeyId=cd6fbf4ebaed4ea1886ead9f98451f5a&SignatureVersion=2&Signature=9c2bvEYoedkm3uQwVOAcIA5xxy3x9q%2BO1KncY8Eeo%2BQ%3D" | |
| This triggers the following error in `/var/log/keystone/keystone.log`: | |
| ERROR keystone.common.wsgi [-] 'unicode' object has no attribute 'get' | |
| TRACE keystone.common.wsgi Traceback (most recent call last): | |
| TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/common/wsgi.py", line 238, in __call__ | |
| TRACE keystone.common.wsgi result = method(context, **params) | |
| TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 96, in authenticate | |
| TRACE keystone.common.wsgi creds_ref = self._get_credentials(credentials['access']) | |
| TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 237, in _get_credentials | |
| TRACE keystone.common.wsgi return self._convert_v3_to_ec2_credential(creds) | |
| TRACE keystone.common.wsgi File "/usr/lib/python2.7/site-packages/keystone/contrib/ec2/controllers.py", line 222, in _convert_v3_to_ec2_credential | |
| TRACE keystone.common.wsgi 'access': blob.get('access'), | |
| TRACE keystone.common.wsgi AttributeError: 'unicode' object has no attribute 'get' | |
| TRACE keystone.common.wsgi | |
| If I run that `curl` command manually, I get the following response | |
| from Heat: | |
| <ErrorResponse> | |
| <Error> | |
| <Message>User is not authorized to perform action</Message> | |
| <Code>AccessDenied</Code> | |
| <Type>Sender</Type> | |
| </Error> | |
| </ErrorResponse> | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment