<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Hi Stuart,<br>
<br>
I was just about to point you here:<br>
<br>
<a class="moz-txt-link-freetext" href="http://groups.google.com/group/boto-users/browse_thread/thread/c6700ddcfd55670e">http://groups.google.com/group/boto-users/browse_thread/thread/c6700ddcfd55670e</a><br>
<br>
and ask about your Python version :D<br>
<br>
Glad you got it figured out and thanks for following up.<br>
<br>
In the future, would you mind joining the mailing list and posting
to <a class="moz-txt-link-abbreviated" href="mailto:starcluster@mit.edu">starcluster@mit.edu</a>? This allows others to see your
issues/questions and will help folks that might run into similar
issues.<br>
<br>
Thanks!<br>
<br>
~Justin<br>
<br>
On 12/22/10 5:41 AM, Stuart Young wrote:
<blockquote cite="mid:4D11D5F5.6080009@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
Hi Justin,<br>
<br>
I figured out it was my version of Python (2.7) that handles
unicode differently to python2.6 and was mangling my signatures so
that I always got the 'SignatureDoesNotMatch' error. After I
installed python2.6 it worked fine.<br>
<br>
starcluster -c /root/.starcluster/config listpublic<br>
<br>
<blockquote>>>> Listing all public StarCluster images...<br>
<br>
32bit Images:<br>
-------------<br>
[0] ami-8cf913e5 us-east-1 starcluster-base-ubuntu-10.04-x86-rc3<br>
[1] ami-8f9e71e6 us-east-1 starcluster-base-ubuntu-9.04-x86<br>
[2] ami-17b15e7e us-east-1 starcluster-base-ubuntu-9.10-x86-rc7<br>
[3] ami-d1c42db8 us-east-1 starcluster-base-ubuntu-9.10-x86-rc8<br>
<br>
64bit Images:<br>
--------------<br>
[0] ami-12b6477b us-east-1
starcluster-base-centos-5.4-x86_64-ebs-hvm-gpu-rc2<br>
[1] ami-0af31963 us-east-1
starcluster-base-ubuntu-10.04-x86_64-rc1<br>
[2] ami-a19e71c8 us-east-1 starcluster-base-ubuntu-9.04-x86_64<br>
[3] ami-2941ad40 us-east-1
starcluster-base-ubuntu-9.10-x86_64-rc3<br>
[4] ami-a5c42dcc us-east-1
starcluster-base-ubuntu-9.10-x86_64-rc4<br>
</blockquote>
<blockquote>total images: 9<br>
</blockquote>
<br>
Thanks for your help!<br>
<br>
Stuart<br>
<br>
<br>
<br>
<br>
On 12/21/2010 3:46 AM, Stuart Young wrote:
<blockquote cite="mid:4D106976.7080501@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
Hi Justin,<br>
<br>
I'm using boto version 1.9b, as it was downloaded automatically
when I installed StarCluster 0.91.2.<br>
<br>
python -c 'import boto; print boto.Version'<br>
1.9b<br>
<br>
Btw, I looked into how boto 1.9b is sending out the request to
pinpoint exactly where the error occurs (Note the "reason:
'Forbidden'" part of the response):<br>
<br>
<br>
connection.make_request connection.make_request(self,
action, params, path, verb)<br>
connection.get_signature connection.get_signature(self,
params, verb, path)<br>
connection.calc_signature2
connection.calc_signature2(self, params, verb, path)<br>
connection.calc_signature2 Returning qs:
AWSAccessKeyId=AKIXXXXXXXXXXXXTHQ&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-12-21T08%3A27%3A08&Version=2009-11-30
and b64: QNqIbL9pTcv0RXXXXXXXXXXXXXXXXXXGsfZeb1afk=<br>
connection.make_request Returning
AWSAuthConnection.make_request(...)<br>
connection.AWSAuthConnection.make_request
connection.AWSAuthConnection.make_request(self, method, path,
headers, data, host, auth_path, sender)<br>
connection.AWSAuthConnection.make_request Before return
self._mexe<br>
connection._mexe connection._mexe(method, path, data,
headers, host, sender)<br>
Method: GET<br>
Path:
/?AWSAccessKeyId=AKIXXXXXXXXXXXTHQ&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2010-12-21T08%3A27%3A08&Version=2009-11-30&Signature=QNqIbL9pTcvXXXXXXXXXXXXXXXXXXXGsfZeb1afk%3D<br>
Data: <br>
Headers: {'Date': 'Tue, 21 Dec 2010 08:27:08 GMT',
'Content-Length': '0', 'Authorization': 'AWS
AKIAIXXXXXXXXXXTHQ:6lzoMU3zIhy9909bXDkKpB3MqVQ=', 'User-Agent':
'Boto/1.9b (linux2)'}<br>
Host: None<br>
connection._mexe try 0<br>
connection._mexe callable(sender) NOT DEFINED<br>
connection._mexe response: <httplib.HTTPResponse
instance at 0x140f2d8><br>
connection._mexe BEFORE if response.status == 500<br>
connection._mexe response.status < 300 or >=400 <br>
<HTTPResponse at 140f2d8> <br>
_method: 'GET'<br>
chunk_left: None<br>
chunked: 1<br>
debuglevel: 0<br>
fp: <_fileobject at 0x1404050>:
<socket._fileobject object at 0x1404050><br>
length: None<br>
msg: <HTTPMessage at 140f320: Transfer-Encoding:
chunked<br>
Date: Tue, 21 Dec 2010 08:27:08 GMT<br>
Server: AmazonEC2<br>
><br>
dict: <dictionary at 0x1496a60>:
{'transfer-encoding': 'chunked', 'date': 'Tue, 21 Dec 2010
08:27:08 GMT', 'server': 'AmazonEC2'}<br>
encodingheader: None<br>
fp: None<br>
headers: <list at 0x13f2368>: ['Transfer-Encoding:
chunked\r\n', 'Date: Tue, 21 Dec 2010 08:27:08 GMT\r\n',
'Server: AmazonEC2\r\n']<br>
maintype: 'text'<br>
plist: <list at 0x13f23f8>: []<br>
plisttext: ''<br>
seekable: 0<br>
startofbody: None<br>
startofheaders: None<br>
status: ''<br>
subtype: 'plain'<br>
type: 'text/plain'<br>
typeheader: None<br>
unixfrom: ''<br>
reason: 'Forbidden'<br>
status: 403<br>
strict: 0<br>
version: 11<br>
will_close: <bool at 0x787990>: False<br>
boto.exception.EC2ResponseError
boto.exception.EC2ResponseError(BotoServerError)<br>
boto.exception.EC2ResponseError BotoServerError:
<class 'boto.exception.BotoServerError'><br>
<class 'boto.exception.BotoServerError'><br>
awsutils.is_valid_conn boto.exception.EC2REsponseError
RAISED!!!<br>
awsutils.is_valid_conn e: EC2ResponseError: 403
Forbidden<br>
<?xml version="1.0" encoding="UTF-8"?><br>
<Response><Errors><Error><Code>SignatureDoesNotMatch</Code><Message>The
request signature we calculated does not match the signature you
provided. Check your AWS Secret Access Key and signing method.
Consult the service documentation for
details.</Message></Error></Errors><RequestID>cdb73666-37a6-4dfc-9f66-2add7b04a0bf</RequestID></Response><br>
awsutils.is_valid_conn DUMP
boto.exception.EC2ResponseError: <br>
<class 'boto.exception.EC2ResponseError'><br>
<br>
cluster._validate_credentials self.ec2.is_valid_conn NOT
TRUE<br>
cluster.is_valid ERROR<br>
cluster.py:782 - ERROR - Invalid
AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY combination.<br>
cli.py:243 - ERROR - settings for cluster template
"smallcluster" are not valid<br>
<br>
<br>
I emailed Amazon to ask them to check the Request ID. Looking at
the request, is there anything that jumps out at you?<br>
<br>
Cheers,<br>
<br>
Stuart<br>
<br>
<br>
<br>
On 12/20/2010 10:05 PM, Justin Riley wrote:
<blockquote cite="mid:4D101961.9080307@mit.edu" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
What version of boto are you using? Also You can determine
this using:<br>
<br>
$ python -c 'import boto; print boto.Version'<br>
<br>
Also this is using StarCluster 0.91.2 correct?<br>
<br>
~Justin<br>
<br>
On 12/20/10 8:36 PM, Stuart Young wrote:
<blockquote cite="mid:4D10048E.9000307@gmail.com" type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
Hi Justin,<br>
<br>
ElasticFox works fine with all three sets of credentials.
I'm still looking into boto's error. Will update you if I
find anything.<br>
<br>
Cheers,<br>
<br>
Stuart<br>
<br>
<br>
On 12/20/2010 4:21 PM, Stuart Young wrote:
<blockquote cite="mid:4D0FC8C0.2080408@gmail.com"
type="cite">
<meta content="text/html; charset=ISO-8859-1"
http-equiv="Content-Type">
<title></title>
Hi Justin,<br>
<br>
Thanks for the debugging methods information - I actually
got it working by trial and error using a permuation of
method 2 but method 1 is so much more straightforward! (As
you'll guess, I'm a noob to python.) I tracked the error
down to boto's connect.py and ec2/connect.py modules:<br>
<blockquote>awsutils.conn self.conn()<br>
awsutils.conn self.aws_access_key:
**AAAAA<no-weird-symbols>HHHHQ**<br>
awsutils.conn self.aws_secret_access_key:
**4+0Ma<no-weird-symbols-except'+'>DrschU6**<br>
awsutils.py:57 - DEBUG - creating self._conn w/
connection_authenticator kwargs = {'path': '/',
'region': None, 'port': None, 'is_secure': True}<br>
awsutils.conn Doing self._conn =
self.connection_authenticator()<br>
awsutils.conn self.connection_authenticator:
<function connect_ec2 at 0x9c5cf8><br>
boto.__init__.connect_ec2
boto.__init__.connect_ec2(aws_access_key_id,
aws_secret_access_key, kwargs)<br>
boto.__init__.connect_ec2 aws_access_key_id:
AAAAA<no-weird-symbols>HHHHQ<br>
boto.__init__.connect_ec2
aws_secret_boto.__init__.connect_ec2access_key:
4+0Ma<no-weird-symbols-except'+'>DrschU6<br>
boto.connection.AWSQueryConnection.__init__
boto.connection.AWSQueryConnection.__init__(self, host,
aws_access_key_id, aws_secret_access_key, etc)<br>
boto.connection.AWSQueryConnection.__init__
aws_access_key_id: AAAAA<no-weird-symbols>HHHHQ<br>
boto.connection.AWSQueryConnection.__init__
aws_secret_access_key:
4+0Ma<no-weird-symbols-except'+'>DrschU6<br>
awsutils.conn Returning...<br>
awsutils.is_valid_conn
boto.exception.EC2REsponseError RAISED!!!<br>
awsutils.is_valid_conn e: EC2ResponseError: 403
Forbidden<br>
<?xml version="1.0" encoding="UTF-8"?><br>
<Response><Errors><Error><Code>SignatureDoesNotMatch</Code><Message>The
request signature we calculated does not match the
signature you provided. Check your AWS Secret Access Key
and signing method. Consult the service documentation
for
details.</Message></Error></Errors><RequestID>deb3819a-d8d1-457a-a432-b6f35675be14</RequestID></Response><br>
cluster._validate_credentials ERROR OCCURRED in
self.ec2.is_valid_conn<br>
cluster.py:770 - ERROR - Invalid
AWS_ACCESS_KEY_ID/AWS_SECRET_ACCESS_KEY combination.<br>
cli.py:253 - ERROR - settings for cluster template
"smallcluster" are not valid<br>
</blockquote>
<br>
I was able to connect and launch instances with my
existing AWS_ACCESS_KEY and AWS_SECRET_ACCESS_KEY via the
perl module Net::Amazon::EC2 so I'm perplexed as to why
I'm getting the error using boto. I will try elasticfox as
you suggested and update you later.<br>
<br>
Cheers,<br>
<br>
Stuart.<br>
<br>
<br>
<br>
<br>
<br>
On 12/20/2010 4:04 PM, Justin Riley wrote:
<blockquote cite="mid:4D0FC4CC.80900@mit.edu" type="cite">
<pre wrap="">-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
On 12/20/2010 11:19 AM, Stuart Young wrote:
</pre>
<blockquote type="cite">
<pre wrap=""> cli.py:1083 - ERROR - SignatureDoesNotMatch: The request signature
we calculated does not match the signature you provided. Check your
AWS Secret Access Key and signing method. Consult the service
documentation for details.
</pre>
</blockquote>
<pre wrap="">Hmmm this is an error reported directly from Amazon; this shouldn't be
caused
by boto and definitely not paramiko. I can reproduce this message if I
remove a character from my AWS_SECRET_ACCESS_KEY so it seems either
something's wrong with the keys in your config or wrong on Amazon's side.
In the past when I've seen this message it's always due to using quotes
or a stray
character some where...
Are these recently created accounts?
</pre>
<blockquote type="cite">
<pre wrap="">I got the same error when I tried with two other AWS accounts. Is this
maybe something to do with boto or paramiko?
</pre>
</blockquote>
<pre wrap="">Would you mind installing elasticfox (firefox plugin) and see if it has
issues with your access keys as well?
</pre>
<blockquote type="cite">
<pre wrap="">I was also wondering if it's possible to to run a local, unzipped copy of the StarCluster egg for
debugging purposes?
</pre>
</blockquote>
<pre wrap="">Yes it is and there are two ways:
1. First uninstall starcluster (remove the egg from your site-packages).
Download the 0.91.2 release, unpack it somewhere, and run python
setup.py develop. This will 'link' the unzipped source to your python
install. This means if you make changes to the source code, you will be
able to import and see/use those changes without having to reinstall.
This is currently how I'm developing the code.
OR
2. Simply unzip the egg in your Python's site-packages directory and
edit the source within your site-packages directory. You'll likely want
to move the egg outside of your site-packages directory after you unzip
it to make sure you import the unzipped code and not the egg.
Does that make sense?
~Justin
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - <a moz-do-not-send="true" class="moz-txt-link-freetext" href="http://enigmail.mozdev.org/">http://enigmail.mozdev.org/</a>
iEYEARECAAYFAk0PxMwACgkQ4llAkMfDcrkylwCfQpHxxNaZsbXX3xBNe9hbRfgE
QAkAnR2YlcUQTH4cQTEg4M8V8Cg8MQIc
=1Rcm
-----END PGP SIGNATURE-----
</pre>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</blockquote>
<br>
</body>
</html>