Bug 970308 - Heat CFN API should support v4 signature format
Summary: Heat CFN API should support v4 signature format
Alias: None
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-heat
Version: 3.0
Hardware: Unspecified
OS: Unspecified
Target Milestone: Upstream M3
: 4.0
Assignee: Steven Hardy
QA Contact: Kevin Whitney
Depends On: 968246 970134
Blocks: 1000540
TreeView+ depends on / blocked
Reported: 2013-06-03 22:07 UTC by Steven Hardy
Modified: 2016-04-26 19:51 UTC (History)
8 users (show)

Fixed In Version: openstack-heat-2013.2-0.8.b3.el6ost
Doc Type: Bug Fix
Doc Text:
Due to differences in signature formats, connections from recent versions of python-boto based clients were unable to connect to the cloudformation-compatible API. The updated python-boto client library used the AWS v4 signature by default, which was not supported by the Orchestration API. With this update, Orchestration now supports the AWS v4 signature format, and python-boto based clients can authenticate to the cloudformation-compatible API.
Clone Of:
: 1000540 (view as bug list)
Last Closed: 2013-12-20 00:04:26 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Launchpad 1122472 0 None None None Never
OpenStack gerrit 31568 0 None None None Never
Red Hat Product Errata RHEA-2013:1859 0 normal SHIPPED_LIVE Red Hat Enterprise Linux OpenStack Platform Enhancement Advisory 2013-12-21 00:01:48 UTC

Description Steven Hardy 2013-06-03 22:07:19 UTC
Description of problem:

- We require boto, primarily for our in-instance tools (heat-cfntools) without which several of our core features don't work.
- Recent (>=2.6.0) boto versions move to AWS v4 signatures by default, with no way to specify the previous (v2) signature format.  This means that grizzly/RHOS Heat won't work with any distro with a newer than 2.5.x boto version (which means F18, F19, and crucially soon RHEL ref bz #968247 won't work, also recent versions of Ubuntu won't work etc etc)

The plan is to propose this as a backport to the upstream Heat stable/grizzly branch, but we've been waiting on a python-keystoneclient release containing the fix discussed in this bz.  This happened a couple of days ago (0.2.4 contains this patch), ref bz #970134

Backport proposed:


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install python-boto >= 2.6.0
2. Note that heat-cfntools, heat-watch and heat-cfn don't work

Actual results:
Heat doesn't work with distros containing boto >= 2.6.0

Expected results:
Heat should work with as many distros as possible (particularly important as this affects compatibility with guest images)

Additional info:

Comment 5 Ami Jeain 2013-10-27 13:36:21 UTC
a agreed by Perry, Heat and Ceilometer will be tested upstream by Tempest

Comment 9 errata-xmlrpc 2013-12-20 00:04:26 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.