Bug 970308 - Heat CFN API should support v4 signature format
Heat CFN API should support v4 signature format
Product: Red Hat OpenStack
Classification: Red Hat
Component: openstack-heat (Show other bugs)
Unspecified Unspecified
high Severity high
: Upstream M3
: 4.0
Assigned To: Steven Hardy
Kevin Whitney
: OtherQA
Depends On: 968246 970134
Blocks: 1000540
  Show dependency treegraph
Reported: 2013-06-03 18:07 EDT by Steven Hardy
Modified: 2016-04-26 15:51 EDT (History)
8 users (show)

See Also:
Fixed In Version: openstack-heat-2013.2-0.8.b3.el6ost
Doc Type: Bug Fix
Doc Text:
Due to differences in signature formats, connections from recent versions of python-boto based clients were unable to connect to the cloudformation-compatible API. The updated python-boto client library used the AWS v4 signature by default, which was not supported by the Orchestration API. With this update, Orchestration now supports the AWS v4 signature format, and python-boto based clients can authenticate to the cloudformation-compatible API.
Story Points: ---
Clone Of:
: 1000540 (view as bug list)
Last Closed: 2013-12-19 19:04:26 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)

External Trackers
Tracker ID Priority Status Summary Last Updated
Launchpad 1122472 None None None Never
OpenStack gerrit 31568 None None None Never

  None (edit)
Description Steven Hardy 2013-06-03 18:07:19 EDT
Description of problem:

- We require boto, primarily for our in-instance tools (heat-cfntools) without which several of our core features don't work.
- Recent (>=2.6.0) boto versions move to AWS v4 signatures by default, with no way to specify the previous (v2) signature format.  This means that grizzly/RHOS Heat won't work with any distro with a newer than 2.5.x boto version (which means F18, F19, and crucially soon RHEL ref bz #968247 won't work, also recent versions of Ubuntu won't work etc etc)

The plan is to propose this as a backport to the upstream Heat stable/grizzly branch, but we've been waiting on a python-keystoneclient release containing the fix discussed in this bz.  This happened a couple of days ago (0.2.4 contains this patch), ref bz #970134

Backport proposed:


Version-Release number of selected component (if applicable):

How reproducible:

Steps to Reproduce:
1. Install python-boto >= 2.6.0
2. Note that heat-cfntools, heat-watch and heat-cfn don't work

Actual results:
Heat doesn't work with distros containing boto >= 2.6.0

Expected results:
Heat should work with as many distros as possible (particularly important as this affects compatibility with guest images)

Additional info:
Comment 5 Ami Jeain 2013-10-27 09:36:21 EDT
a agreed by Perry, Heat and Ceilometer will be tested upstream by Tempest
Comment 9 errata-xmlrpc 2013-12-19 19:04:26 EST
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.