search

flexera-public / right_aws

RightScale Amazon Web Services Ruby Gems
MIT License
451 stars 175 forks source link

Rightscale::HttpConnection : re-raising same error: https://eu-central-1.ec2.amazonaws.com:443 temporarily unavailable #190

Closed devopsberlin closed 7 years ago

devopsberlin commented 7 years ago

Hi, I'm using chef_gem "right_aws" version '3.0.5' Got the following error when trying to use aws cookbook in ec2-central-1 region

WARN: Rightscale::HttpConnection : request failure count: 1, exception: #<SocketError: getaddrinfo: Name or service not known>
WARN: Rightscale::HttpConnection : request failure count: 2, exception: #<SocketError: getaddrinfo: Name or service not known>
WARN: Rightscale::HttpConnection : request failure count: 3, exception: #<SocketError: getaddrinfo: Name or service not known>
WARN: Rightscale::HttpConnection : request failure count: 4, exception: #<SocketError: getaddrinfo: Name or service not known>
WARN: Rightscale::HttpConnection : re-raising same error: https://eu-central-1.ec2.amazonaws.com:443 temporarily unavailable: (SocketError: getaddrinfo: Name or service not known) -- error count: 4, error age: 0

From this documentation 'http://docs.aws.amazon.com/general/latest/gr/rande.html', the endpoint should be 'ec2.eu-central-1.amazonaws.com' Any workarounds anyone can offer? Thanks!

konstantin-dzreev commented 7 years ago

When you instantiate it as:

Rightscale::Ec2.new(key, secret, :endpoint_url => 'https://eu-central-1.ec2.amazonaws.com')
devopsberlin commented 7 years ago

@konstantin-dzreev Please see the url below, I tried to change it on my cookbook but it doesn't help http://stackoverflow.com/questions/39453398/rightscalehttpconnection-re-raising-same-error-https-eu-central-1-ec2-ama

I am using v2.5.0 (2014-10-22) https://supermarket.chef.io/cookbooks/aws#changelog

Can you please suggest where and how I should change it ? Thanks you

konstantin-dzreev commented 7 years ago

Amazon used to support both 'eu-central-1.ec2.amazonaws.com' and 'ec2.eu-central-1.amazonaws.com' notations, but now they don't. The gem was written ages ago and is not maintained any more.

When one instantiates a new instance he can pass it a url of the service, and an optional region name. If the region name it provided then the gem joins them as: "."

As I see here https://docs.omniref.com/github/opscode-cookbooks/aws/2.6.4/symbols/Opscode::Aws::Ec2/create_aws_interface the instance of RightAws is instantiated as: 

aws_interface.new(credentials: creds, region: region)

And this causes RightAws to generate an unsupported endpoint.

To bring your code back to life, try to replace:

@@ec2 ||= create_aws_interface(RightAws::Ec2)

with something like:

@@ec2 ||= RightAws::Ec2(<your-aws-key-id>, <your-aws-secret-access-key>, :endpoint_url => aws_ec2_endpoint)

P.S. if your keys are stored in AWS_SECRET_ACCESS_KEY and AWS_SECRET_ACCESS_KEY env variables, you can put nil, nil instead of and

P.P.S. But this code change will break 'aws-sdk' compatibility (if you care about it though)

devopsberlin commented 7 years ago

@konstantin-dzreev thank you for your detailed explanation, I got an error uninitialized constant Aws,

I am using v2.5.0 and not 2.6.4- https://docs.omniref.com/github/opscode-cookbooks/aws/2.5.0/symbols/Opscode::Aws::Ec2/create_aws_interface

Maybe I should write it different ?

libraries/ec2.rb

      def create_aws_interface(aws_interface)
        begin
          require 'right_aws'
        rescue LoadError
          Chef::Log.error("Missing gem 'right_aws'. Use the default aws recipe to install it first.")
        end
        region = instance_availability_zone
        region = region[0, region.length-1]
        if new_resource.aws_access_key and new_resource.aws_secret_access_key
          aws_interface.new(new_resource.aws_access_key, new_resource.aws_secret_access_key, {:logger => Chef::Log, :region => region})
        else
          creds = query_role_credentials
          aws_interface.new(creds['AccessKeyId'], creds['SecretAccessKey'], {:logger => Chef::Log, :region => region, :token => creds['Token']})
        end
      end
konstantin-dzreev commented 7 years ago

You can write it different. Just do not use "region" argument, use "endpoint_url" argument. When you pass it a region, it causes right_aws to build an improper endpoint.

Try something like this:

def create_aws_interface(aws_interface)
  begin
    require 'right_aws'
  rescue LoadError
    Chef::Log.error("Missing gem 'right_aws'. Use the default aws recipe to install it first.")
  end
  region = instance_availability_zone
  region = region[0, region.length-1]
  aws_endpoint_url = "https://ec2.%s.amazonaws.com" % region
  if new_resource.aws_access_key and new_resource.aws_secret_access_key
    aws_interface.new(new_resource.aws_access_key, new_resource.aws_secret_access_key, {:logger => Chef::Log, :endpoint_url => aws_endpoint_url})
  else
    creds = query_role_credentials
    aws_interface.new(creds['AccessKeyId'], creds['SecretAccessKey'], {:logger => Chef::Log, :endpoint_url => aws_endpoint_url, :token => creds['Token']})
  end
end
devopsberlin commented 7 years ago

@konstantin-dzreev , eu-central-1 region requires AWS Signature Version 4, and right_aws not support because the gem was written ages ago, right ? https://forums.aws.amazon.com/message.jspa?messageID=578908 So I must upgrade to aws-sdk / newer cookbook...

devopsberlin commented 7 years ago

@konstantin-dzreev thank you very much and I really appreciate all your help, finally I moved to cookbook 'aws', '= 2.7.2'