search

goerz / gc3pie

Automatically exported from code.google.com/p/gc3pie
0 stars 0 forks source link

EC2 backend is trying to access non-existent method Crypto.PublicKey.DSA.importKey #482

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?
1. Ensure you are using the latest version of PyCrypto (currently: 2.6.1)
2. Configure an `ec2+shellcmd` backend using a DSA key as `public_key`
3. try to submit a job

What is the expected output? What do you see instead?

GC3Pie should be able to start a VM, but instead it fails while trying to 
ensure the chosen keypair has the same fingerprint as the public key file.

Traceback follows::

    gc3.gc3libs: ERROR: Got error in submitting task 'GRunApplication.1310877', informing scheduler: AttributeError: 'module' object has no attribute 'importKey'
    gc3.gc3libs: DEBUG: Scheduler ignored error in submitting task 'GRunApplication.1310877': AttributeError: 'module' object has no attribute 'importKey'
    Traceback (most recent call last):
      File "/home/antonio/zurich/gc3pie.git/gc3pie/gc3libs/core.py", line 1026, in first_come_first_serve
        yield (task_idx, target.name)
      File "/home/antonio/zurich/gc3pie.git/gc3pie/gc3libs/core.py", line 1483, in progress
        self._core.submit(task, targets=[resource])
      File "/home/antonio/zurich/gc3pie.git/gc3pie/gc3libs/core.py", line 258, in submit
        app, resubmit, targets, **extra_args)
      File "/home/antonio/zurich/gc3pie.git/gc3pie/gc3libs/core.py", line 378, in __submit_application
        raise ex
    AttributeError: 'module' object has no attribute 'importKey'

The problem is caused by this line of code
https://code.google.com/p/gc3pie/source/browse/trunk/gc3pie/gc3libs/backends/ec2
.py#420
in `gc3libs.backends.ec2`

While the `RSA` class (from `Crypto.PublicKey` module, `pycrypto`
package) has the `importKey` method,  `DSA` class doesn't.

Apparently, the `importKey` method has been added in `pycrypto` module
some times ago in `master` branch::

    commit 791cfaa255b002a65a57bb29a1f3b8ea23e132b8
    Author: Legrandin <helderijs@gmail.com>
    Date:   Mon Jul 1 22:30:45 2013 +0200

        Add support for import/export of DSA keys

        This patch adds methods importKey() to DSA module
        and exportKey() to _DSAobj object.

        Public and private keys can be imported/exported
        in a variety of formats:

        * DER vs PEM
        * PKCS#8 vs OpenSSL vs OpenSSH/OpenSSL
        * Encrypted vs clear

but never backported to the `2.6.x` branch, and the latest version of
PyCrypto on PyPI is `2.6.1`.

We could:

a) re-implement the `importKey` method in `Ec2Lrms` class
b) just log a warning message saying that we are unable to ensure the
   public key used corresponds to the correct keypair.

In my opinion option `b)` is to be preferred. Please also note that
AWS does not currently support DSA keys, so this issue is likely to
have a very low impact (only people using GC3Pie on non-AWS _and_
non-OpenStack clouds)

Original issue reported on code.google.com by arcimbo...@gmail.com on 23 Feb 2015 at 5:02