/amz

cn-north-1 endpoint doesn't match stream endpoint #21

Closed
absoludity opened this Issue Jan 27, 2015 · 9 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
3 participants
@absoludity @axw @utlemming
@absoludity

absoludity commented Jan 27, 2015

The endpoints used in goamz for cn-north-1 [1] use the domain:

amazonaws.com.cn

whereas that published in the stream [2] uses:

amazonaws-cn.com.cn

This means that when bootstrapping (from a non-cn client machine), it fails to find a matching endpoint [3]

That said, as Haw pointed out, the amazonaws.com.cn one from goamz resolves, while the stream one doesn't resolve (from outside .cn) [4], so if it is just the stream being incorrect, this bug is invalid :)

We'd like to try to deploy a staging service to cn-north-1 as soon as we're allowed, but would be blocked on this.

[1] https://github.com/go-amz/amz/blob/v1/aws/aws.go#L145
[2] http://cloud-images.ubuntu.com/releases/streams/v1/index.json
[3] http://paste.ubuntu.com/9890087/
[4] http://paste.ubuntu.com/9890097/
@axw
Member

axw commented Jan 27, 2015

Looks a lot like the streams data is wrong. I've passed this along to Ben, who can confirm, and CC'd you.
@utlemming

utlemming commented Jan 27, 2015

Confirmed the data as bad. It'll take a day or two to get this fixed.
@utlemming

utlemming commented Jan 27, 2015

This is fixed now.
@axw
Member

axw commented Jan 27, 2015

Thanks!

@axw axw closed this Jan 27, 2015

@absoludity

absoludity commented Jan 27, 2015

Thanks for updating the streams. I just tried another bootstrap with the fixed stream data... it still fails though :/ https://pastebin.canonical.com/124380/
@axw
Member

axw commented Jan 28, 2015

@absoludity Possibly a wrong-side-of-the-GFW problem? I was under the impression that AWS China was restricted to users in China.
@absoludity

absoludity commented Jan 28, 2015

@axw I don't think so - that is, yes, AWS China is restricted to users who have a license to operate in China, but that doesn't necessarily mean you can't organise the deployment from an external machine.

What I can check is that I have no problem running, describing and terminating instances in cn-north-1 via the awscli from an external machine [1]. Maybe I should create a separate bug?

[1] https://pastebin.canonical.com/124392/
@axw
Member

axw commented Jan 28, 2015

@absoludity Thanks for clarifying that. Yes, but I think it probably belongs on the Juju projects.

(BTW, I checked and I can telnet to s3.cn-north-1.amazonaws.com.cn:443. Do you have an HTTP proxy set in your environment?)
@absoludity

absoludity commented Jan 28, 2015

@axw Yes, you were right - it was a firewall issue stopping the connection to that URL. I've tried from a different machine where I can access that URL, but the bootstrap fails for a different reason. Created #22

Thanks.

@absoludity absoludity referenced this issue Jan 28, 2015

Closed

The authorisation method you have provided is not supported #22

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment