Known Issues

This topic lists known issues in Eucalyptus 4.2.0 and its dependencies.

Please contact Eucalyptus Support for known workarounds to these issues.

New known issues for this release:

Issue Description
Internal loadbalancer is not functional (EUCA-11324) In VPC, an internal load balancer has ELB instances that is in a private subnet without a public IP. That instance cannot reach ELB service to retrieve information on the ELB, update its status, etc., without configuring a NAT instance in the VPC.

Workaround: None at this time.

Non-default security group for ELB/VPC blocks ports for ELBs (EUCA-11374) In VPC, all egress ports for non-default security groups are blocked. When the non-default security group is used with the ELB, the ELB will not be functional until the required ports are opened.
Workaround: Use Euca2ools to run the following commands to authorize each of the egress ports (TCP:8773 (Web service), UDP:53 (DNS), and UDP:123) for the non-default security group:
euca-authorize --egress -P tcp -p 8773 -s 0.0.0.0/0 sg-f3a511c4
euca-authorize --egress -P udp -p 53 -s 0.0.0.0/0 sg-f3a511c4
euca-authorize --egress -P udp -p 123 -s 0.0.0.0/0 sg-f3a511c4
PV instance migration doesn't work (EUCA-11511) Paravirtual instances cannot be migrated using euserv-migrate-instance. There are no workarounds at this time.
Failure to multi-delete objects by non-bucket-owning accounts (EUCA-11513) Workaround: You may be able to complete this operation by means of another S3 tool, like Cloudberry Explorer, S3-curl, or S3Organizer, for example.
clcadmin-assume-system-credentials produces unusable output when eucalyptus/admin has more than one active access key (EUCA-11516) The clcadmin-assume-system-credentials command doesn't handle database queries that return more than one result properly.
Workaround:
  1. When you first run clcadmin-assume-system-credentials, the resulting output shows:
    export AWS_IAM_URL=http://127.0.0.1:8773/services/Euare;
    export EMPYREAN_URL=http://127.0.0.1:8773/services/Empyrean;
    export PROPERTIES_URL=http://127.0.0.1:8773/services/Properties;
    export AWS_ACCESS_KEY_ID="AKIAANXD4CQD3EXAMPLE";
    export AWS_ACCESS_KEY="AKIAANXD4CQD3EXAMPLE";
    export EC2_ACCESS_KEY="AKIAANXD4CQD3EXAMPLE";
    export AWS_SECRET_ACCESS_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE AKIABBNYD5CRE4EXAMPLE";
    export AWS_SECRET_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE AKIABBNYD5CRE4EXAMPLE";
    export EC2_SECRET_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE AKIABBNYD5CRE4EXAMPLE";
    unset AWS_CREDENTIAL_FILE;
    unset AWS_SESSION_TOKEN;
    unset AWS_SECURITY_TOKEN;
    unset EC2_USER_ID;
    Note: Notice the environment variable, AWS_SECRET_ACCESS_KEY returns two words instead of the usual one, as shown in the bolded text.
  2. Copy that line without the second word, then paste it in the shell:
    export AWS_SECRET_ACCESS_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE
    The following corrected output displays:
    export AWS_IAM_URL=http://127.0.0.1:8773/services/Euare;
    export EMPYREAN_URL=http://127.0.0.1:8773/services/Empyrean;
    export PROPERTIES_URL=http://127.0.0.1:8773/services/Properties;
    export AWS_ACCESS_KEY_ID="AKIAANXD4CQD3EXAMPLE";
    export AWS_ACCESS_KEY="AKIAANXD4CQD3EXAMPLE";
    export EC2_ACCESS_KEY="AKIAANXD4CQD3EXAMPLE";
    export AWS_SECRET_ACCESS_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE";
    export AWS_SECRET_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE";
    export EC2_SECRET_KEY="sfywRHlsRJ4joukXCEfymsdEbaNEZHl17EXAMPLE";
    unset AWS_CREDENTIAL_FILE;
    unset AWS_SESSION_TOKEN;
    unset AWS_SECURITY_TOKEN;
    unset EC2_USER_ID;
  3. Paste the corrected output into the terminal.
euserv-describe-services with secure http endpoint results in python2.6 InsecureRequestWarning. (EUCA-11519) When an administrator uses HTTPS and doesn't enable certificate verification, running any command thereafter, will display the InsecureRequestWarning message.

Workaround: Use a valid certificate and set verify-ssl = true in the region's configuration, or use plain HTTP.

ELB access logs collection fails when logs prefix contains an uppercase letter (EUCA-11524) Uppercase characters in a path is invalid, resulting in an eror.

Workaround: Specify the prefix with lowercase characters.

Large number of volumes breaks volumes landing page (GUI-1925) There is a limit of 5,000 volumes and 10,000 snapshots per account. The filter list limit is 200 items, which is the maximum number of filter values specified in a single call.

Workaround: Have less volumes per account, or avoid using the console for viewing them.

Creating an account with 'admin' user entered prevents download of credentials (GUI-2168) Workaround: Do not create an 'admin' user as it is created automatically for every account.
Eucaconsole does not always load the latest IE mode (GUI-2171) In some cases, where console users are running Internet Explorer 11 in an intranet setting, IE will force the console into IE7 Compatibility mode. This affects the page layout, making the console more difficult to use.
Workaround #1 - Disable the automatic configuration script in IE11:
  1. Go to Internet Options > Connections > LAN settings.
  2. De-select the checkbox for Use automatic configuration script to disable it.
  3. Exit and restart IE.
  4. Log back into the Console.
Workaround #2 - The console administrator may add a line to the nginx.conf file under the SSL configured server:
server {
	listen 443 ssl;
	server_name ~^(?<domain>.+)$;
									
	# SSL configuration
	ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
	ssl_certificate /Users/ashamblin/keys/server.crt;
	ssl_certificate_key /Users/ashamblin/keys/server.key;
	add_header "X-UA-Compatible" "IE=Edge";
	add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
	# end of SSL configuration. 
Console does not allow an empty prefix to be entered for ELB access logs (GUI-2173) The Prefix field is optional. However, when the field is left blank and saved, the console auto-generates a prefix with uppercase characters, which is invalid, resulting in an eror.

Workaround: Using all lowercase characters, enter a path in the Prefix text field to specify the path within the bucket to store your log files.

ELB access logs aren't collected when the logs prefix is left blank (and console auto-generates prefix) (GUI-2174) The Prefix field is optional. However, when the field is left blank and saved, the console auto-generates a prefix with uppercase characters, which is invalid, resulting in an eror.

Workaround: Using all lowercase characters, enter a path in the Prefix text field to specify the path within the bucket to store your log files.

Outstanding known issues from previous releases:

Issue Description
Unable to launch EBS instance or delete volume when launched in different zone than created. (EUCA-10697)

See linked bug for more information.

Failed EMIs from CreateImage might leave behind orphaned snapshots (EUCA-11184)
  1. Use euca-describe-images to see if the EMI associated with CreateImage has a failed status.

    If any failed, then:

  2. Use euca-describe-snapshots to find any snapshot IDs associated with the failed CreateImage EMI ID.

    The snapshot description includes the EMI ID and Instance ID. Note that the snapshot state can be failed or completed.

Workaround: The cloud administrator and/or cloud user (with proper IAM access to the account's snapshots) can simply delete any orphaned snapshots.

x