Hi Henar, all,
Thanks for this.
I'm sure I'm doing something wrong, but when I tried this, I get the
following:
root at node-1:~/public_keys# curl -i '
http://cloud.lab.fiware.org:4730/v2.0/tokens' -X POST -H "Accept:
application/json" -H "Content-Type: application/json" -H "User-Agent:
python-novaclient" -d '{"auth": {"passwordCredentials": {"username":
"admin-zurich", "password": "<REDACTED>"}, "tenantId":
"00000000000003228460960090160000"}}'
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 59424
Date: Mon, 08 Feb 2016 13:11:29 GMT
Connection: close
{"access": {"token": {"issued_at": "2016-02-08T13:11:29.680673", "expires":
"2016-02-09T13:11:29Z", "id": "<REDACTED>", "tenant": {"description":
"Cloud admin", "enabled": true, "id": "00000000000003228460960090160000",
"name": "admin"}, "audit_ids": ["u3mdW7MsSBedP5M5NHuJRw"]},
<---SNIP--->
root at node-1:~/public_keys# curl --request POST --url
http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain'
--header 'content-type: text/plain' --header 'X-Auth_Token: <REDACTED>'
--data 'ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb
seanmurphy at Seans-MacBook-Pro.local' --verbose
* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
* Trying 130.206.84.19... connected
> POST /v1/support HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: aiakos.lab.fiware.org:3000
> accept: text/plain
> content-type: text/plain
> X-Auth_Token: <REDACTED>
> Content-Length: 415
>
* upload completely sent off: 415out of 415 bytes
^C
(COMMENT BY SM - THIS DID NOT WORK - IT JUST HUNG....)
root at node-1:~/public_keys# curl --request POST --url
http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain'
--header 'content-type: text/plain' --header 'X-Auth_Token: <REDACTED>'
--data 'ssh-rsa
AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb
seanmurphy at Seans-MacBook-Pro.local' --verbose
* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
* Trying 130.206.84.19... connected
> POST /v1/support HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3
> Host: aiakos.lab.fiware.org:3000
> accept: text/plain
> content-type: text/plain
> X-Auth_Token: <REDACTED>
> Content-Length: 415
>
* upload completely sent off: 415out of 415 bytes
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< X-Content-Type-Options: nosniff
< Content-Type: text/html; charset=utf-8
< Content-Length: 291
< Date: Mon, 08 Feb 2016 13:14:55 GMT
< Connection: keep-alive
<
Error<br> at IncomingMessage.<anonymous>
(/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br>
at IncomingMessage.emit (events.js:117:20)<br> at
_stream_readable.js:944:16<br> at process._tickDomainCallback
(node.js:486:13)
* Connection #0 to host aiakos.lab.fiware.org left intact
* Closing connection #0
root at node-1:~/public_keys#
I guess it's a problem with authentication - any ideas where the problem
might be?
Thanks,
Seán.
On Mon, Feb 8, 2016 at 11:06 AM, HENAR MUÑOZ FRUTOS via RT <
xifi-support at rt.cesnet.cz> wrote:
> Hi
> When you send the POST request, you send the token id of your region admin
> user. With this token aiakos obtains the region it belongs to. The request
> is the same for the sskkey or gpgkey. Aiakos detects if there is a ssh or
> gpg key according to the payload sent.
>
> The POST request (with curl) would be:
> curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support
> --header 'accept: text/plain' --header 'content-type: text/plain’ --header
> ‘X-Auth-Token: your token id’ —data your ssh key path or gpg key path
>
> Regards,
> Henar
>
> De: "murp at zhaw.ch<mailto:murp at zhaw.ch>" <murp at zhaw.ch<mailto:murp at zhaw.ch
> >>
> Fecha: lunes, 8 de febrero de 2016 10:29
> Para: "xifi-support at rt.cesnet.cz<mailto:xifi-support at rt.cesnet.cz>" <
> xifi-support at rt.cesnet.cz<mailto:xifi-support at rt.cesnet.cz>>
> CC: "fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org>" <
> fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org>>
> Asunto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key
> generation
>
> Hi all,
>
> Has anyone managed to do this?
>
> I've generated our ssh and gpg keys. I don't know how to upload them.
>
> If I understand from Henar, I should use the following endpoint:
>
> http://aiakos.lab.fiware.org:3000/v1/support
>
> However, I'm not sure how to generate the curl request. I don't understand
> how I send my ssh keys and gpg keys to the endpoint; I also don't
> understand
> how the endpoint can know for which node/region the keys apply.
>
> @Henar (or anyone else!) - would you be able to provide a curl example of
> how to
> post our keys to the endpoint above?
>
> Thanks and rgds,
> Seán.
>
>
>
>
>
> On Wed, Feb 3, 2016 at 10:58 AM, HENAR MUÑOZ FRUTOS via RT <
> xifi-support at rt.cesnet.cz<mailto:xifi-support at rt.cesnet.cz>> wrote:
> Hi
> The endpoint for the POST request is
> http://aiakos.lab.fiware.org:3000/v1/support<
> http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey> not (
> http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey).
> Regards,
> Henar
>
> De: Cristian CMECIU <ccmeciu at images-et-reseaux.com<mailto:
> ccmeciu at images-et-reseaux.com><mailto:ccmeciu at images-et-reseaux.com
> <mailto:ccmeciu at images-et-reseaux.com>>>
> Fecha: miércoles, 3 de febrero de 2016 10:57
> Para: "murp at zhaw.ch<mailto:murp at zhaw.ch><mailto:murp at zhaw.ch<mailto:
> murp at zhaw.ch>>" <murp at zhaw.ch<mailto:murp at zhaw.ch><mailto:murp at zhaw.ch
> <mailto:murp at zhaw.ch>>>
> CC: "fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org><mailto:
> fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org>>" <
> fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org><mailto:
> fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org>>>
> Asunto: Re: [Fiware-lab-federation-nodes] key generation
>
> Hi all,
>
> The Lannion node will use the same type of key: RSA 2048bits, valid for 2
> years.
>
> Have anyone succeeded to upload these keys to the Aiakos service?
> When I'm trying to make a POST request I receive an 405 error: "Method not
> allowed"
>
> I used a POST request as in the following example:
> curl --request POST \
> --url http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey \
> --header 'accept: text/plain' \
> --header 'content-type: text/plain' \
> --data '-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.11
> (GNU/Linux)\n\nmQENBFawwG4BCADNFOwCWJOwOAoN2tGC2Gs5aMZSs5y7ZQzpQS5PZNRSbMQUEzF4\n-----END
> PGP PUBLIC KEY BLOCK-----'
>
> Can anyone help me to solve it?
>
> BR,
> Cristian
>
> De : fiware-lab-federation-nodes-bounces at lists.fiware.org<mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org><mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org<mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org>> [mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org<mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org>] De la part de
> Vicent Borja Torres
> Envoyé : jeudi 28 janvier 2016 11:04
> À : Sean Murphy; fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org><mailto:
> fiware-lab-federation-nodes at lists.fiware.org<mailto:
> fiware-lab-federation-nodes at lists.fiware.org>>
> Objet : Re: [Fiware-lab-federation-nodes] key generation
>
> Hello Sean,
>
> From Gent node, we are going to use same as you. At least, we are two
> nodes on the same page.
>
> Regards,
>
> Vicent.
> On 25/01/16 09:16, Sean Murphy wrote:
> Hi all,
>
> (I could put this on the ticket, but then I think that many folks
> would not see it).
>
> Quick q around the help ticket relating to keys: what key types
> and durations should we generate? (I know this is up to us, but
> I guess it's good if we are reasonably consistent and solve the
> problem together instead of all solving it individually).
>
> I guess for SSH we should go with 2048 bit RSA and the same
> for GPG with a 2 year duration. Is this what the rest of you are
> thinking?
>
> BR,
> Seán.
>
>
>
>
>
> _______________________________________________
>
> Fiware-lab-federation-nodes mailing list
>
> Fiware-lab-federation-nodes at lists.fiware.org<mailto:
> Fiware-lab-federation-nodes at lists.fiware.org><mailto:
> Fiware-lab-federation-nodes at lists.fiware.org<mailto:
> Fiware-lab-federation-nodes at lists.fiware.org>>
>
> https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
>
>
> ________________________________
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>
>
>
> ________________________________
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20160208/5cb662f5/attachment.html>
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy