Thanks Sean,
I followed your commands but I get :
Error<br> at IncomingMessage.<anonymous> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br> at IncomingMessage.emit (events.js:117:20)<br> at _stream_readable.js:944:16<br> at process._tickDomainCallback (node.js:486:13)
Can anyone help me?
Cristian
----- Messaggio originale -----
Da: "Sean Murphy" <murp at zhaw.ch>
A: xifi-support at rt.cesnet.cz
Cc: fiware-lab-federation-nodes at lists.fiware.org
Inviato: Martedì, 9 febbraio 2016 11:25:39
Oggetto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key generation
Hi guys,
Got this working - had a mistake in my curl post...X-Auth_Token instead of X-Auth-Token...
This simpler command gets the token (thanks Ioannis)
curl -d '{"auth":{" passwordCredentials":{" username": " admin-volos ", "password": " yourpassword "}}}' -H "Content-type: application/json" http://cloud.lab.fiware.org:4731/v2.0/tokens
And then this command does the upload...
curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: YOURTOKEN FROM ABOVE COMMAND' --data @public.gpg
(assuming that the gpg cert is in a file called public.gpg in the current dir).
This command can be used to check:
curl --url http://aiakos.lab.fiware.org:3000/v1/support/zurich/gpgkey --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: YOUR TOKEN AS ABOVE'
Hope this helps,
Seán.
On Mon, Feb 8, 2016 at 2:21 PM, Sean Murphy < murp at zhaw.ch > wrote:
Hi Henar, all,
Thanks for this.
I'm sure I'm doing something wrong, but when I tried this, I get the following:
root at node-1:~/public_keys# curl -i ' http://cloud.lab.fiware.org:4730/v2.0/tokens ' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"passwordCredentials": {"username": "admin-zurich", "password": "<REDACTED>"}, "tenantId": "00000000000003228460960090160000"}}'
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 59424
Date: Mon, 08 Feb 2016 13:11:29 GMT
Connection: close
{"access": {"token": {"issued_at": "2016-02-08T13:11:29.680673", "expires": "2016-02-09T13:11:29Z", "id": "<REDACTED>", "tenant": {"description": "Cloud admin", "enabled": true, "id": "00000000000003228460960090160000", "name": "admin"}, "audit_ids": ["u3mdW7MsSBedP5M5NHuJRw"]},
<---SNIP--->
root at node-1:~/public_keys# curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth_Token: <REDACTED>' --data 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb seanmurphy at Seans-MacBook-Pro.local' --verbose
* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
* Trying 130.206.84.19... connected
> POST /v1/support HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/ 1.2.3.4 libidn/1.23 librtmp/2.3
> Host: aiakos.lab.fiware.org:3000
> accept: text/plain
> content-type: text/plain
> X-Auth_Token: <REDACTED>
> Content-Length: 415
>
* upload completely sent off: 415out of 415 bytes
^C
(COMMENT BY SM - THIS DID NOT WORK - IT JUST HUNG....)
root at node-1:~/public_keys# curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth_Token: <REDACTED>' --data 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb seanmurphy at Seans-MacBook-Pro.local' --verbose
* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
* Trying 130.206.84.19... connected
> POST /v1/support HTTP/1.1
> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/ 1.2.3.4 libidn/1.23 librtmp/2.3
> Host: aiakos.lab.fiware.org:3000
> accept: text/plain
> content-type: text/plain
> X-Auth_Token: <REDACTED>
> Content-Length: 415
>
* upload completely sent off: 415out of 415 bytes
< HTTP/1.1 401 Unauthorized
< X-Powered-By: Express
< X-Content-Type-Options: nosniff
< Content-Type: text/html; charset=utf-8
< Content-Length: 291
< Date: Mon, 08 Feb 2016 13:14:55 GMT
< Connection: keep-alive
<
Error<br> at IncomingMessage.<anonymous> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br> at IncomingMessage.emit (events.js:117:20)<br> at _stream_readable.js:944:16<br> at process._tickDomainCallback (node.js:486:13)
* Connection #0 to host aiakos.lab.fiware.org left intact
* Closing connection #0
root at node-1:~/public_keys#
I guess it's a problem with authentication - any ideas where the problem might be?
Thanks,
Seán.
On Mon, Feb 8, 2016 at 11:06 AM, HENAR MUÑOZ FRUTOS via RT < xifi-support at rt.cesnet.cz > wrote:
Hi
When you send the POST request, you send the token id of your region admin user. With this token aiakos obtains the region it belongs to. The request is the same for the sskkey or gpgkey. Aiakos detects if there is a ssh or gpg key according to the payload sent.
The POST request (with curl) would be:
curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain’ --header ‘X-Auth-Token: your token id’ —data your ssh key path or gpg key path
Regards,
Henar
De: " murp at zhaw.ch <mailto: murp at zhaw.ch >" < murp at zhaw.ch <mailto: murp at zhaw.ch >>
Fecha: lunes, 8 de febrero de 2016 10:29
Para: " xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >" < xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >>
CC: " fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >" < fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>
Asunto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key generation
Hi all,
Has anyone managed to do this?
I've generated our ssh and gpg keys. I don't know how to upload them.
If I understand from Henar, I should use the following endpoint:
http://aiakos.lab.fiware.org:3000/v1/support
However, I'm not sure how to generate the curl request. I don't understand
how I send my ssh keys and gpg keys to the endpoint; I also don't understand
how the endpoint can know for which node/region the keys apply.
@Henar (or anyone else!) - would you be able to provide a curl example of how to
post our keys to the endpoint above?
Thanks and rgds,
Seán.
On Wed, Feb 3, 2016 at 10:58 AM, HENAR MUÑOZ FRUTOS via RT < xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >> wrote:
Hi
The endpoint for the POST request is http://aiakos.lab.fiware.org:3000/v1/support < http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey > not ( http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey ).
Regards,
Henar
De: Cristian CMECIU < ccmeciu at images-et-reseaux.com <mailto: ccmeciu at images-et-reseaux.com ><mailto: ccmeciu at images-et-reseaux.com <mailto: ccmeciu at images-et-reseaux.com >>>
Fecha: miércoles, 3 de febrero de 2016 10:57
Para: " murp at zhaw.ch <mailto: murp at zhaw.ch ><mailto: murp at zhaw.ch <mailto: murp at zhaw.ch >>" < murp at zhaw.ch <mailto: murp at zhaw.ch ><mailto: murp at zhaw.ch <mailto: murp at zhaw.ch >>>
CC: " fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org ><mailto: fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>" < fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org ><mailto: fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>>
Asunto: Re: [Fiware-lab-federation-nodes] key generation
Hi all,
The Lannion node will use the same type of key: RSA 2048bits, valid for 2 years.
Have anyone succeeded to upload these keys to the Aiakos service?
When I'm trying to make a POST request I receive an 405 error: "Method not allowed"
I used a POST request as in the following example:
curl --request POST \
--url http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey \
--header 'accept: text/plain' \
--header 'content-type: text/plain' \
--data '-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\nmQENBFawwG4BCADNFOwCWJOwOAoN2tGC2Gs5aMZSs5y7ZQzpQS5PZNRSbMQUEzF4\n-----END PGP PUBLIC KEY BLOCK-----'
Can anyone help me to solve it?
BR,
Cristian
De : fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org ><mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org >> [mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org >] De la part de Vicent Borja Torres
Envoyé : jeudi 28 janvier 2016 11:04
À : Sean Murphy; fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org ><mailto: fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>
Objet : Re: [Fiware-lab-federation-nodes] key generation
Hello Sean,
>From Gent node, we are going to use same as you. At least, we are two nodes on the same page.
Regards,
Vicent.
On 25/01/16 09:16, Sean Murphy wrote:
Hi all,
(I could put this on the ticket, but then I think that many folks
would not see it).
Quick q around the help ticket relating to keys: what key types
and durations should we generate? (I know this is up to us, but
I guess it's good if we are reasonably consistent and solve the
problem together instead of all solving it individually).
I guess for SSH we should go with 2048 bit RSA and the same
for GPG with a 2 year duration. Is this what the rest of you are
thinking?
BR,
Seán.
_______________________________________________
Fiware-lab-federation-nodes mailing list
Fiware-lab-federation-nodes at lists.fiware.org <mailto: Fiware-lab-federation-nodes at lists.fiware.org ><mailto: Fiware-lab-federation-nodes at lists.fiware.org <mailto: Fiware-lab-federation-nodes at lists.fiware.org >>
https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
________________________________
Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
_______________________________________________
Fiware-lab-federation-nodes mailing list
Fiware-lab-federation-nodes at lists.fiware.org
https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
--
Cristian Cristelotti
Collaboratore di Trentino Network Srl
You can get more information about our cookies and privacy policies clicking on the following links: Privacy policy Cookies policy