[Fiware-lab-federation-nodes] [CESNET #148600] Re: key generation

[FERNANDO LOPEZ AGUILAR]

Dear Cristian et all,

This is a good question, when you introduce your token, do not put the string SHA1 on it, I mean we see a requests with

{SHA1}<public key>

Just put the public key.



On 11/02/16 23:24, "fiware-lab-federation-nodes-bounces at lists.fiware.org on behalf of Cristian Cristelotti" <fiware-lab-federation-nodes-bounces at lists.fiware.org on behalf of cristian.cristelotti.coll at trentinonetwork.it> wrote:

>Thanks Sean,
>
>I followed your commands but I get :
>
>Error<br>    at IncomingMessage.<anonymous> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br>    at IncomingMessage.emit (events.js:117:20)<br>    at _stream_readable.js:944:16<br>    at process._tickDomainCallback (node.js:486:13)
>
>Can anyone help me?
>
>
>Cristian
>
>----- Messaggio originale -----
>Da: "Sean Murphy" <murp at zhaw.ch>
>A: xifi-support at rt.cesnet.cz
>Cc: fiware-lab-federation-nodes at lists.fiware.org
>Inviato: Martedì, 9 febbraio 2016 11:25:39
>Oggetto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key    generation
>
>
>
>Hi guys,
>
>
>Got this working - had a mistake in my curl post...X-Auth_Token instead of X-Auth-Token...
>
>
>This simpler command gets the token (thanks Ioannis)
>
>
>curl -d '{"auth":{" passwordCredentials":{" username": " admin-volos ", "password": " yourpassword "}}}' -H "Content-type: application/json" http://cloud.lab.fiware.org:4731/v2.0/tokens
>
>
>
>And then this command does the upload...
>
>
>curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: YOURTOKEN FROM ABOVE COMMAND' --data @public.gpg
>
>
>
>(assuming that the gpg cert is in a file called public.gpg in the current dir).
>
>
>This command can be used to check:
>
>
>curl --url http://aiakos.lab.fiware.org:3000/v1/support/zurich/gpgkey --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: YOUR TOKEN AS ABOVE'
>
>
>
>Hope this helps,
>Seán.
>
>
>
>On Mon, Feb 8, 2016 at 2:21 PM, Sean Murphy < murp at zhaw.ch > wrote:
>
>
>
>Hi Henar, all,
>
>
>Thanks for this.
>
>
>I'm sure I'm doing something wrong, but when I tried this, I get the following:
>
>
>
>root at node-1:~/public_keys# curl -i ' http://cloud.lab.fiware.org:4730/v2.0/tokens ' -X POST -H "Accept: application/json" -H "Content-Type: application/json" -H "User-Agent: python-novaclient" -d '{"auth": {"passwordCredentials": {"username": "admin-zurich", "password": "<REDACTED>"}, "tenantId": "00000000000003228460960090160000"}}'
>HTTP/1.1 200 OK
>Vary: X-Auth-Token
>Content-Type: application/json
>Content-Length: 59424
>Date: Mon, 08 Feb 2016 13:11:29 GMT
>Connection: close
>
>
>{"access": {"token": {"issued_at": "2016-02-08T13:11:29.680673", "expires": "2016-02-09T13:11:29Z", "id": "<REDACTED>", "tenant": {"description": "Cloud admin", "enabled": true, "id": "00000000000003228460960090160000", "name": "admin"}, "audit_ids": ["u3mdW7MsSBedP5M5NHuJRw"]},
>
>
><---SNIP--->
>
>
>root at node-1:~/public_keys# curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth_Token: <REDACTED>' --data 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb seanmurphy at Seans-MacBook-Pro.local' --verbose
>
>* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
>* Trying 130.206.84.19... connected
>> POST /v1/support HTTP/1.1
>> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/ 1.2.3.4 libidn/1.23 librtmp/2.3
>> Host: aiakos.lab.fiware.org:3000
>> accept: text/plain
>> content-type: text/plain
>> X-Auth_Token: <REDACTED>
>> Content-Length: 415
>>
>* upload completely sent off: 415out of 415 bytes
>^C
>
>
>(COMMENT BY SM - THIS DID NOT WORK - IT JUST HUNG....)
>
>
>root at node-1:~/public_keys# curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth_Token: <REDACTED>' --data 'ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb seanmurphy at Seans-MacBook-Pro.local' --verbose
>* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
>* Trying 130.206.84.19... connected
>> POST /v1/support HTTP/1.1
>> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/ 1.2.3.4 libidn/1.23 librtmp/2.3
>> Host: aiakos.lab.fiware.org:3000
>> accept: text/plain
>> content-type: text/plain
>> X-Auth_Token: <REDACTED>
>> Content-Length: 415
>>
>* upload completely sent off: 415out of 415 bytes
>< HTTP/1.1 401 Unauthorized
>< X-Powered-By: Express
>< X-Content-Type-Options: nosniff
>< Content-Type: text/html; charset=utf-8
>< Content-Length: 291
>< Date: Mon, 08 Feb 2016 13:14:55 GMT
>< Connection: keep-alive
><
>Error<br>    at IncomingMessage.<anonymous> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br>    at IncomingMessage.emit (events.js:117:20)<br>    at _stream_readable.js:944:16<br>    at process._tickDomainCallback (node.js:486:13)
>* Connection #0 to host aiakos.lab.fiware.org left intact
>* Closing connection #0
>root at node-1:~/public_keys#
>
>
>I guess it's a problem with authentication - any ideas where the problem might be?
>
>
>Thanks,
>Seán.
>
>
>
>
>
>
>
>
>
>On Mon, Feb 8, 2016 at 11:06 AM, HENAR MUÑOZ FRUTOS via RT < xifi-support at rt.cesnet.cz > wrote:
>
>
>Hi
>When you send the POST request, you send the token id of your region admin user. With this token aiakos obtains the region it belongs to. The request is the same for the sskkey or gpgkey. Aiakos detects if there is a ssh or gpg key according to the payload sent.
>
>The POST request (with curl) would be:
>curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support --header 'accept: text/plain' --header 'content-type: text/plain’ --header ‘X-Auth-Token: your token id’ —data your ssh key path or gpg key path
>
>Regards,
>Henar
>
>De: " murp at zhaw.ch <mailto: murp at zhaw.ch >" < murp at zhaw.ch <mailto: murp at zhaw.ch >>
>Fecha: lunes, 8 de febrero de 2016 10:29
>Para: " xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >" < xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >>
>CC: " fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >" < fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>
>Asunto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key generation
>
>Hi all,
>
>Has anyone managed to do this?
>
>I've generated our ssh and gpg keys. I don't know how to upload them.
>
>If I understand from Henar, I should use the following endpoint:
>
>http://aiakos.lab.fiware.org:3000/v1/support
>
>However, I'm not sure how to generate the curl request. I don't understand
>how I send my ssh keys and gpg keys to the endpoint; I also don't understand
>how the endpoint can know for which node/region the keys apply.
>
>@Henar (or anyone else!) - would you be able to provide a curl example of how to
>post our keys to the endpoint above?
>
>Thanks and rgds,
>Seán.
>
>
>
>
>
>On Wed, Feb 3, 2016 at 10:58 AM, HENAR MUÑOZ FRUTOS via RT < xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >> wrote:
>Hi
>The endpoint for the POST request is http://aiakos.lab.fiware.org:3000/v1/support < http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey > not ( http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey ).
>Regards,
>Henar
>
>De: Cristian CMECIU < ccmeciu at images-et-reseaux.com <mailto: ccmeciu at images-et-reseaux.com ><mailto: ccmeciu at images-et-reseaux.com <mailto: ccmeciu at images-et-reseaux.com >>>
>Fecha: miércoles, 3 de febrero de 2016 10:57
>Para: " murp at zhaw.ch <mailto: murp at zhaw.ch ><mailto: murp at zhaw.ch <mailto: murp at zhaw.ch >>" < murp at zhaw.ch <mailto: murp at zhaw.ch ><mailto: murp at zhaw.ch <mailto: murp at zhaw.ch >>>
>CC: " fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org ><mailto: fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>" < fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org ><mailto: fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>>
>Asunto: Re: [Fiware-lab-federation-nodes] key generation
>
>Hi all,
>
>The Lannion node will use the same type of key: RSA 2048bits, valid for 2 years.
>
>Have anyone succeeded to upload these keys to the Aiakos service?
>When I'm trying to make a POST request I receive an 405 error: "Method not allowed"
>
>I used a POST request as in the following example:
>curl --request POST \
>--url http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey \
>--header 'accept: text/plain' \
>--header 'content-type: text/plain' \
>--data '-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\nmQENBFawwG4BCADNFOwCWJOwOAoN2tGC2Gs5aMZSs5y7ZQzpQS5PZNRSbMQUEzF4\n-----END PGP PUBLIC KEY BLOCK-----'
>
>Can anyone help me to solve it?
>
>BR,
>Cristian
>
>De : fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org ><mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org >> [mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto: fiware-lab-federation-nodes-bounces at lists.fiware.org >] De la part de Vicent Borja Torres
>Envoyé : jeudi 28 janvier 2016 11:04
>À : Sean Murphy; fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org ><mailto: fiware-lab-federation-nodes at lists.fiware.org <mailto: fiware-lab-federation-nodes at lists.fiware.org >>
>Objet : Re: [Fiware-lab-federation-nodes] key generation
>
>Hello Sean,
>
>From Gent node, we are going to use same as you. At least, we are two nodes on the same page.
>
>Regards,
>
>Vicent.
>On 25/01/16 09:16, Sean Murphy wrote:
>Hi all,
>
>(I could put this on the ticket, but then I think that many folks
>would not see it).
>
>Quick q around the help ticket relating to keys: what key types
>and durations should we generate? (I know this is up to us, but
>I guess it's good if we are reasonably consistent and solve the
>problem together instead of all solving it individually).
>
>I guess for SSH we should go with 2048 bit RSA and the same
>for GPG with a 2 year duration. Is this what the rest of you are
>thinking?
>
>BR,
>Seán.
>
>
>
>
>
>_______________________________________________
>
>Fiware-lab-federation-nodes mailing list
>
>Fiware-lab-federation-nodes at lists.fiware.org <mailto: Fiware-lab-federation-nodes at lists.fiware.org ><mailto: Fiware-lab-federation-nodes at lists.fiware.org <mailto: Fiware-lab-federation-nodes at lists.fiware.org >>
>
>
>
>https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
>
>
>________________________________
>
>Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
>
>The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
>
>Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
>
>
>
>________________________________
>
>Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.
>
>The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.
>
>Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição
>
>
>
>
>_______________________________________________
>Fiware-lab-federation-nodes mailing list
>Fiware-lab-federation-nodes at lists.fiware.org
>https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
>
>--
>Cristian Cristelotti
>
>Collaboratore di Trentino Network Srl
>
>
>
>_______________________________________________
>Fiware-lab-federation-nodes mailing list
>Fiware-lab-federation-nodes at lists.fiware.org
>https://lists.fiware.org/listinfo/fiware-lab-federation-nodes

________________________________

Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario, puede contener información privilegiada o confidencial y es para uso exclusivo de la persona o entidad de destino. Si no es usted. el destinatario indicado, queda notificado de que la lectura, utilización, divulgación y/o copia sin autorización puede estar prohibida en virtud de la legislación vigente. Si ha recibido este mensaje por error, le rogamos que nos lo comunique inmediatamente por esta misma vía y proceda a su destrucción.

The information contained in this transmission is privileged and confidential information intended only for the use of the individual or entity named above. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this communication is strictly prohibited. If you have received this transmission in error, do not read it. Please immediately reply to the sender that you have received this communication in error and then delete it.

Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário, pode conter informação privilegiada ou confidencial e é para uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário indicado, fica notificado de que a leitura, utilização, divulgação e/ou cópia sem autorização pode estar proibida em virtude da legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique imediatamente por esta mesma via e proceda a sua destruição