[Fiware-lab-federation-nodes] [CESNET #148600] Re: key generation

[Sean Murphy]

Hi Cristian,

Run curl with --verbose so at least you can see what http code you get
back...

BR,
Seán.

On Fri, Feb 12, 2016 at 10:25 AM, Cristian Cristelotti <
cristian.cristelotti.coll at trentinonetwork.it> wrote:

> ok thanks,
> I removed the SHA but now iget empty response.
>
> Cristian
>
> ----- Messaggio originale -----
> Da: "FERNANDO LOPEZ AGUILAR" <fernando.lopezaguilar at telefonica.com>
> A: "Cristian Cristelotti" <cristian.cristelotti.coll at trentinonetwork.it>,
> "Sean Murphy" <murp at zhaw.ch>
> Cc: xifi-support at rt.cesnet.cz,
> fiware-lab-federation-nodes at lists.fiware.org
> Inviato: Venerdì, 12 febbraio 2016 8:52:42
> Oggetto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key
> generation
>
> Dear Cristian et all,
>
> This is a good question, when you introduce your token, do not put the
> string SHA1 on it, I mean we see a requests with
>
> {SHA1}<public key>
>
> Just put the public key.
>
>
>
> On 11/02/16 23:24, "fiware-lab-federation-nodes-bounces at lists.fiware.org
> on behalf of Cristian Cristelotti" <
> fiware-lab-federation-nodes-bounces at lists.fiware.org on behalf of
> cristian.cristelotti.coll at trentinonetwork.it> wrote:
>
> >Thanks Sean,
> >
> >I followed your commands but I get :
> >
> >Error<br>    at IncomingMessage.<anonymous>
> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br>  
>  at IncomingMessage.emit (events.js:117:20)<br>    at
> _stream_readable.js:944:16<br>    at process._tickDomainCallback
> (node.js:486:13)
> >
> >Can anyone help me?
> >
> >
> >Cristian
> >
> >----- Messaggio originale -----
> >Da: "Sean Murphy" <murp at zhaw.ch>
> >A: xifi-support at rt.cesnet.cz
> >Cc: fiware-lab-federation-nodes at lists.fiware.org
> >Inviato: Martedì, 9 febbraio 2016 11:25:39
> >Oggetto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key
> generation
> >
> >
> >
> >Hi guys,
> >
> >
> >Got this working - had a mistake in my curl post...X-Auth_Token instead
> of X-Auth-Token...
> >
> >
> >This simpler command gets the token (thanks Ioannis)
> >
> >
> >curl -d '{"auth":{" passwordCredentials":{" username": " admin-volos ",
> "password": " yourpassword "}}}' -H "Content-type: application/json"
> http://cloud.lab.fiware.org:4731/v2.0/tokens
> >
> >
> >
> >And then this command does the upload...
> >
> >
> >curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support
> --header 'accept: text/plain' --header 'content-type: text/plain' --header
> 'X-Auth-Token: YOURTOKEN FROM ABOVE COMMAND' --data @public.gpg
> >
> >
> >
> >(assuming that the gpg cert is in a file called public.gpg in the current
> dir).
> >
> >
> >This command can be used to check:
> >
> >
> >curl --url http://aiakos.lab.fiware.org:3000/v1/support/zurich/gpgkey
> --header 'accept: text/plain' --header 'content-type: text/plain' --header
> 'X-Auth-Token: YOUR TOKEN AS ABOVE'
> >
> >
> >
> >Hope this helps,
> >Seán.
> >
> >
> >
> >On Mon, Feb 8, 2016 at 2:21 PM, Sean Murphy < murp at zhaw.ch > wrote:
> >
> >
> >
> >Hi Henar, all,
> >
> >
> >Thanks for this.
> >
> >
> >I'm sure I'm doing something wrong, but when I tried this, I get the
> following:
> >
> >
> >
> >root at node-1:~/public_keys# curl -i '
> http://cloud.lab.fiware.org:4730/v2.0/tokens ' -X POST -H "Accept:
> application/json" -H "Content-Type: application/json" -H "User-Agent:
> python-novaclient" -d '{"auth": {"passwordCredentials": {"username":
> "admin-zurich", "password": "<REDACTED>"}, "tenantId":
> "00000000000003228460960090160000"}}'
> >HTTP/1.1 200 OK
> >Vary: X-Auth-Token
> >Content-Type: application/json
> >Content-Length: 59424
> >Date: Mon, 08 Feb 2016 13:11:29 GMT
> >Connection: close
> >
> >
> >{"access": {"token": {"issued_at": "2016-02-08T13:11:29.680673",
> "expires": "2016-02-09T13:11:29Z", "id": "<REDACTED>", "tenant":
> {"description": "Cloud admin", "enabled": true, "id":
> "00000000000003228460960090160000", "name": "admin"}, "audit_ids":
> ["u3mdW7MsSBedP5M5NHuJRw"]},
> >
> >
> ><---SNIP--->
> >
> >
> >root at node-1:~/public_keys# curl --request POST --url
> http://aiakos.lab.fiware.org:3000/v1/support --header 'accept:
> text/plain' --header 'content-type: text/plain' --header 'X-Auth_Token:
> <REDACTED>' --data 'ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb
> seanmurphy at Seans-MacBook-Pro.local' --verbose
> >
> >* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
> >* Trying 130.206.84.19... connected
> >> POST /v1/support HTTP/1.1
> >> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
> OpenSSL/1.0.1 zlib/ 1.2.3.4 libidn/1.23 librtmp/2.3
> >> Host: aiakos.lab.fiware.org:3000
> >> accept: text/plain
> >> content-type: text/plain
> >> X-Auth_Token: <REDACTED>
> >> Content-Length: 415
> >>
> >* upload completely sent off: 415out of 415 bytes
> >^C
> >
> >
> >(COMMENT BY SM - THIS DID NOT WORK - IT JUST HUNG....)
> >
> >
> >root at node-1:~/public_keys# curl --request POST --url
> http://aiakos.lab.fiware.org:3000/v1/support --header 'accept:
> text/plain' --header 'content-type: text/plain' --header 'X-Auth_Token:
> <REDACTED>' --data 'ssh-rsa
> AAAAB3NzaC1yc2EAAAADAQABAAABAQCXFf/3sR0IO27mZsUwSRkfD/uFYbqaJGMvZKLCJglxFjnYW0DJG5VACGD5U3SM7oq7xmM544t778lbG2bAXTiWl9mK3R3+uUMPBIXCIUpBL+9MwCW0V7QlLd+8bduhiPps8ywk0wOi5LaQb4kM3GrCLztQuAPIm490ShkLkSnyBp8E7/5gTbioT3yFE0juz5yLzOV/hqVQ8l52V8rsQOZ88hfIw4DAi/MsWdNeO3FlpKTaOQr550izSuxH0J07fKgbo2dYoOB3wlhVYiKWwn83Q2f1NiG7NOWj3ZqnjGo1yzoTDEZRoweh7ayr72bQy0KipcciC9oaTtUq2+JRL9Kb
> seanmurphy at Seans-MacBook-Pro.local' --verbose
> >* About to connect() to aiakos.lab.fiware.org port 3000 (#0)
> >* Trying 130.206.84.19... connected
> >> POST /v1/support HTTP/1.1
> >> User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0
> OpenSSL/1.0.1 zlib/ 1.2.3.4 libidn/1.23 librtmp/2.3
> >> Host: aiakos.lab.fiware.org:3000
> >> accept: text/plain
> >> content-type: text/plain
> >> X-Auth_Token: <REDACTED>
> >> Content-Length: 415
> >>
> >* upload completely sent off: 415out of 415 bytes
> >< HTTP/1.1 401 Unauthorized
> >< X-Powered-By: Express
> >< X-Content-Type-Options: nosniff
> >< Content-Type: text/html; charset=utf-8
> >< Content-Length: 291
> >< Date: Mon, 08 Feb 2016 13:14:55 GMT
> >< Connection: keep-alive
> ><
> >Error<br>    at IncomingMessage.<anonymous>
> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br>  
>  at IncomingMessage.emit (events.js:117:20)<br>    at
> _stream_readable.js:944:16<br>    at process._tickDomainCallback
> (node.js:486:13)
> >* Connection #0 to host aiakos.lab.fiware.org left intact
> >* Closing connection #0
> >root at node-1:~/public_keys#
> >
> >
> >I guess it's a problem with authentication - any ideas where the problem
> might be?
> >
> >
> >Thanks,
> >Seán.
> >
> >
> >
> >
> >
> >
> >
> >
> >
> >On Mon, Feb 8, 2016 at 11:06 AM, HENAR MUÑOZ FRUTOS via RT <
> xifi-support at rt.cesnet.cz > wrote:
> >
> >
> >Hi
> >When you send the POST request, you send the token id of your region
> admin user. With this token aiakos obtains the region it belongs to. The
> request is the same for the sskkey or gpgkey. Aiakos detects if there is a
> ssh or gpg key according to the payload sent.
> >
> >The POST request (with curl) would be:
> >curl --request POST --url http://aiakos.lab.fiware.org:3000/v1/support
> --header 'accept: text/plain' --header 'content-type: text/plain’ --header
> ‘X-Auth-Token: your token id’ —data your ssh key path or gpg key path
> >
> >Regards,
> >Henar
> >
> >De: " murp at zhaw.ch <mailto: murp at zhaw.ch >" < murp at zhaw.ch <mailto:
> murp at zhaw.ch >>
> >Fecha: lunes, 8 de febrero de 2016 10:29
> >Para: " xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >"
> < xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >>
> >CC: " fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org >" <
> fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org >>
> >Asunto: Re: [Fiware-lab-federation-nodes] [CESNET #148600] Re: key
> generation
> >
> >Hi all,
> >
> >Has anyone managed to do this?
> >
> >I've generated our ssh and gpg keys. I don't know how to upload them.
> >
> >If I understand from Henar, I should use the following endpoint:
> >
> >http://aiakos.lab.fiware.org:3000/v1/support
> >
> >However, I'm not sure how to generate the curl request. I don't understand
> >how I send my ssh keys and gpg keys to the endpoint; I also don't
> understand
> >how the endpoint can know for which node/region the keys apply.
> >
> >@Henar (or anyone else!) - would you be able to provide a curl example of
> how to
> >post our keys to the endpoint above?
> >
> >Thanks and rgds,
> >Seán.
> >
> >
> >
> >
> >
> >On Wed, Feb 3, 2016 at 10:58 AM, HENAR MUÑOZ FRUTOS via RT <
> xifi-support at rt.cesnet.cz <mailto: xifi-support at rt.cesnet.cz >> wrote:
> >Hi
> >The endpoint for the POST request is
> http://aiakos.lab.fiware.org:3000/v1/support <
> http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey > not (
> http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey ).
> >Regards,
> >Henar
> >
> >De: Cristian CMECIU < ccmeciu at images-et-reseaux.com <mailto:
> ccmeciu at images-et-reseaux.com ><mailto: ccmeciu at images-et-reseaux.com
> <mailto: ccmeciu at images-et-reseaux.com >>>
> >Fecha: miércoles, 3 de febrero de 2016 10:57
> >Para: " murp at zhaw.ch <mailto: murp at zhaw.ch ><mailto: murp at zhaw.ch
> <mailto: murp at zhaw.ch >>" < murp at zhaw.ch <mailto: murp at zhaw.ch ><mailto:
> murp at zhaw.ch <mailto: murp at zhaw.ch >>>
> >CC: " fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org ><mailto:
> fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org >>" <
> fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org ><mailto:
> fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org >>>
> >Asunto: Re: [Fiware-lab-federation-nodes] key generation
> >
> >Hi all,
> >
> >The Lannion node will use the same type of key: RSA 2048bits, valid for 2
> years.
> >
> >Have anyone succeeded to upload these keys to the Aiakos service?
> >When I'm trying to make a POST request I receive an 405 error: "Method
> not allowed"
> >
> >I used a POST request as in the following example:
> >curl --request POST \
> >--url http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey \
> >--header 'accept: text/plain' \
> >--header 'content-type: text/plain' \
> >--data '-----BEGIN PGP PUBLIC KEY BLOCK-----\nVersion: GnuPG v1.4.11
> (GNU/Linux)\n\nmQENBFawwG4BCADNFOwCWJOwOAoN2tGC2Gs5aMZSs5y7ZQzpQS5PZNRSbMQUEzF4\n-----END
> PGP PUBLIC KEY BLOCK-----'
> >
> >Can anyone help me to solve it?
> >
> >BR,
> >Cristian
> >
> >De : fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org ><mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org >> [mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org <mailto:
> fiware-lab-federation-nodes-bounces at lists.fiware.org >] De la part de
> Vicent Borja Torres
> >Envoyé : jeudi 28 janvier 2016 11:04
> >À : Sean Murphy; fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org ><mailto:
> fiware-lab-federation-nodes at lists.fiware.org <mailto:
> fiware-lab-federation-nodes at lists.fiware.org >>
> >Objet : Re: [Fiware-lab-federation-nodes] key generation
> >
> >Hello Sean,
> >
> >From Gent node, we are going to use same as you. At least, we are two
> nodes on the same page.
> >
> >Regards,
> >
> >Vicent.
> >On 25/01/16 09:16, Sean Murphy wrote:
> >Hi all,
> >
> >(I could put this on the ticket, but then I think that many folks
> >would not see it).
> >
> >Quick q around the help ticket relating to keys: what key types
> >and durations should we generate? (I know this is up to us, but
> >I guess it's good if we are reasonably consistent and solve the
> >problem together instead of all solving it individually).
> >
> >I guess for SSH we should go with 2048 bit RSA and the same
> >for GPG with a 2 year duration. Is this what the rest of you are
> >thinking?
> >
> >BR,
> >Seán.
> >
> >
> >
> >
> >
> >_______________________________________________
> >
> >Fiware-lab-federation-nodes mailing list
> >
> >Fiware-lab-federation-nodes at lists.fiware.org <mailto:
> Fiware-lab-federation-nodes at lists.fiware.org ><mailto:
> Fiware-lab-federation-nodes at lists.fiware.org <mailto:
> Fiware-lab-federation-nodes at lists.fiware.org >>
> >
> >
> >
> >https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
> >
> >
> >________________________________
> >
> >Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
> >
> >The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
> >
> >Esta mensagem e seus anexos se dirigem exclusivamente ao seu
> destinatário, pode conter informação privilegiada ou confidencial e é para
> uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o
> destinatário indicado, fica notificado de que a leitura, utilização,
> divulgação e/ou cópia sem autorização pode estar proibida em virtude da
> legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos
> o comunique imediatamente por esta mesma via e proceda a sua destruição
> >
> >
> >
> >________________________________
> >
> >Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
> >
> >The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
> >
> >Esta mensagem e seus anexos se dirigem exclusivamente ao seu
> destinatário, pode conter informação privilegiada ou confidencial e é para
> uso exclusivo da pessoa ou entidade de destino. Se não é vossa senhoria o
> destinatário indicado, fica notificado de que a leitura, utilização,
> divulgação e/ou cópia sem autorização pode estar proibida em virtude da
> legislação vigente. Se recebeu esta mensagem por erro, rogamos-lhe que nos
> o comunique imediatamente por esta mesma via e proceda a sua destruição
> >
> >
> >
> >
> >_______________________________________________
> >Fiware-lab-federation-nodes mailing list
> >Fiware-lab-federation-nodes at lists.fiware.org
> >https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
> >
> >--
> >Cristian Cristelotti
> >
> >Collaboratore di Trentino Network Srl
> >
> >
> >
> >_______________________________________________
> >Fiware-lab-federation-nodes mailing list
> >Fiware-lab-federation-nodes at lists.fiware.org
> >https://lists.fiware.org/listinfo/fiware-lab-federation-nodes
>
> ________________________________
>
> Este mensaje y sus adjuntos se dirigen exclusivamente a su destinatario,
> puede contener información privilegiada o confidencial y es para uso
> exclusivo de la persona o entidad de destino. Si no es usted. el
> destinatario indicado, queda notificado de que la lectura, utilización,
> divulgación y/o copia sin autorización puede estar prohibida en virtud de
> la legislación vigente. Si ha recibido este mensaje por error, le rogamos
> que nos lo comunique inmediatamente por esta misma vía y proceda a su
> destrucción.
>
> The information contained in this transmission is privileged and
> confidential information intended only for the use of the individual or
> entity named above. If the reader of this message is not the intended
> recipient, you are hereby notified that any dissemination, distribution or
> copying of this communication is strictly prohibited. If you have received
> this transmission in error, do not read it. Please immediately reply to the
> sender that you have received this communication in error and then delete
> it.
>
> Esta mensagem e seus anexos se dirigem exclusivamente ao seu destinatário,
> pode conter informação privilegiada ou confidencial e é para uso exclusivo
> da pessoa ou entidade de destino. Se não é vossa senhoria o destinatário
> indicado, fica notificado de que a leitura, utilização, divulgação e/ou
> cópia sem autorização pode estar proibida em virtude da legislação vigente.
> Se recebeu esta mensagem por erro, rogamos-lhe que nos o comunique
> imediatamente por esta mesma via e proceda a sua destruição
>
> --
> Cristian Cristelotti
>
> Collaboratore di Trentino Network Srl
>
>
>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.fiware.org/private/fiware-lab-federation-nodes/attachments/20160212/14fe3a12/attachment.html>