Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
HD-Node:Budapest
Description
The region staff team are responsible of the virtual machines instantiated on their servers. Therefore each region staff should have the control of who access the virtual machines for support purposes and set and enforce the corresponding policy. It is not possible if the public keys are shared among all the regions. Additionally, it is also extremely insecure and a problem when a region leaves the federation.
A new service, called aiakos and deployed aiakos.lab.fiware.org, has been deployed in FIWARE Lab to manage support region ssh and gpg keys.
As region administrator, you should create your ssh, and gpg keys and upload it into the aikos service (you can obtain information about how create your keys in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#generating-a-ssh-key).
To upload your keys into the aiakos service, you should use just a POST operation
POST: https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html
You can find information about why ssh and gpg keys are needed in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#why-a-ssh-key-and-a-gpg-key-are-needed
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
1d 2h 7m | 1 | Budapest Node Helpdesk | 19/Jan/16 1:49 PM | |||||
|
1s | 1 | Henar Muñoz | 19/Jan/16 2:10 PM | |||||
|
8d 22h 54m | 2 | Budapest Node Helpdesk | 28/Jan/16 1:03 PM | |||||
|
18m 55s | 2 | Budapest Node Helpdesk | 28/Jan/16 1:03 PM |
| Fix Version/s | 2021 [ 12600 ] |
| Summary | FIWARE.Request.Lab.Adding Region Support Keys | FIWARE.Request.Lab.Budapest.Adding Region Support Keys |
| HD-Node | Budapest [ 10911 ] |
| Summary | Adding Region Support Keys | FIWARE.Request.Lab.Adding Region Support Keys |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
Hi,
now we got different error message when we send the pgp:
Reply: Error: invalid key<br> at saveKeyToFile (/opt/fiware/fiware-aiakos/lib/routes/v1.js:123:25)<br> at /opt/fiware/fiware-aiakos/lib/routes/v1.js:162:13<br> at /opt/fiware/fiware-aiakos/lib/routes/openstack.js:235:13<br> at IncomingMessage.<anonymous> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:96:21)<br> at IncomingMessage.emit (events.js:117:20)<br> at _stream_readable.js:944:16<br> at process._tickDomainCallback (node.js:492:13)
Bests,
Gergő
After fix some problems in the server, could you try again?
Thank you and sorry for the inconvenience.
Regards,
Jesus
Hi,
we tried, but we got the same response from the server.
Bests,
Gergő
Hi
I thinks there were some problems due to the region name budapest2. Could you try it again?
Thanks,
Henar
Ok. The port was not mentioned so far. Now we can access to the end-point, but we get error 401:
curl -X POST -H 'Content-Type: text/plain' -H 'X-Auth-Token:
1108a7230f914d18a3a6c5b62a67fd51' -H 'Accept: text/plain' http://aiakos.lab.fiware.org:3000/v1/support --data @support/public.gpg
Error<br> at IncomingMessage.<anonymous> (/opt/fiware/fiware-aiakos/lib/routes/openstack.js:100:33)<br> at IncomingMessage.emit (events.js:117:20)<br> at _stream_readable.js:944:16<br> at process._tickDomainCallback (node.js:492:13)
The auth token is generated as usual e.g. by nova client and other scripts that works well..
Best,
Sandor
mm it is up. Could you tell me exactly what is the request you are doing?
You should do a POst request to http://aiakos.lab.fiware.org:3000/v1/support
with headers: Content-Type: text/plain, Accept: text/plain, X-Auth-Token: your token, and the payload your key
Regards,
Henar
Dear Henar,
Could you please clarify which post end-point we have to use???
aiakos.lab.fiware.org seems to be down, not responding to our requests. If we understand correctly, the other link above is only a mock service...
Best,
Sandor
| Assignee | Henar Muñoz [ henar ] | Budapest Node Helpdesk [ wigner ] |
Hi
The link of https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html is just for documentation (it is not a REST client) not for executing the request. You should use a POST request in a REST client with the headers and payload specified in the documentation. The token you need is the token for the user admin-budapest.
Regards,
Henar
| Assignee | Budapest Node Helpdesk [ wigner ] | Henar Muñoz [ henar ] |
Hi!
Yes, i used the documentation that is in the ticket. Is the admin-node that node from where i can manage our node? I created an ssh key and a gpg key for the user on the admin-node. It is correct?
Is the aiakos link not a REST client?
Regards,
Gergő
Hi
I think you are using the documentacion. YOu should use a REST client to do that. Firsly, you need a token from your admin-node account.
Regards,
Henar
Request
HEADERS
Content-Type:text/plain
X-Auth-Token:token-id
Accept:text/plain
Content-Length:1713
BODY
----BEGIN PGP PUBLIC KEY BLOCK----
Version: GnuPG v1
mQENBFaeK2ABCACtCUPek+yZWixQtRz+fTuQpG63E+1emzO+Pmq7zgEGR433jC8R
Sm6ZfYQ83TsTvc8mDHFrxO7VLpuGJRlkfogYX3CsSsUSX3eH3Ju0DduzLTY5t1V8
SwZnu999cc9gNWeI909GhSMmorrpGrAMqJXzJPoXkJ/g/hNbPETObBiNdmW1N02s
FTXGkNnbzxx64yFYEXRdI9gHrr4gGj529ea2GbAaJhI++hwxG9i7Spl/Qprb5C2R
7fbjFIrDuj41dDD47L53UqcZA3E2CR+HGEZ9wNbFmzrajCYy5lkOn/lMoFtKfvEu
3JEHalt6DDiwP7z6UXA+q8miArGZ39+PNDNtABEBAAG0KkZpd2FyZSBzdXBwb3J0
IDx4aWYtc3VwcG9ydEB3aWduZXIubXRhLmh1PokBOAQTAQIAIgUCVp4rYAIbAwYL
CQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQmgm8PUBVz9s0tQf8CuoDGHb5q6r8
4vJFwheO/8+AwVUS2NxDcgDeN8frJAY6Cmd8PWwq8Nmmd9ypotDqlSbwAYYHZAyB
hjiwQDqFElCEAX9EvqOV0082Ydzkbcq0D8hu/Od4vbIo6TkjD1PQCAXRQlYZBw+T
eGcVxK9plpIq33ydnkjEROqrT0cmwR2bW2kZCmS/eB9nGeof3jUAdAW4qAr9/bXg
DYQPD7qp7dbhcw6r2YLsMxVTHyQnkhyYaZynzkDW8JzYz0XqmN0JcI45bOBEONxR
8XvmWKGEerv+ENwfMBj0ftqyotQXK0vWGhw18LshGsQbecYcsAq/ZYwmRfuVUzVA
Y5mgtt/00bkBDQRWnitgAQgA0+XaS61gTkG+hctgHOqnadAzmUC/vW1hek371B/d
E6WVfG5M4uITM9IgSTzmnguXzV6A487D+msM2ihICqOgGHcQeBsK44WHXRfrhqGu
ihkbH/vdip+nGl+6cB29Est7tI7WmIVtQAB4cKpag9ygQDOnYrOE0FbOK5lyFq+9
9466PzXkPnHW5rTxNpVGE+2ly2hNhTw6TJKhk3oIIs9U5khSYOvj6JL9st3v/jEv
V31axBIOUHwSdW928R8Pif6giALUD2ZSYmbjofkuw+LViF+mD/X/4IYugQmhLZBb
IHE8hRwIRBh6STiUaltbeHurcxw3EOYRlmKAMqvahyVHSwARAQABiQEfBBgBAgAJ
BQJWnitgAhsMAAoJEJoJvD1AVc/bx9MIAKu7NDsy3yMbA4ch+xdVa3Nia7nB1MRB
k6OuWkr3uhrRR1HceQJtywn7AQ9dAvhq33N3UfATX4tEzdPypB5NDOu0ZG+YJ9BS
rtZ2QKD3BRvLudPgdN1owH0TPlpHMx46WkBuJuvokOVn9GNEHTacSCXA/+AgPkbo
yXVanuFdP4edkAD4Xwf0BXO/yU9JKztI/PzSi5jJlPdrpzifZgERgYXCrjrBzyXn
IY0GxTjSvmPgXPguqYmRANlFmaL0MacZtgEuVYcFKrvH+1Efs1fdP/Z6Mce/gZgT
0/YV3eDksneMfM9/AnBwJRpq37PFIQgUa/73DnzCCUjAbVsQnNxw04Y=
=PbTU
----END PGP PUBLIC KEY BLOCK----
201 is ok. Could you send me the requests you did?
Henar
Ok, I do not get 200 answer. I got 201 (Created). Do i somthing wrong? I generate the ssh key, and the pgp. I compied it to the aiakos body part and 'call resource'. It is correct?
Gergő
| Resolution | Done [ 10000 ] | |
| Status | Closed [ 6 ] | In Progress [ 3 ] |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
Hi
Are you sure you received a 200 response? I cannot see your keys in the server. Could you write the obtained response?
Henar
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
I sended the public ssh key and the public.gpg file on the aiakos server.
Gergő
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Field | Original Value | New Value |
|---|---|---|
| Component/s | FIWARE-LAB-HELP [ 10279 ] |
It is worked with 'curl' command, and keys are in the server.