Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
HD-Node:Lannion
Description
The region staff team are responsible of the virtual machines instantiated on their servers. Therefore each region staff should have the control of who access the virtual machines for support purposes and set and enforce the corresponding policy. It is not possible if the public keys are shared among all the regions. Additionally, it is also extremely insecure and a problem when a region leaves the federation.
A new service, called aiakos and deployed aiakos.lab.fiware.org, has been deployed in FIWARE Lab to manage support region ssh and gpg keys, in the endpoint http://aiakos.lab.fiware.org:3000
As region administrator, you should create your ssh, and gpg keys and upload it into the aikos service (you can obtain information about how create your keys in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#generating-a-ssh-key).
To upload your keys into the aiakos service, you should use just a POST operation. You can have documentation about this operation in https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html
You can find information about why ssh and gpg keys are needed in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#why-a-ssh-key-and-a-gpg-key-are-needed
Issue Links
Activity
Dear Henar,
I successfully created the ssh and gpg key.
Now I have a problem to upload them in the Aiakos service.
I tried to upload with a POST operation as following this example:
curl --request POST \
--url http://aiakos.lab.fiware.org:3000/v1/support/ \
--header 'accept: text/plain' \
--header 'content-type: text/plain' \
-data '---BEGIN PGP PUBLIC KEY BLOCK---\nVersion: GnuPG v1.4.11 (GNU/Linux)\n\nmQENBFawwG4BCADNFOwCWJOwOAoN2tGC2Gs5aMZSs5y7ZQzpQS5PZNRSbMQUEzF4\n -----END PGP PUBLIC KEY BLOCK----'
Can you help me concerning the upload problem?
It's the same way to upload the ssh and gpg key in aiakos service?
BR,
Cristian
----Message d'origine----
De : Henar Muñoz (JIRA) jira-help-desk@fi-ware.org
Envoyé : mardi 2 février 2016 11:05
À : support-lannion@imaginlab.fr
Objet : [FI-WARE-JIRA] (HELP-5690) Adding Region Support Keys
Henar Muñoz commented on HELP-5690:
-----------------------------------
To check that your key is uploaded, you can do a GET request:
http://aiakos.lab.fiware.org:3000/v1/support/
/sshkey
Tell us if you have any problem.
–
This message was sent by Atlassian JIRA
(v6.4.1#64016)
Hi
You can have a look at the following link, to upload a file with a POST request. For sshkey is the same.
Regards,
Henar
http://stackoverflow.com/questions/12667797/using-curl-to-upload-post-data-with-files
Dear Henar,
It is not the first time when I'm using curl commands.
I have problems concerning the URL that I need to use to complete this request.
Can you confirm the 2 URLs listed below for GPG and SSH keys?
http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey
http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/sshkey
Or I need to use for booth keys the url http://aiakos.lab.fiware.org:3000/v1/support/ and the Aiakos service will manage these keys?
By the way, I followed the instructions that I founded in your link:
https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html
Also I looked the link of Fiware Aiaokos:
https://github.com/telefonicaid/fiware-aiakos
BR,
Cristian
----Message d'origine----
De : Henar Muñoz (JIRA) jira-help-desk@fi-ware.org
Envoyé : mercredi 3 février 2016 10:03
À : support-lannion@imaginlab.fr
Objet : [FI-WARE-JIRA] (HELP-5690) Adding Region Support Keys
Henar Muñoz commented on HELP-5690:
-----------------------------------
Hi
You can have a look at the following link, to upload a file with a POST request. For sshkey is the same.
Regards,
Henar
http://stackoverflow.com/questions/12667797/using-curl-to-upload-post-data-with-files
–
This message was sent by Atlassian JIRA
(v6.4.1#64016)
Hi
The endpoint for the POST request is http://aiakos.lab.fiware.org:3000/v1/support not (http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey).
Regards,
Henar
Dear Henar,
I have a question concerning the implementation of the ssh and GPG keys in cloud portal.
I successfully uploaded these keys in aiakos service.
When I launch an instance I don't see these keys in 5.Summary, the fields are empty (and they are not uploaded in any instance).
- FIWARE Support
fiware-support:
sshkey:
gpgkey: |
I tested on the Spain node and there these keys are present.
I need to do something extra settings?
BR,
Cristian
----Message d'origine----
De : Henar Muñoz (JIRA) jira-help-desk@fi-ware.org
Envoyé : mercredi 3 février 2016 10:59
À : support-lannion@imaginlab.fr
Objet : [FI-WARE-JIRA] (HELP-5690) Adding Region Support Keys
Henar Muñoz commented on HELP-5690:
-----------------------------------
Hi
The endpoint for the POST request is http://aiakos.lab.fiware.org:3000/v1/support not (http://aiakos.lab.fiware.org:3000/v1/support/Lannion2/gpgkey).
Regards,
Henar
–
This message was sent by Atlassian JIRA
(v6.4.1#64016)
Hi
The keys are stored and it is possible to access to it by a GET request.
We are having a look both in aikos server and in the portal.
Regards,
Henar
Dear Henar,
I have the impression that we are speaking of two different things.
As I said I successfully uploaded the keys ... I verified also if they are present in the aiakos service.
The problem is that on our node when we launching an instance the fields are empty:
sshkey:
gpgkey:
As I said also I checked on the Spain2 node and there these keys are present.
We need something to do for this?
BR,
Cristian
Now it works.
I think something was made on your side. We have not changed anyhing.
BR,
Cristian
To check that your key is uploaded, you can do a GET request:
{yourregion}http://aiakos.lab.fiware.org:3000/v1/support/
/sshkey
Tell us if you have any problem.