Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
HD-Node:Poznan
Description
The region staff team are responsible of the virtual machines instantiated on their servers. Therefore each region staff should have the control of who access the virtual machines for support purposes and set and enforce the corresponding policy. It is not possible if the public keys are shared among all the regions. Additionally, it is also extremely insecure and a problem when a region leaves the federation.
A new service, called aiakos and deployed aiakos.lab.fiware.org, has been deployed in FIWARE Lab to manage support region ssh and gpg keys.
As region administrator, you should create your ssh, and gpg keys and upload it into the aikos service (you can obtain information about how create your keys in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#generating-a-ssh-key).
To upload your keys into the aiakos service, you should use just a POST operation
POST: https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html
You can find information about why ssh and gpg keys are needed in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#why-a-ssh-key-and-a-gpg-key-are-needed
Activity
Hi,
You are using "-data-binary". Please use "-d" or "-data", because you are using "Content-Type: text/plain" and you can't use binary in the body.
curl --include --request POST --header "Content-Type: text/plain" --header "X-Auth-Token: xxxxxxxxx" --header "Accept: text/plain" -d "ssh-rss xxxxxxxxxxxxx root@node-1" http://aiakos.lab.fiware.org:3000/v1/support
I tried to upload ssh key using comand
curl --include --request POST --header "Content-Type: text/plain" --header "X-Auth-Token: 7ae4c00f116b49cf9b55fb7ee8fc3726" --header "Accept: text/plain" --data-binary "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDM8/dxZvt4lPGhXJQ6j+k1J1N6HMxH7jyRNHLXKU7nTD+aWOcZXYy80P/BxeVido/HXOBgQsMrgeBXLzQHFfejYxswB0zII2dWR+JeQeTdWOrJLVnJEqDpvi7mKivTXgw2sIivdWKiMCvpCKqEyVMuxSrBFYHbZCy6XH4ErQ/1aYxZl5gm9jGfcM9eCpk9q0dxnq5FUsQ0mQ0rwP0pIxlZOctXTsSn9A2EZCVnRtBEaQ3dM7bL+36VHj8JXE2cvyX6DsN3hzupez/LKav0XAN51A/2kO8iKBKtDpUNzi2PCd25cGwEWyltFZVcQFkoa/PLRlup3XQ4ie5A26lMyyZT root@node-1" http://aiakos.lab.fiware.org:3000/v1/support/
But still shows "Not acceptable"
Hi
You can have a look at the API documentation https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1, and you can see that you need specified the Accept and Content-Type header to text/plain
In addition, I can see you have only uploaded the gpgkey, no the sshkey
Regards,
Henar
The upload was successful
HTTP/1.1 201 Created
X-Powered-By: Express
Content-Type: text/plain; charset=utf-8
Content-Length: 1739
Date: Tue, 02 Feb 2016 15:59:39 GMT
Connection: keep-alive
But http://aiakos.lab.fiware.org:3000/v1/support/Poznan/sshkey still shows "Not acceptable!"
You can obtain a token with the following command
curl -d '{"auth":{"passwordCredentials":
, "tenantName":"admin"}}' -H "Content-type: application/json" http://cloud.lab.fi-ware.org:4731/v2.0/tokens
no, I don't know what it should be looks like. Could you help?
The token-id should be the token for your admin region user. Are you using it?
Regards,
Henar
I did
gpg --armor --output public.gpg --export "Fiware support Poznan"
The file public gpg I included in curl:
- # curl -
include --request POST --header "Content-Type: text/plain" --header "X-Auth-Token: token-id" --header "Accept: text/plain" --data-binary "---BEGIN PGP PUBLIC KEY BLOCK----
Version: GnuPG v1.4.11 (GNU/Linux)
mQENBFave/sBCADb6N7LrfqOQ9U/YFy/CuIaRcUa8ycdvpCkVwIqrfhr052i11y3
6I7Ac6DKmUc9DG86RDXpH0x8wi5Vl5ux7K/eVi36oIbFewat+HLs/OlI8JsojMVu
FoGzvfKDjD8F/XjsCtWG/9GgjUQiGF5SYIiHH/o+WwB8fYK3+B0fN12qDOwC2CT8
icsb4RBnkh0Vg9PU8+LgHyyiYP7Duf95oKbW3ADoVoet6dY8O9fxtnvqXV/7JRHP
KDW2KQKYBd6Ltj373jl2oK6nN+sL4mqA6xgYHdO7PQNIimcUEjBvcbULCNFDdvN/
Vsn/jbeqER4InYl9qbOTBWEXYGbfwYOiMuXHABEBAAG0L0Zpd2FyZSBzdXBwb3J0
IFBvem5hbiA8eGlmaS1wc25jQG1hbi5wb3puYW4ucGw+iQE4BBMBAgAiBQJWr3v7
AhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRAQLOhs2sWkBlPnCACYAYkr
TwwjjtYJ8rf2NOqCaniZDQ7ZCG9djOu89EFhY18SJBwDUBEgYSEVPLONSFxUTOgy
ZTScAfedj6j93Y78DzYpSt/L24VkaQX8iVlLCTc/IE/+KJ5xQeibyB20QWn1n2kp
2NLVyM/gzC5GZ+DFax/PZR/ZcUwbWNRCTpA/sYTbTttiXwfW/7Y+qX4uis7i1BGx
AYA0PQc07WpT4lMlSfUEQHA2Oa/IWEi5lPqB0GaVCQiCCLluG/9IOGlip/Y5AVe0
odZW+nV7C5LxX3o3EWKW5Exqfe5MxrA9q8LrPQr+0bo/ZBtNf6R3hBge9K5uTH+z
7EwDNOUWt1RqkpZhuQENBFave/sBCADg7sM1j/o5DrNVu+YlVtRpcJuftm1+EllS
tShiCSVnu9QCSegJwgozn1F1K56vavQCmS5RCWb46Ow5TaR5fUV8vx2+xZdCaVMJ
w1mrLwQzYr20NCfwPX+kEyRAofN6YMzWqYNSfc6eO/k0p5idqwU2WBlepVV+9fZF
OTxzlLHmEk8vx56c+9JzhE04Id5TmN6q87Zd54H4hplZBIt/UaKrIy8R10qTw+7Z
lGH0ppiD4iK3hqMcHn24EqKNbHyb93Zv089QG5cGxu/k8ra2rD+1F9G1FGC8TmRx
+L01Gmdpzu/CwcdQr/YkBUPJdWl8bBv/wUb3zGGwy3mhpbiH6TCBABEBAAGJAR8E
GAECAAkFAlave/sCGwwACgkQECzobNrFpAaZ6gf/UFL9RnXMJp22VwRIhQUBIdIW
RnIKFDUr+FcHHNvsu5MbWmSEx6/Ug0m5P7tMnrhaB2/AMO7ZPNn/REQ1xGPz1J7B
5Q9z+aRkShQExe4EdJTgWAiMCY2Ai3mJLPSv+VSSAkBS31M2TbLW2n4OMiaeroqj
jpid2w4XUZ/eueO1ULXgFC7gMKbdr5H/HX9yi/p40i7DUaWYNR3pXNhkYqs5VuCo
tmK3/bqPityNnNX0ETyxD53wxFJ8mJGW/KA6PvPyp2+vymtxndjVBpC/Lmfy8aF4
aZf0RrEbEY12qOah93xXjEUieq8FUunP6fnjtZ72OzOrdFYBEJp1pscZd6xHXw==
=o2+E
----END PGP PUBLIC KEY BLOCK----
" 'http://aiakos.lab.fiware.org:3000/v1/support/'
Error:
HTTP/1.1 401 Unauthorized
The endpoint for the POST request is http://aiakos.lab.fiware.org:3000/v1/support/
REgards,
Henar
To check that your key is uploaded, you can do a GET request:
http://aiakos.lab.fiware.org:3000/v1/support/
/sshkey
Tell us if you have any problem.
Hi
I tried to send using https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html?console=1. So it seems I did it wrong. Could you send me some instruction or curl example?
Hi
I cannot see your keys in the server. Could you send me the request you did?
Regards,
Henar
Done
Executed:
curl --include --request POST --header "Content-Type: text/plain" --header "X-Auth-Token: xxx" --header "Accept: text/plain" -d "ssh-rsa xxxxx" http://aiakos.lab.fiware.org:3000/v1/support