Details
-
Type:
extRequest
-
Status: Closed
-
Priority:
Major
-
Resolution: Done
-
Fix Version/s: 2021
-
Component/s: FIWARE-LAB-HELP
-
Labels:None
-
HD-Node:Lannion
Description
The region staff team are responsible of the virtual machines instantiated on their servers. Therefore each region staff should have the control of who access the virtual machines for support purposes and set and enforce the corresponding policy. It is not possible if the public keys are shared among all the regions. Additionally, it is also extremely insecure and a problem when a region leaves the federation.
A new service, called aiakos and deployed aiakos.lab.fiware.org, has been deployed in FIWARE Lab to manage support region ssh and gpg keys, in the endpoint http://aiakos.lab.fiware.org:3000
As region administrator, you should create your ssh, and gpg keys and upload it into the aikos service (you can obtain information about how create your keys in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#generating-a-ssh-key).
To upload your keys into the aiakos service, you should use just a POST operation. You can have documentation about this operation in https://jsapi.apiary.io/apis/fiwareaiakos/reference/aiakos-v1/add-key/post-key.html
You can find information about why ssh and gpg keys are needed in https://github.com/telefonicaid/fiware-aiakos/blob/develop/doc/README.rst#why-a-ssh-key-and-a-gpg-key-are-needed
Issue Links
- clones
-
HELP-5690
FIWARE.Request.Lab.Lannion.Adding Region Support Keys
-
- Closed
-
Activity
| Transition | Time In Source Status | Execution Times | Last Executer | Last Execution Date | |||||
|---|---|---|---|---|---|---|---|---|---|
|
6d 23h 30m | 1 | Lannion Node Helpdesk | 19/Jul/16 10:02 AM | |||||
|
43d 8h 1m | 1 | Lannion Node Helpdesk | 08/Sep/16 4:55 PM | |||||
|
12d 22h 13m | 2 | Lannion Node Helpdesk | 13/Sep/16 4:17 PM | |||||
|
4s | 2 | Lannion Node Helpdesk | 13/Sep/16 4:17 PM |
| Fix Version/s | 2021 [ 12600 ] |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
Hi
I think now it is working.
Could you try it?
Thanks,
Henar
Yes ... I think, i made this work 2 months ago ... i'll try it again.
ok?
did you upload the key previously??
curl --url http://aiakos.lab.fiware.org:3000/v1/support/lannion3/sshkey --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: 18d9688b01e84ab09025ee7cddf6e24f'
The request is empty.
Could do the request with http://aiakos.lab.fiware.org:3000/v1/support/lannion3/gpgkey ?? Specifying lannion3 instead of lannion??
Hi Henar,
I added the ssh and gpg keys on Aiakos service. I verified them using the curls command, and they are present.
- curl --url http://aiakos.lab.fiware.org:3000/v1/support/lannion/gpgkey --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: token'
- curl --url http://aiakos.lab.fiware.org:3000/v1/support/lannion/gpgkey --header 'accept: text/plain' --header 'content-type: text/plain' --header 'X-Auth-Token: token'
The probem is that i have 2 nodes Lannion2 and 3 that are using the same keys. It is something to configure on Aiakos service for this? Or maybe on my side?
I saw that we have only a link http://aiakos.lab.fiware.org:3000/v1/support/*lannion*/gpgkey
Thank you in advance.
BR,
Cristian
Hi
You can add the key yourself.
regards,
Henar
Hi Henar,
Can you ask Keyrock people to add support keys in aiakos service for Lannion3 node?
BR,
Cristian
| Assignee | Alvaro Alonso [ aalonsog ] | Henar Muñoz [ henar ] |
| Resolution | Done [ 10000 ] | |
| Status | Closed [ 6 ] | In Progress [ 3 ] |
| Summary | FIWARE.Request.Lab.Lannion3.Adding Region Support Keys | FIWARE.Request.Lab.Lannion.Lannion3.Adding Region Support Keys |
| Resolution | Done [ 10000 ] | |
| Status | Answered [ 10104 ] | Closed [ 6 ] |
| Status | In Progress [ 3 ] | Answered [ 10104 ] |
| Status | Open [ 1 ] | In Progress [ 3 ] |
| Assignee | Henar Muñoz [ henar ] | Alvaro Alonso [ aalonsog ] |
Hi
Sorry. The keyrock people should create the endpoints. I think they are on holidays right now.
Regards,
Henar
| Assignee | Pietropaolo Alfonso [ alfopietro ] | Henar Muñoz [ henar ] |
Hi,
We didn't received any reponse from Henar.
BR,
Cristian
| Assignee | Henar Muñoz [ henar ] | Pietropaolo Alfonso [ alfopietro ] |
Hi Henar,
For the new node Lannion3 we need to add also the region support keys in the aiakos service?
From what I saw the aiakos endpoint is not available for Lannion3.
"WARNING: aiakos has no endpoint in Lannion3!"
BR,
Cristian
| Assignee | Lannion Node Helpdesk [ lannionsupportteam ] | Henar Muñoz [ henar ] |
Hi Henar,
Yes now it works ... what was the problem? Just to know for the future.
Thanks,
Cristian