[one-users] REST EC2
Charles Rodamilans
charlesrodamilans at gmail.com
Fri Apr 20 15:31:48 PDT 2012
Hi,
now I tried to configure ec2 and ssl, but econe tools don't work. I am
using apache 2 and centos 6.
[oneadmin at lahpc_cloud_server ~]$ oneuser show
USER 0 INFORMATION
ID : 0
NAME : oneadmin
GROUP : oneadmin
PASSWORD : 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
AUTH_DRIVER : core
ENABLED : Yes
USER TEMPLATE
[oneadmin at lahpc_cloud_server ~]$ econe-describe-images -U
https://localhost:8443 -K oneadmin -S
5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
econe-describe-images: Unexpected server error. response.body is:
<Response><Errors><Error><Code>AuthFailure</Code><Message>User not
authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
Opennebula and apache setup :
[oneadmin at lahpc_cloud_server ~]$ vim /etc/one/econe.conf
:server: 127.0.0.1
:port: 4567
:ssl_server: localhost
[root at lahpc_cloud_server ~]# vim /etc/httpd/conf.d/ssl.conf
<VirtualHost _default_:8443>
# General setup for the virtual host, inherited from global configuration
DocumentRoot "/var/www/html"
ServerName localhost:8443
ProxyPass / http://127.0.0.1:4567
I tried replace localhost by IP, but I have not succeeded. Any helps?
Thanks,
Charles Rodamilans
Em 20 de abril de 2012 10:50, Charles Rodamilans <
charlesrodamilans at gmail.com> escreveu:
> Hi Daniel,
>
> it was the problem. Thanks for help.
>
> Charles Rodamilans
>
> Em 19 de abril de 2012 11:08, Daniel Molina <dmolina at opennebula.org>escreveu:
>
>> Hi Charles,
>>
>>
>> Are you using the plain password for the awsSecretKey? If so, use the
>> sha1 hashed version instead. You can retrieve it from the oneuser show
>> output.
>>
>> Hope this helps
>>
>> On 19 April 2012 13:54, Charles Rodamilans <charlesrodamilans at gmail.com>
>> wrote:
>> > Yes. I encode the password in String url = signed.sign(params);
>> >
>> > You can see &Signature parameter in url.
>> >
>> > Em 17 de abril de 2012 12:53, Olivier Sallou <olivier.sallou at irisa.fr>
>> > escreveu:
>> >
>> >> Did you encode the password in the url?
>> >>
>> >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
>> >>
>> >> Hi,
>> >>
>> >> i tried to use ec2 interface with opennebula 3.2, but I have problem.
>> >>
>> >> Ec2 tools work well.
>> >>
>> >> [oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
>> >> oneadmin i-74 running 192.168.0.22
>> small
>> >>
>> >> oneadmin i-75 running 192.168.0.20
>> small
>> >>
>> >> oneadmin i-76 running 192.168.0.21
>> small
>> >>
>> >>
>> >>
>> >> I use the java code, bellow, to generate url. It works well in amazon
>> ec2
>> >> (ec2.amazonaws.com), but is not working in opennebula.
>> >>
>> >> [oneadmin at lahpc_cloud_server ~]$ curl
>> >> "
>> http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D
>> "
>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> >>
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>> >>
>> >>
>> >>
>> >> I tried with others users (serveradmin and clouduser), but problem is
>> the
>> >> same.
>> >>
>> >>
>> >>
>> >> [oneadmin at lahpc_cloud_server ~]$ oneuser list
>> >> ID GROUP NAME AUTH
>> >> PASSWORD
>> >> 0 oneadmin oneadmin core
>> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>> >> 1 oneadmin serveradmin server_c
>> >> 96b438cf52a49348d0fbe773ff2c119bb4707994
>> >> 22 ec2 clouduser public
>> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>> >>
>> >> [oneadmin at lahpc_cloud_server ~]$ curl
>> >> "
>> http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D
>> "
>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> >>
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>> >>
>> >> [oneadmin at lahpc_cloud_server ~]$ curl
>> >> "
>> http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D
>> "
>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>> >>
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>> >>
>> >>
>> >> What is the problem? Any suggestion?
>> >>
>> >> Thanks,
>> >>
>> >> Charles Rodamilans
>> >>
>> >>
>> >>
>> >> import java.util.Map;
>> >>
>> >>
>> >> import org.junit.Test;
>> >>
>> >>
>> >> public class SignedRequestsTest {
>> >>
>> >>
>> >> @Test
>> >>
>> >> public void signed() {
>> >>
>> >> SignedRequests signed = new SignedRequests( "oneadmin", "password");
>> >>
>> >> // SignedRequests signed = new SignedRequests( "serveradmin",
>> "password");
>> >>
>> >> // SignedRequests signed = new SignedRequests( "clouduser",
>> "password");
>> >>
>> >>
>> >> Map<String, String> params = new java.util.HashMap<String, String>();
>> >>
>> >> params.put("Action", "DescribeInstances");
>> >>
>> >> params.put("SignatureMethod", "HmacSHA256");
>> >>
>> >> params.put("SignatureVersion", "2");
>> >>
>> >> params.put("Version", "2010-06-15");
>> >>
>> >> String url = signed.sign(params);
>> >>
>> >> System.out.println(url);
>> >>
>> >> }
>> >>
>> >> }
>> >>
>> >>
>> >>
>> >>
>> >>
>> >> /*
>> >>
>> >> * Code Reference
>> >>
>> >>
>> >> *
>> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
>> >>
>> >> */
>> >>
>> >>
>> >> import java.io.UnsupportedEncodingException;
>> >>
>> >> import java.net.URLEncoder;
>> >>
>> >> import java.security.InvalidKeyException;
>> >>
>> >> import java.security.NoSuchAlgorithmException;
>> >>
>> >> import java.text.DateFormat;
>> >>
>> >> import java.text.SimpleDateFormat;
>> >>
>> >> import java.util.Calendar;
>> >>
>> >> import java.util.Iterator;
>> >>
>> >> import java.util.Map;
>> >>
>> >> import java.util.SortedMap;
>> >>
>> >> import java.util.TimeZone;
>> >>
>> >> import java.util.TreeMap;
>> >>
>> >>
>> >> import javax.crypto.Mac;
>> >>
>> >> import javax.crypto.spec.SecretKeySpec;
>> >>
>> >>
>> >> import org.apache.commons.codec.binary.Base64;
>> >>
>> >>
>> >> import com.lahpc.cloud.essential.HTTPVerb;
>> >>
>> >>
>> >> public class SignedRequests {
>> >>
>> >> private static final String UTF8_CHARSET = "UTF-8";
>> >>
>> >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
>> >>
>> >> private static final String REQUEST_URI = "/";
>> >>
>> >> /**
>> >>
>> >> * @uml.property name="requestMethod"
>> >>
>> >> * @uml.associationEnd multiplicity="(1 1)"
>> >>
>> >> */
>> >>
>> >> private HTTPVerb requestMethod = HTTPVerb.GET;
>> >>
>> >>
>> >>
>> >> /**
>> >>
>> >> * @uml.property name="endpoint"
>> >>
>> >> */
>> >>
>> >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase
>> >>
>> >> private String endpoint = "localhost:4567"; // must be lowercase
>> >>
>> >> /**
>> >>
>> >> * @uml.property name="awsAccessKeyId"
>> >>
>> >> */
>> >>
>> >> private String awsAccessKeyId;
>> >>
>> >> /**
>> >>
>> >> * @uml.property name="awsSecretKey"
>> >>
>> >> */
>> >>
>> >> private String awsSecretKey;
>> >>
>> >>
>> >> /**
>> >>
>> >> * @uml.property name="secretKeySpec"
>> >>
>> >> * @uml.associationEnd multiplicity="(1 1)"
>> >>
>> >> */
>> >>
>> >> private SecretKeySpec secretKeySpec = null;
>> >>
>> >> /**
>> >>
>> >> * @uml.property name="mac"
>> >>
>> >> * @uml.associationEnd multiplicity="(1 1)"
>> >>
>> >> */
>> >>
>> >> private Mac mac = null;
>> >>
>> >> public SignedRequests(String awsAccessKeyId, String awsSecretKey)
>> >>
>> >> {
>> >>
>> >> this.setAwsAccessKeyId(awsAccessKeyId);
>> >>
>> >> this.setAwsSecretKey(awsSecretKey);
>> >>
>> >> setDefault();
>> >>
>> >> }
>> >>
>> >>
>> >> private void setDefault() {
>> >>
>> >>
>> >> try
>> >>
>> >> {
>> >>
>> >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
>> >>
>> >> secretKeySpec =
>> >>
>> >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
>> >>
>> >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
>> >>
>> >> mac.init(secretKeySpec);
>> >>
>> >> } catch (UnsupportedEncodingException e) {
>> >>
>> >> e.printStackTrace();
>> >>
>> >> } catch (NoSuchAlgorithmException e) {
>> >>
>> >> e.printStackTrace();
>> >>
>> >> } catch (InvalidKeyException e) {
>> >>
>> >> e.printStackTrace();
>> >>
>> >> }
>> >>
>> >> }
>> >>
>> >>
>> >> public String sign(Map<String, String> params) {
>> >>
>> >> params.put("AWSAccessKeyId", awsAccessKeyId);
>> >>
>> >> params.put("Timestamp", timestamp());
>> >>
>> >>
>> >> SortedMap<String, String> sortedParamMap =
>> >>
>> >> new TreeMap<String, String>(params);
>> >>
>> >> String canonicalQS = canonicalize(sortedParamMap);
>> >>
>> >> String toSign =
>> >>
>> >> requestMethod.toString() + "\n"
>> >>
>> >> + endpoint + "\n"
>> >>
>> >> + REQUEST_URI + "\n"
>> >>
>> >> + canonicalQS;
>> >>
>> >>
>> >> String hmac = hmac(toSign);
>> >>
>> >> String sig = percentEncodeRfc3986(hmac);
>> >>
>> >> // String url = "https://" + endpoint + REQUEST_URI + "?" +
>> >>
>> >> // canonicalQS + "&Signature=" + sig;
>> >>
>> >> String url = "http://" + endpoint + REQUEST_URI + "?" +
>> >>
>> >> canonicalQS + "&Signature=" + sig;
>> >>
>> >>
>> >> return url;
>> >>
>> >> }
>> >>
>> >>
>> >> private String hmac(String stringToSign) {
>> >>
>> >> String signature = null;
>> >>
>> >> byte[] data;
>> >>
>> >> byte[] rawHmac;
>> >>
>> >> try {
>> >>
>> >> data = stringToSign.getBytes(UTF8_CHARSET);
>> >>
>> >> rawHmac = mac.doFinal(data);
>> >>
>> >> Base64 encoder = new Base64();
>> >>
>> >> signature = new String(encoder.encode(rawHmac));
>> >>
>> >> } catch (UnsupportedEncodingException e) {
>> >>
>> >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
>> >>
>> >> }
>> >>
>> >> return signature;
>> >>
>> >> }
>> >>
>> >>
>> >> private String timestamp() {
>> >>
>> >> String timestamp = null;
>> >>
>> >> Calendar cal = Calendar.getInstance();
>> >>
>> >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
>> >>
>> >> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
>> >>
>> >> timestamp = dfm.format(cal.getTime());
>> >>
>> >> return timestamp;
>> >>
>> >> }
>> >>
>> >>
>> >> private String canonicalize(SortedMap<String, String> sortedParamMap)
>> >>
>> >> {
>> >>
>> >> if (sortedParamMap.isEmpty()) {
>> >>
>> >> return "";
>> >>
>> >> }
>> >>
>> >>
>> >> StringBuffer buffer = new StringBuffer();
>> >>
>> >> Iterator<Map.Entry<String, String>> iter =
>> >>
>> >> sortedParamMap.entrySet().iterator();
>> >>
>> >>
>> >> while (iter.hasNext()) {
>> >>
>> >> Map.Entry<String, String> kvpair = iter.next();
>> >>
>> >> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
>> >>
>> >> buffer.append("=");
>> >>
>> >> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
>> >>
>> >> if (iter.hasNext()) {
>> >>
>> >> buffer.append("&");
>> >>
>> >> }
>> >>
>> >> }
>> >>
>> >> String cannoical = buffer.toString();
>> >>
>> >> return cannoical;
>> >>
>> >> }
>> >>
>> >>
>> >> private String percentEncodeRfc3986(String s) {
>> >>
>> >> String out;
>> >>
>> >> try {
>> >>
>> >> out = URLEncoder.encode(s, UTF8_CHARSET)
>> >>
>> >> .replace("+", "%20")
>> >>
>> >> .replace("*", "%2A")
>> >>
>> >> .replace("%7E", "~");
>> >>
>> >> } catch (UnsupportedEncodingException e) {
>> >>
>> >> out = s;
>> >>
>> >> }
>> >>
>> >> return out;
>> >>
>> >> }
>> >>
>> >>
>> >> /**
>> >>
>> >> * @param verb
>> >>
>> >> * @uml.property name="requestMethod"
>> >>
>> >> */
>> >>
>> >> public void setRequestMethod(HTTPVerb verb )
>> >>
>> >> {
>> >>
>> >> this.requestMethod = verb;
>> >>
>> >> }
>> >>
>> >>
>> >> /**
>> >>
>> >> * @return
>> >>
>> >> * @uml.property name="requestMethod"
>> >>
>> >> */
>> >>
>> >> public HTTPVerb getRequestMethod()
>> >>
>> >> {
>> >>
>> >> return requestMethod;
>> >>
>> >> }
>> >>
>> >>
>> >> /**
>> >>
>> >> * @param keyId
>> >>
>> >> * @uml.property name="awsAccessKeyId"
>> >>
>> >> */
>> >>
>> >> public void setAwsAccessKeyId(String keyId)
>> >>
>> >> {
>> >>
>> >> this.awsAccessKeyId = keyId;
>> >>
>> >> }
>> >>
>> >>
>> >> /**
>> >>
>> >> * @return
>> >>
>> >> * @uml.property name="awsAccessKeyId"
>> >>
>> >> */
>> >>
>> >> public String getAwsAccessKeyId()
>> >>
>> >> {
>> >>
>> >> return this.awsAccessKeyId;
>> >>
>> >> }
>> >>
>> >>
>> >> /**
>> >>
>> >> * @param secretKey
>> >>
>> >> * @uml.property name="awsSecretKey"
>> >>
>> >> */
>> >>
>> >> public void setAwsSecretKey (String secretKey)
>> >>
>> >> {
>> >>
>> >> this.awsSecretKey = secretKey;
>> >>
>> >> }
>> >>
>> >>
>> >> /**
>> >>
>> >> * @return
>> >>
>> >> * @uml.property name="awsSecretKey"
>> >>
>> >> */
>> >>
>> >> public String getAwsSecretKey ()
>> >>
>> >> {
>> >>
>> >> return this.awsSecretKey;
>> >>
>> >> }
>> >>
>> >>
>> >>
>> >> }
>> >>
>> >>
>> >>
>> >>
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.opennebula.org
>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>
>> >>
>> >> --
>> >> Olivier Sallou
>> >> IRISA / University of Rennes 1
>> >> Campus de Beaulieu, 35000 RENNES - FRANCE
>> >> Tel: 02.99.84.71.95
>> >>
>> >> gpg key id: 4096R/326D8438 (keyring.debian.org)
>> >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
>> >>
>> >>
>> >> _______________________________________________
>> >> Users mailing list
>> >> Users at lists.opennebula.org
>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >>
>> >
>> >
>> > _______________________________________________
>> > Users mailing list
>> > Users at lists.opennebula.org
>> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>> >
>>
>>
>>
>> --
>> Daniel Molina
>> Project Engineer
>> OpenNebula - The Open Source Solution for Data Center Virtualization
>> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opennebula.org/pipermail/users-opennebula.org/attachments/20120420/03b3070e/attachment-0003.htm>
More information about the Users
mailing list