[one-users] REST EC2
Daniel Molina
dmolina at opennebula.org
Mon Apr 23 05:44:40 PDT 2012
Hi Charles,
On 20 April 2012 22:31, Charles Rodamilans <charlesrodamilans at gmail.com> wrote:
> Hi,
>
> now I tried to configure ec2 and ssl, but econe tools don't work. I am
> using apache 2 and centos 6.
>
> [oneadmin at lahpc_cloud_server ~]$ oneuser show
> USER 0 INFORMATION
>
> ID : 0
> NAME : oneadmin
> GROUP : oneadmin
> PASSWORD : 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> AUTH_DRIVER : core
> ENABLED : Yes
>
> USER TEMPLATE
>
>
>
> [oneadmin at lahpc_cloud_server ~]$ econe-describe-images -U
> https://localhost:8443 -K oneadmin -S
> 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8
> econe-describe-images: Unexpected server error. response.body is:
> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>
>
> Opennebula and apache setup :
>
> [oneadmin at lahpc_cloud_server ~]$ vim /etc/one/econe.conf
> :server: 127.0.0.1
> :port: 4567
> :ssl_server: localhost
>
>
> [root at lahpc_cloud_server ~]# vim /etc/httpd/conf.d/ssl.conf
>
> <VirtualHost _default_:8443>
>
> # General setup for the virtual host, inherited from global configuration
> DocumentRoot "/var/www/html"
> ServerName localhost:8443
>
> ProxyPass / http://127.0.0.1:4567
>
>
> I tried replace localhost by IP, but I have not succeeded. Any helps?
I think the problem is you are using the port 8443 instead of the
default one. Please, try changing the the :ssl_server parameter to
"localhost:8443" instead of "localhost", otherwise the signature will
be generated using the default 443 port.
Cheers
>
>
> Thanks,
>
> Charles Rodamilans
>
>
> Em 20 de abril de 2012 10:50, Charles Rodamilans
> <charlesrodamilans at gmail.com> escreveu:
>
>> Hi Daniel,
>>
>> it was the problem. Thanks for help.
>>
>> Charles Rodamilans
>>
>> Em 19 de abril de 2012 11:08, Daniel Molina <dmolina at opennebula.org>
>> escreveu:
>>>
>>> Hi Charles,
>>>
>>>
>>> Are you using the plain password for the awsSecretKey? If so, use the
>>> sha1 hashed version instead. You can retrieve it from the oneuser show
>>> output.
>>>
>>> Hope this helps
>>>
>>> On 19 April 2012 13:54, Charles Rodamilans <charlesrodamilans at gmail.com>
>>> wrote:
>>> > Yes. I encode the password in String url = signed.sign(params);
>>> >
>>> > You can see &Signature parameter in url.
>>> >
>>> > Em 17 de abril de 2012 12:53, Olivier Sallou <olivier.sallou at irisa.fr>
>>> > escreveu:
>>> >
>>> >> Did you encode the password in the url?
>>> >>
>>> >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :
>>> >>
>>> >> Hi,
>>> >>
>>> >> i tried to use ec2 interface with opennebula 3.2, but I have problem.
>>> >>
>>> >> Ec2 tools work well.
>>> >>
>>> >> [oneadmin at lahpc_cloud_server ~]$ econe-describe-instances
>>> >> oneadmin i-74 running 192.168.0.22
>>> >> small
>>> >>
>>> >> oneadmin i-75 running 192.168.0.20
>>> >> small
>>> >>
>>> >> oneadmin i-76 running 192.168.0.21
>>> >> small
>>> >>
>>> >>
>>> >>
>>> >> I use the java code, bellow, to generate url. It works well in amazon
>>> >> ec2
>>> >> (ec2.amazonaws.com), but is not working in opennebula.
>>> >>
>>> >> [oneadmin at lahpc_cloud_server ~]$ curl
>>> >>
>>> >> "http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D"
>>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>>> >>
>>> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>> >>
>>> >>
>>> >>
>>> >> I tried with others users (serveradmin and clouduser), but problem is
>>> >> the
>>> >> same.
>>> >>
>>> >>
>>> >>
>>> >> [oneadmin at lahpc_cloud_server ~]$ oneuser list
>>> >> ID GROUP NAME AUTH
>>> >> PASSWORD
>>> >> 0 oneadmin oneadmin core
>>> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>>> >> 1 oneadmin serveradmin server_c
>>> >> 96b438cf52a49348d0fbe773ff2c119bb4707994
>>> >> 22 ec2 clouduser public
>>> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f
>>> >>
>>> >> [oneadmin at lahpc_cloud_server ~]$ curl
>>> >>
>>> >> "http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D"
>>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>>> >>
>>> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>> >>
>>> >> [oneadmin at lahpc_cloud_server ~]$ curl
>>> >>
>>> >> "http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D"
>>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not
>>> >>
>>> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response>
>>> >>
>>> >>
>>> >> What is the problem? Any suggestion?
>>> >>
>>> >> Thanks,
>>> >>
>>> >> Charles Rodamilans
>>> >>
>>> >>
>>> >>
>>> >> import java.util.Map;
>>> >>
>>> >>
>>> >> import org.junit.Test;
>>> >>
>>> >>
>>> >> public class SignedRequestsTest {
>>> >>
>>> >>
>>> >> @Test
>>> >>
>>> >> public void signed() {
>>> >>
>>> >> SignedRequests signed = new SignedRequests( "oneadmin", "password");
>>> >>
>>> >> // SignedRequests signed = new SignedRequests( "serveradmin",
>>> >> "password");
>>> >>
>>> >> // SignedRequests signed = new SignedRequests( "clouduser",
>>> >> "password");
>>> >>
>>> >>
>>> >> Map<String, String> params = new java.util.HashMap<String, String>();
>>> >>
>>> >> params.put("Action", "DescribeInstances");
>>> >>
>>> >> params.put("SignatureMethod", "HmacSHA256");
>>> >>
>>> >> params.put("SignatureVersion", "2");
>>> >>
>>> >> params.put("Version", "2010-06-15");
>>> >>
>>> >> String url = signed.sign(params);
>>> >>
>>> >> System.out.println(url);
>>> >>
>>> >> }
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> /*
>>> >>
>>> >> * Code Reference
>>> >>
>>> >>
>>> >>
>>> >> * http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html
>>> >>
>>> >> */
>>> >>
>>> >>
>>> >> import java.io.UnsupportedEncodingException;
>>> >>
>>> >> import java.net.URLEncoder;
>>> >>
>>> >> import java.security.InvalidKeyException;
>>> >>
>>> >> import java.security.NoSuchAlgorithmException;
>>> >>
>>> >> import java.text.DateFormat;
>>> >>
>>> >> import java.text.SimpleDateFormat;
>>> >>
>>> >> import java.util.Calendar;
>>> >>
>>> >> import java.util.Iterator;
>>> >>
>>> >> import java.util.Map;
>>> >>
>>> >> import java.util.SortedMap;
>>> >>
>>> >> import java.util.TimeZone;
>>> >>
>>> >> import java.util.TreeMap;
>>> >>
>>> >>
>>> >> import javax.crypto.Mac;
>>> >>
>>> >> import javax.crypto.spec.SecretKeySpec;
>>> >>
>>> >>
>>> >> import org.apache.commons.codec.binary.Base64;
>>> >>
>>> >>
>>> >> import com.lahpc.cloud.essential.HTTPVerb;
>>> >>
>>> >>
>>> >> public class SignedRequests {
>>> >>
>>> >> private static final String UTF8_CHARSET = "UTF-8";
>>> >>
>>> >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";
>>> >>
>>> >> private static final String REQUEST_URI = "/";
>>> >>
>>> >> /**
>>> >>
>>> >> * @uml.property name="requestMethod"
>>> >>
>>> >> * @uml.associationEnd multiplicity="(1 1)"
>>> >>
>>> >> */
>>> >>
>>> >> private HTTPVerb requestMethod = HTTPVerb.GET;
>>> >>
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @uml.property name="endpoint"
>>> >>
>>> >> */
>>> >>
>>> >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase
>>> >>
>>> >> private String endpoint = "localhost:4567"; // must be lowercase
>>> >>
>>> >> /**
>>> >>
>>> >> * @uml.property name="awsAccessKeyId"
>>> >>
>>> >> */
>>> >>
>>> >> private String awsAccessKeyId;
>>> >>
>>> >> /**
>>> >>
>>> >> * @uml.property name="awsSecretKey"
>>> >>
>>> >> */
>>> >>
>>> >> private String awsSecretKey;
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @uml.property name="secretKeySpec"
>>> >>
>>> >> * @uml.associationEnd multiplicity="(1 1)"
>>> >>
>>> >> */
>>> >>
>>> >> private SecretKeySpec secretKeySpec = null;
>>> >>
>>> >> /**
>>> >>
>>> >> * @uml.property name="mac"
>>> >>
>>> >> * @uml.associationEnd multiplicity="(1 1)"
>>> >>
>>> >> */
>>> >>
>>> >> private Mac mac = null;
>>> >>
>>> >> public SignedRequests(String awsAccessKeyId, String awsSecretKey)
>>> >>
>>> >> {
>>> >>
>>> >> this.setAwsAccessKeyId(awsAccessKeyId);
>>> >>
>>> >> this.setAwsSecretKey(awsSecretKey);
>>> >>
>>> >> setDefault();
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> private void setDefault() {
>>> >>
>>> >>
>>> >> try
>>> >>
>>> >> {
>>> >>
>>> >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);
>>> >>
>>> >> secretKeySpec =
>>> >>
>>> >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);
>>> >>
>>> >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);
>>> >>
>>> >> mac.init(secretKeySpec);
>>> >>
>>> >> } catch (UnsupportedEncodingException e) {
>>> >>
>>> >> e.printStackTrace();
>>> >>
>>> >> } catch (NoSuchAlgorithmException e) {
>>> >>
>>> >> e.printStackTrace();
>>> >>
>>> >> } catch (InvalidKeyException e) {
>>> >>
>>> >> e.printStackTrace();
>>> >>
>>> >> }
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> public String sign(Map<String, String> params) {
>>> >>
>>> >> params.put("AWSAccessKeyId", awsAccessKeyId);
>>> >>
>>> >> params.put("Timestamp", timestamp());
>>> >>
>>> >>
>>> >> SortedMap<String, String> sortedParamMap =
>>> >>
>>> >> new TreeMap<String, String>(params);
>>> >>
>>> >> String canonicalQS = canonicalize(sortedParamMap);
>>> >>
>>> >> String toSign =
>>> >>
>>> >> requestMethod.toString() + "\n"
>>> >>
>>> >> + endpoint + "\n"
>>> >>
>>> >> + REQUEST_URI + "\n"
>>> >>
>>> >> + canonicalQS;
>>> >>
>>> >>
>>> >> String hmac = hmac(toSign);
>>> >>
>>> >> String sig = percentEncodeRfc3986(hmac);
>>> >>
>>> >> // String url = "https://" + endpoint + REQUEST_URI + "?" +
>>> >>
>>> >> // canonicalQS + "&Signature=" + sig;
>>> >>
>>> >> String url = "http://" + endpoint + REQUEST_URI + "?" +
>>> >>
>>> >> canonicalQS + "&Signature=" + sig;
>>> >>
>>> >>
>>> >> return url;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> private String hmac(String stringToSign) {
>>> >>
>>> >> String signature = null;
>>> >>
>>> >> byte[] data;
>>> >>
>>> >> byte[] rawHmac;
>>> >>
>>> >> try {
>>> >>
>>> >> data = stringToSign.getBytes(UTF8_CHARSET);
>>> >>
>>> >> rawHmac = mac.doFinal(data);
>>> >>
>>> >> Base64 encoder = new Base64();
>>> >>
>>> >> signature = new String(encoder.encode(rawHmac));
>>> >>
>>> >> } catch (UnsupportedEncodingException e) {
>>> >>
>>> >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);
>>> >>
>>> >> }
>>> >>
>>> >> return signature;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> private String timestamp() {
>>> >>
>>> >> String timestamp = null;
>>> >>
>>> >> Calendar cal = Calendar.getInstance();
>>> >>
>>> >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
>>> >>
>>> >> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));
>>> >>
>>> >> timestamp = dfm.format(cal.getTime());
>>> >>
>>> >> return timestamp;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> private String canonicalize(SortedMap<String, String> sortedParamMap)
>>> >>
>>> >> {
>>> >>
>>> >> if (sortedParamMap.isEmpty()) {
>>> >>
>>> >> return "";
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> StringBuffer buffer = new StringBuffer();
>>> >>
>>> >> Iterator<Map.Entry<String, String>> iter =
>>> >>
>>> >> sortedParamMap.entrySet().iterator();
>>> >>
>>> >>
>>> >> while (iter.hasNext()) {
>>> >>
>>> >> Map.Entry<String, String> kvpair = iter.next();
>>> >>
>>> >> buffer.append(percentEncodeRfc3986(kvpair.getKey()));
>>> >>
>>> >> buffer.append("=");
>>> >>
>>> >> buffer.append(percentEncodeRfc3986(kvpair.getValue()));
>>> >>
>>> >> if (iter.hasNext()) {
>>> >>
>>> >> buffer.append("&");
>>> >>
>>> >> }
>>> >>
>>> >> }
>>> >>
>>> >> String cannoical = buffer.toString();
>>> >>
>>> >> return cannoical;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> private String percentEncodeRfc3986(String s) {
>>> >>
>>> >> String out;
>>> >>
>>> >> try {
>>> >>
>>> >> out = URLEncoder.encode(s, UTF8_CHARSET)
>>> >>
>>> >> .replace("+", "%20")
>>> >>
>>> >> .replace("*", "%2A")
>>> >>
>>> >> .replace("%7E", "~");
>>> >>
>>> >> } catch (UnsupportedEncodingException e) {
>>> >>
>>> >> out = s;
>>> >>
>>> >> }
>>> >>
>>> >> return out;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @param verb
>>> >>
>>> >> * @uml.property name="requestMethod"
>>> >>
>>> >> */
>>> >>
>>> >> public void setRequestMethod(HTTPVerb verb )
>>> >>
>>> >> {
>>> >>
>>> >> this.requestMethod = verb;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @return
>>> >>
>>> >> * @uml.property name="requestMethod"
>>> >>
>>> >> */
>>> >>
>>> >> public HTTPVerb getRequestMethod()
>>> >>
>>> >> {
>>> >>
>>> >> return requestMethod;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @param keyId
>>> >>
>>> >> * @uml.property name="awsAccessKeyId"
>>> >>
>>> >> */
>>> >>
>>> >> public void setAwsAccessKeyId(String keyId)
>>> >>
>>> >> {
>>> >>
>>> >> this.awsAccessKeyId = keyId;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @return
>>> >>
>>> >> * @uml.property name="awsAccessKeyId"
>>> >>
>>> >> */
>>> >>
>>> >> public String getAwsAccessKeyId()
>>> >>
>>> >> {
>>> >>
>>> >> return this.awsAccessKeyId;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @param secretKey
>>> >>
>>> >> * @uml.property name="awsSecretKey"
>>> >>
>>> >> */
>>> >>
>>> >> public void setAwsSecretKey (String secretKey)
>>> >>
>>> >> {
>>> >>
>>> >> this.awsSecretKey = secretKey;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >> /**
>>> >>
>>> >> * @return
>>> >>
>>> >> * @uml.property name="awsSecretKey"
>>> >>
>>> >> */
>>> >>
>>> >> public String getAwsSecretKey ()
>>> >>
>>> >> {
>>> >>
>>> >> return this.awsSecretKey;
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >>
>>> >> }
>>> >>
>>> >>
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Users mailing list
>>> >> Users at lists.opennebula.org
>>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>> >>
>>> >>
>>> >> --
>>> >> Olivier Sallou
>>> >> IRISA / University of Rennes 1
>>> >> Campus de Beaulieu, 35000 RENNES - FRANCE
>>> >> Tel: 02.99.84.71.95
>>> >>
>>> >> gpg key id: 4096R/326D8438 (keyring.debian.org)
>>> >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438
>>> >>
>>> >>
>>> >> _______________________________________________
>>> >> Users mailing list
>>> >> Users at lists.opennebula.org
>>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>> >>
>>> >
>>> >
>>> > _______________________________________________
>>> > Users mailing list
>>> > Users at lists.opennebula.org
>>> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>>> >
>>>
>>>
>>>
>>> --
>>> Daniel Molina
>>> Project Engineer
>>> OpenNebula - The Open Source Solution for Data Center Virtualization
>>> www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
>>
>>
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opennebula.org
> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
>
--
Daniel Molina
Project Engineer
OpenNebula - The Open Source Solution for Data Center Virtualization
www.OpenNebula.org | dmolina at opennebula.org | @OpenNebula
More information about the Users
mailing list