Hi,<div><br></div><div>now I tried to configure ec2 and ssl, but econe tools don't work. I am using apache 2 and centos 6.</div><div><br></div><div><div>[oneadmin@lahpc_cloud_server ~]$ oneuser show</div><div>USER 0 INFORMATION </div>
<div>ID : 0 </div><div>NAME : oneadmin </div><div>GROUP : oneadmin </div><div>PASSWORD : 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</div><div>AUTH_DRIVER : core </div>
<div>ENABLED : Yes </div><div><br></div><div>USER TEMPLATE </div><div><br></div></div><div><br></div><div><div>[oneadmin@lahpc_cloud_server ~]$ econe-describe-images -U <a href="https://localhost:8443">https://localhost:8443</a> -K oneadmin -S 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8</div>
<div>econe-describe-images: Unexpected server error. response.body is: <Response><Errors><Error><Code>AuthFailure</Code><Message>User not authorized</Message></Error></Errors><RequestID>0</RequestID></Response></div>
</div><div><br></div><div><br></div><div>Opennebula and apache setup :</div><div><br></div><div><div>[oneadmin@lahpc_cloud_server ~]$ vim /etc/one/econe.conf</div><div>:server: 127.0.0.1</div><div>:port: 4567</div><div>:ssl_server: localhost</div>
</div><div><br></div><div><br></div><div><div>[root@lahpc_cloud_server ~]# vim /etc/httpd/conf.d/ssl.conf </div></div><div><div><br></div><div><VirtualHost _default_:8443></div><div><br></div><div># General setup for the virtual host, inherited from global configuration</div>
<div>DocumentRoot "/var/www/html"</div><div>ServerName localhost:8443</div><div><br></div><div>ProxyPass / <a href="http://127.0.0.1:4567">http://127.0.0.1:4567</a></div></div><div><br></div><div><br></div><div>
I tried replace localhost by IP, but I have not succeeded. Any helps? </div><div><br></div><div><br></div><div>Thanks, </div><div><br></div><div>Charles Rodamilans</div><div><br></div><div><br><div class="gmail_quote">Em 20 de abril de 2012 10:50, Charles Rodamilans <span dir="ltr"><<a href="mailto:charlesrodamilans@gmail.com">charlesrodamilans@gmail.com</a>></span> escreveu:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><span style="border-collapse:collapse;color:rgb(34,34,34);font-family:arial,sans-serif;font-size:13px">Hi Daniel,<div>
<br></div><div>it was the problem. Thanks for help. </div><div><br></div><div>Charles Rodamilans</div>
</span><br></div><div class="gmail_quote"><div class="im">Em 19 de abril de 2012 11:08, Daniel Molina <span dir="ltr"><<a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a>></span> escreveu:<br>
</div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">
Hi Charles,<div><div class="h5"><br>
<br>
Are you using the plain password for the awsSecretKey? If so, use the<br>
sha1 hashed version instead. You can retrieve it from the oneuser show<br>
output.<br>
<br>
Hope this helps<br>
<div><div><br>
On 19 April 2012 13:54, Charles Rodamilans <<a href="mailto:charlesrodamilans@gmail.com" target="_blank">charlesrodamilans@gmail.com</a>> wrote:<br>
> Yes. I encode the password in String url = signed.sign(params);<br>
><br>
> You can see &Signature parameter in url.<br>
><br>
> Em 17 de abril de 2012 12:53, Olivier Sallou <<a href="mailto:olivier.sallou@irisa.fr" target="_blank">olivier.sallou@irisa.fr</a>><br>
> escreveu:<br>
><br>
>> Did you encode the password in the url?<br>
>><br>
>> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit :<br>
>><br>
>> Hi,<br>
>><br>
>> i tried to use ec2 interface with opennebula 3.2, but I have problem.<br>
>><br>
>> Ec2 tools work well.<br>
>><br>
>> [oneadmin@lahpc_cloud_server ~]$ econe-describe-instances<br>
>> oneadmin i-74 running 192.168.0.22 small<br>
>><br>
>> oneadmin i-75 running 192.168.0.20 small<br>
>><br>
>> oneadmin i-76 running 192.168.0.21 small<br>
>><br>
>><br>
>><br>
>> I use the java code, bellow, to generate url. It works well in amazon ec2<br>
>> (<a href="http://ec2.amazonaws.com" target="_blank">ec2.amazonaws.com</a>), but is not working in opennebula.<br>
>><br>
>> [oneadmin@lahpc_cloud_server ~]$ curl<br>
>> "<a href="http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D" target="_blank">http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D</a>"<br>
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not<br>
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response><br>
>><br>
>><br>
>><br>
>> I tried with others users (serveradmin and clouduser), but problem is the<br>
>> same.<br>
>><br>
>><br>
>><br>
>> [oneadmin@lahpc_cloud_server ~]$ oneuser list<br>
>> ID GROUP NAME AUTH<br>
>> PASSWORD<br>
>> 0 oneadmin oneadmin core<br>
>> b8c388d2e366b7835bcd9fe565fb67a17f84302f<br>
>> 1 oneadmin serveradmin server_c<br>
>> 96b438cf52a49348d0fbe773ff2c119bb4707994<br>
>> 22 ec2 clouduser public<br>
>> b8c388d2e366b7835bcd9fe565fb67a17f84302f<br>
>><br>
>> [oneadmin@lahpc_cloud_server ~]$ curl<br>
>> "<a href="http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D" target="_blank">http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D</a>"<br>
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not<br>
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response><br>
>><br>
>> [oneadmin@lahpc_cloud_server ~]$ curl<br>
>> "<a href="http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D" target="_blank">http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D</a>"<br>
>> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not<br>
>> authorized</Message></Error></Errors><RequestID>0</RequestID></Response><br>
>><br>
>><br>
>> What is the problem? Any suggestion?<br>
>><br>
>> Thanks,<br>
>><br>
>> Charles Rodamilans<br>
>><br>
>><br>
>><br>
>> import java.util.Map;<br>
>><br>
>><br>
>> import org.junit.Test;<br>
>><br>
>><br>
>> public class SignedRequestsTest {<br>
>><br>
>><br>
>> @Test<br>
>><br>
>> public void signed() {<br>
>><br>
>> SignedRequests signed = new SignedRequests( "oneadmin", "password");<br>
>><br>
>> // SignedRequests signed = new SignedRequests( "serveradmin", "password");<br>
>><br>
>> // SignedRequests signed = new SignedRequests( "clouduser", "password");<br>
>><br>
>><br>
>> Map<String, String> params = new java.util.HashMap<String, String>();<br>
>><br>
>> params.put("Action", "DescribeInstances");<br>
>><br>
>> params.put("SignatureMethod", "HmacSHA256");<br>
>><br>
>> params.put("SignatureVersion", "2");<br>
>><br>
>> params.put("Version", "2010-06-15");<br>
>><br>
>> String url = signed.sign(params);<br>
>><br>
>> System.out.println(url);<br>
>><br>
>> }<br>
>><br>
>> }<br>
>><br>
>><br>
>><br>
>><br>
>><br>
>> /*<br>
>><br>
>> * Code Reference<br>
>><br>
>><br>
>> * <a href="http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html" target="_blank">http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html</a><br>
>><br>
>> */<br>
>><br>
>><br>
>> import java.io.UnsupportedEncodingException;<br>
>><br>
>> import java.net.URLEncoder;<br>
>><br>
>> import java.security.InvalidKeyException;<br>
>><br>
>> import java.security.NoSuchAlgorithmException;<br>
>><br>
>> import java.text.DateFormat;<br>
>><br>
>> import java.text.SimpleDateFormat;<br>
>><br>
>> import java.util.Calendar;<br>
>><br>
>> import java.util.Iterator;<br>
>><br>
>> import java.util.Map;<br>
>><br>
>> import java.util.SortedMap;<br>
>><br>
>> import java.util.TimeZone;<br>
>><br>
>> import java.util.TreeMap;<br>
>><br>
>><br>
>> import javax.crypto.Mac;<br>
>><br>
>> import javax.crypto.spec.SecretKeySpec;<br>
>><br>
>><br>
>> import org.apache.commons.codec.binary.Base64;<br>
>><br>
>><br>
>> import com.lahpc.cloud.essential.HTTPVerb;<br>
>><br>
>><br>
>> public class SignedRequests {<br>
>><br>
>> private static final String UTF8_CHARSET = "UTF-8";<br>
>><br>
>> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256";<br>
>><br>
>> private static final String REQUEST_URI = "/";<br>
>><br>
>> /**<br>
>><br>
>> * @uml.property name="requestMethod"<br>
>><br>
>> * @uml.associationEnd multiplicity="(1 1)"<br>
>><br>
>> */<br>
>><br>
>> private HTTPVerb requestMethod = HTTPVerb.GET;<br>
>><br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @uml.property name="endpoint"<br>
>><br>
>> */<br>
>><br>
>> // private String endpoint = "<a href="http://ec2.amazonaws.com" target="_blank">ec2.amazonaws.com</a>"; // must be lowercase<br>
>><br>
>> private String endpoint = "localhost:4567"; // must be lowercase<br>
>><br>
>> /**<br>
>><br>
>> * @uml.property name="awsAccessKeyId"<br>
>><br>
>> */<br>
>><br>
>> private String awsAccessKeyId;<br>
>><br>
>> /**<br>
>><br>
>> * @uml.property name="awsSecretKey"<br>
>><br>
>> */<br>
>><br>
>> private String awsSecretKey;<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @uml.property name="secretKeySpec"<br>
>><br>
>> * @uml.associationEnd multiplicity="(1 1)"<br>
>><br>
>> */<br>
>><br>
>> private SecretKeySpec secretKeySpec = null;<br>
>><br>
>> /**<br>
>><br>
>> * @uml.property name="mac"<br>
>><br>
>> * @uml.associationEnd multiplicity="(1 1)"<br>
>><br>
>> */<br>
>><br>
>> private Mac mac = null;<br>
>><br>
>> public SignedRequests(String awsAccessKeyId, String awsSecretKey)<br>
>><br>
>> {<br>
>><br>
>> this.setAwsAccessKeyId(awsAccessKeyId);<br>
>><br>
>> this.setAwsSecretKey(awsSecretKey);<br>
>><br>
>> setDefault();<br>
>><br>
>> }<br>
>><br>
>><br>
>> private void setDefault() {<br>
>><br>
>><br>
>> try<br>
>><br>
>> {<br>
>><br>
>> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET);<br>
>><br>
>> secretKeySpec =<br>
>><br>
>> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM);<br>
>><br>
>> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM);<br>
>><br>
>> mac.init(secretKeySpec);<br>
>><br>
>> } catch (UnsupportedEncodingException e) {<br>
>><br>
>> e.printStackTrace();<br>
>><br>
>> } catch (NoSuchAlgorithmException e) {<br>
>><br>
>> e.printStackTrace();<br>
>><br>
>> } catch (InvalidKeyException e) {<br>
>><br>
>> e.printStackTrace();<br>
>><br>
>> }<br>
>><br>
>> }<br>
>><br>
>><br>
>> public String sign(Map<String, String> params) {<br>
>><br>
>> params.put("AWSAccessKeyId", awsAccessKeyId);<br>
>><br>
>> params.put("Timestamp", timestamp());<br>
>><br>
>><br>
>> SortedMap<String, String> sortedParamMap =<br>
>><br>
>> new TreeMap<String, String>(params);<br>
>><br>
>> String canonicalQS = canonicalize(sortedParamMap);<br>
>><br>
>> String toSign =<br>
>><br>
>> requestMethod.toString() + "\n"<br>
>><br>
>> + endpoint + "\n"<br>
>><br>
>> + REQUEST_URI + "\n"<br>
>><br>
>> + canonicalQS;<br>
>><br>
>><br>
>> String hmac = hmac(toSign);<br>
>><br>
>> String sig = percentEncodeRfc3986(hmac);<br>
>><br>
>> // String url = "https://" + endpoint + REQUEST_URI + "?" +<br>
>><br>
>> // canonicalQS + "&Signature=" + sig;<br>
>><br>
>> String url = "http://" + endpoint + REQUEST_URI + "?" +<br>
>><br>
>> canonicalQS + "&Signature=" + sig;<br>
>><br>
>><br>
>> return url;<br>
>><br>
>> }<br>
>><br>
>><br>
>> private String hmac(String stringToSign) {<br>
>><br>
>> String signature = null;<br>
>><br>
>> byte[] data;<br>
>><br>
>> byte[] rawHmac;<br>
>><br>
>> try {<br>
>><br>
>> data = stringToSign.getBytes(UTF8_CHARSET);<br>
>><br>
>> rawHmac = mac.doFinal(data);<br>
>><br>
>> Base64 encoder = new Base64();<br>
>><br>
>> signature = new String(encoder.encode(rawHmac));<br>
>><br>
>> } catch (UnsupportedEncodingException e) {<br>
>><br>
>> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e);<br>
>><br>
>> }<br>
>><br>
>> return signature;<br>
>><br>
>> }<br>
>><br>
>><br>
>> private String timestamp() {<br>
>><br>
>> String timestamp = null;<br>
>><br>
>> Calendar cal = Calendar.getInstance();<br>
>><br>
>> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");<br>
>><br>
>> dfm.setTimeZone(TimeZone.getTimeZone("GMT"));<br>
>><br>
>> timestamp = dfm.format(cal.getTime());<br>
>><br>
>> return timestamp;<br>
>><br>
>> }<br>
>><br>
>><br>
>> private String canonicalize(SortedMap<String, String> sortedParamMap)<br>
>><br>
>> {<br>
>><br>
>> if (sortedParamMap.isEmpty()) {<br>
>><br>
>> return "";<br>
>><br>
>> }<br>
>><br>
>><br>
>> StringBuffer buffer = new StringBuffer();<br>
>><br>
>> Iterator<Map.Entry<String, String>> iter =<br>
>><br>
>> sortedParamMap.entrySet().iterator();<br>
>><br>
>><br>
>> while (iter.hasNext()) {<br>
>><br>
>> Map.Entry<String, String> kvpair = iter.next();<br>
>><br>
>> buffer.append(percentEncodeRfc3986(kvpair.getKey()));<br>
>><br>
>> buffer.append("=");<br>
>><br>
>> buffer.append(percentEncodeRfc3986(kvpair.getValue()));<br>
>><br>
>> if (iter.hasNext()) {<br>
>><br>
>> buffer.append("&");<br>
>><br>
>> }<br>
>><br>
>> }<br>
>><br>
>> String cannoical = buffer.toString();<br>
>><br>
>> return cannoical;<br>
>><br>
>> }<br>
>><br>
>><br>
>> private String percentEncodeRfc3986(String s) {<br>
>><br>
>> String out;<br>
>><br>
>> try {<br>
>><br>
>> out = URLEncoder.encode(s, UTF8_CHARSET)<br>
>><br>
>> .replace("+", "%20")<br>
>><br>
>> .replace("*", "%2A")<br>
>><br>
>> .replace("%7E", "~");<br>
>><br>
>> } catch (UnsupportedEncodingException e) {<br>
>><br>
>> out = s;<br>
>><br>
>> }<br>
>><br>
>> return out;<br>
>><br>
>> }<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @param verb<br>
>><br>
>> * @uml.property name="requestMethod"<br>
>><br>
>> */<br>
>><br>
>> public void setRequestMethod(HTTPVerb verb )<br>
>><br>
>> {<br>
>><br>
>> this.requestMethod = verb;<br>
>><br>
>> }<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @return<br>
>><br>
>> * @uml.property name="requestMethod"<br>
>><br>
>> */<br>
>><br>
>> public HTTPVerb getRequestMethod()<br>
>><br>
>> {<br>
>><br>
>> return requestMethod;<br>
>><br>
>> }<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @param keyId<br>
>><br>
>> * @uml.property name="awsAccessKeyId"<br>
>><br>
>> */<br>
>><br>
>> public void setAwsAccessKeyId(String keyId)<br>
>><br>
>> {<br>
>><br>
>> this.awsAccessKeyId = keyId;<br>
>><br>
>> }<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @return<br>
>><br>
>> * @uml.property name="awsAccessKeyId"<br>
>><br>
>> */<br>
>><br>
>> public String getAwsAccessKeyId()<br>
>><br>
>> {<br>
>><br>
>> return this.awsAccessKeyId;<br>
>><br>
>> }<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @param secretKey<br>
>><br>
>> * @uml.property name="awsSecretKey"<br>
>><br>
>> */<br>
>><br>
>> public void setAwsSecretKey (String secretKey)<br>
>><br>
>> {<br>
>><br>
>> this.awsSecretKey = secretKey;<br>
>><br>
>> }<br>
>><br>
>><br>
>> /**<br>
>><br>
>> * @return<br>
>><br>
>> * @uml.property name="awsSecretKey"<br>
>><br>
>> */<br>
>><br>
>> public String getAwsSecretKey ()<br>
>><br>
>> {<br>
>><br>
>> return this.awsSecretKey;<br>
>><br>
>> }<br>
>><br>
>><br>
>><br>
>> }<br>
>><br>
>><br>
>><br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
>> <a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
>><br>
>><br>
>> --<br>
>> Olivier Sallou<br>
>> IRISA / University of Rennes 1<br>
>> Campus de Beaulieu, 35000 RENNES - FRANCE<br>
>> Tel: 02.99.84.71.95<br>
>><br>
>> gpg key id: 4096R/326D8438 (<a href="http://keyring.debian.org" target="_blank">keyring.debian.org</a>)<br>
>> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438<br>
>><br>
>><br>
>> _______________________________________________<br>
>> Users mailing list<br>
>> <a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
>> <a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
>><br>
><br>
><br>
> _______________________________________________<br>
> Users mailing list<br>
> <a href="mailto:Users@lists.opennebula.org" target="_blank">Users@lists.opennebula.org</a><br>
> <a href="http://lists.opennebula.org/listinfo.cgi/users-opennebula.org" target="_blank">http://lists.opennebula.org/listinfo.cgi/users-opennebula.org</a><br>
><br>
<br>
<br>
<br>
--<br>
</div></div><span><font color="#888888">Daniel Molina<br>
Project Engineer<br>
OpenNebula - The Open Source Solution for Data Center Virtualization<br>
<a href="http://www.OpenNebula.org" target="_blank">www.OpenNebula.org</a> | <a href="mailto:dmolina@opennebula.org" target="_blank">dmolina@opennebula.org</a> | @OpenNebula<br>
</font></span></div></div></blockquote></div><br>
</blockquote></div><br></div>