Hi, now I tried to configure ec2 and ssl, but econe tools don't work. I am using apache 2 and centos 6.
[oneadmin@lahpc_cloud_server ~]$ oneuser show USER 0 INFORMATION ID : 0 NAME : oneadmin GROUP : oneadmin PASSWORD : 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 AUTH_DRIVER : core ENABLED : Yes USER TEMPLATE [oneadmin@lahpc_cloud_server ~]$ econe-describe-images -U https://localhost:8443 -K oneadmin -S 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 econe-describe-images: Unexpected server error. response.body is: <Response><Errors><Error><Code>AuthFailure</Code><Message>User not authorized</Message></Error></Errors><RequestID>0</RequestID></Response> Opennebula and apache setup : [oneadmin@lahpc_cloud_server ~]$ vim /etc/one/econe.conf :server: 127.0.0.1 :port: 4567 :ssl_server: localhost [root@lahpc_cloud_server ~]# vim /etc/httpd/conf.d/ssl.conf <VirtualHost _default_:8443> # General setup for the virtual host, inherited from global configuration DocumentRoot "/var/www/html" ServerName localhost:8443 ProxyPass / http://127.0.0.1:4567 I tried replace localhost by IP, but I have not succeeded. Any helps? Thanks, Charles Rodamilans Em 20 de abril de 2012 10:50, Charles Rodamilans < [email protected]> escreveu: > Hi Daniel, > > it was the problem. Thanks for help. > > Charles Rodamilans > > Em 19 de abril de 2012 11:08, Daniel Molina <[email protected]>escreveu: > >> Hi Charles, >> >> >> Are you using the plain password for the awsSecretKey? If so, use the >> sha1 hashed version instead. You can retrieve it from the oneuser show >> output. >> >> Hope this helps >> >> On 19 April 2012 13:54, Charles Rodamilans <[email protected]> >> wrote: >> > Yes. I encode the password in String url = signed.sign(params); >> > >> > You can see &Signature parameter in url. >> > >> > Em 17 de abril de 2012 12:53, Olivier Sallou <[email protected]> >> > escreveu: >> > >> >> Did you encode the password in the url? >> >> >> >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit : >> >> >> >> Hi, >> >> >> >> i tried to use ec2 interface with opennebula 3.2, but I have problem. >> >> >> >> Ec2 tools work well. >> >> >> >> [oneadmin@lahpc_cloud_server ~]$ econe-describe-instances >> >> oneadmin i-74 running 192.168.0.22 >> small >> >> >> >> oneadmin i-75 running 192.168.0.20 >> small >> >> >> >> oneadmin i-76 running 192.168.0.21 >> small >> >> >> >> >> >> >> >> I use the java code, bellow, to generate url. It works well in amazon >> ec2 >> >> (ec2.amazonaws.com), but is not working in opennebula. >> >> >> >> [oneadmin@lahpc_cloud_server ~]$ curl >> >> " >> http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D >> " >> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >> >> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >> >> >> >> >> >> >> >> I tried with others users (serveradmin and clouduser), but problem is >> the >> >> same. >> >> >> >> >> >> >> >> [oneadmin@lahpc_cloud_server ~]$ oneuser list >> >> ID GROUP NAME AUTH >> >> PASSWORD >> >> 0 oneadmin oneadmin core >> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f >> >> 1 oneadmin serveradmin server_c >> >> 96b438cf52a49348d0fbe773ff2c119bb4707994 >> >> 22 ec2 clouduser public >> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f >> >> >> >> [oneadmin@lahpc_cloud_server ~]$ curl >> >> " >> http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D >> " >> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >> >> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >> >> >> >> [oneadmin@lahpc_cloud_server ~]$ curl >> >> " >> http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D >> " >> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >> >> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >> >> >> >> >> >> What is the problem? Any suggestion? >> >> >> >> Thanks, >> >> >> >> Charles Rodamilans >> >> >> >> >> >> >> >> import java.util.Map; >> >> >> >> >> >> import org.junit.Test; >> >> >> >> >> >> public class SignedRequestsTest { >> >> >> >> >> >> @Test >> >> >> >> public void signed() { >> >> >> >> SignedRequests signed = new SignedRequests( "oneadmin", "password"); >> >> >> >> // SignedRequests signed = new SignedRequests( "serveradmin", >> "password"); >> >> >> >> // SignedRequests signed = new SignedRequests( "clouduser", >> "password"); >> >> >> >> >> >> Map<String, String> params = new java.util.HashMap<String, String>(); >> >> >> >> params.put("Action", "DescribeInstances"); >> >> >> >> params.put("SignatureMethod", "HmacSHA256"); >> >> >> >> params.put("SignatureVersion", "2"); >> >> >> >> params.put("Version", "2010-06-15"); >> >> >> >> String url = signed.sign(params); >> >> >> >> System.out.println(url); >> >> >> >> } >> >> >> >> } >> >> >> >> >> >> >> >> >> >> >> >> /* >> >> >> >> * Code Reference >> >> >> >> >> >> * >> http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html >> >> >> >> */ >> >> >> >> >> >> import java.io.UnsupportedEncodingException; >> >> >> >> import java.net.URLEncoder; >> >> >> >> import java.security.InvalidKeyException; >> >> >> >> import java.security.NoSuchAlgorithmException; >> >> >> >> import java.text.DateFormat; >> >> >> >> import java.text.SimpleDateFormat; >> >> >> >> import java.util.Calendar; >> >> >> >> import java.util.Iterator; >> >> >> >> import java.util.Map; >> >> >> >> import java.util.SortedMap; >> >> >> >> import java.util.TimeZone; >> >> >> >> import java.util.TreeMap; >> >> >> >> >> >> import javax.crypto.Mac; >> >> >> >> import javax.crypto.spec.SecretKeySpec; >> >> >> >> >> >> import org.apache.commons.codec.binary.Base64; >> >> >> >> >> >> import com.lahpc.cloud.essential.HTTPVerb; >> >> >> >> >> >> public class SignedRequests { >> >> >> >> private static final String UTF8_CHARSET = "UTF-8"; >> >> >> >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; >> >> >> >> private static final String REQUEST_URI = "/"; >> >> >> >> /** >> >> >> >> * @uml.property name="requestMethod" >> >> >> >> * @uml.associationEnd multiplicity="(1 1)" >> >> >> >> */ >> >> >> >> private HTTPVerb requestMethod = HTTPVerb.GET; >> >> >> >> >> >> >> >> /** >> >> >> >> * @uml.property name="endpoint" >> >> >> >> */ >> >> >> >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase >> >> >> >> private String endpoint = "localhost:4567"; // must be lowercase >> >> >> >> /** >> >> >> >> * @uml.property name="awsAccessKeyId" >> >> >> >> */ >> >> >> >> private String awsAccessKeyId; >> >> >> >> /** >> >> >> >> * @uml.property name="awsSecretKey" >> >> >> >> */ >> >> >> >> private String awsSecretKey; >> >> >> >> >> >> /** >> >> >> >> * @uml.property name="secretKeySpec" >> >> >> >> * @uml.associationEnd multiplicity="(1 1)" >> >> >> >> */ >> >> >> >> private SecretKeySpec secretKeySpec = null; >> >> >> >> /** >> >> >> >> * @uml.property name="mac" >> >> >> >> * @uml.associationEnd multiplicity="(1 1)" >> >> >> >> */ >> >> >> >> private Mac mac = null; >> >> >> >> public SignedRequests(String awsAccessKeyId, String awsSecretKey) >> >> >> >> { >> >> >> >> this.setAwsAccessKeyId(awsAccessKeyId); >> >> >> >> this.setAwsSecretKey(awsSecretKey); >> >> >> >> setDefault(); >> >> >> >> } >> >> >> >> >> >> private void setDefault() { >> >> >> >> >> >> try >> >> >> >> { >> >> >> >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET); >> >> >> >> secretKeySpec = >> >> >> >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM); >> >> >> >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); >> >> >> >> mac.init(secretKeySpec); >> >> >> >> } catch (UnsupportedEncodingException e) { >> >> >> >> e.printStackTrace(); >> >> >> >> } catch (NoSuchAlgorithmException e) { >> >> >> >> e.printStackTrace(); >> >> >> >> } catch (InvalidKeyException e) { >> >> >> >> e.printStackTrace(); >> >> >> >> } >> >> >> >> } >> >> >> >> >> >> public String sign(Map<String, String> params) { >> >> >> >> params.put("AWSAccessKeyId", awsAccessKeyId); >> >> >> >> params.put("Timestamp", timestamp()); >> >> >> >> >> >> SortedMap<String, String> sortedParamMap = >> >> >> >> new TreeMap<String, String>(params); >> >> >> >> String canonicalQS = canonicalize(sortedParamMap); >> >> >> >> String toSign = >> >> >> >> requestMethod.toString() + "\n" >> >> >> >> + endpoint + "\n" >> >> >> >> + REQUEST_URI + "\n" >> >> >> >> + canonicalQS; >> >> >> >> >> >> String hmac = hmac(toSign); >> >> >> >> String sig = percentEncodeRfc3986(hmac); >> >> >> >> // String url = "https://" + endpoint + REQUEST_URI + "?" + >> >> >> >> // canonicalQS + "&Signature=" + sig; >> >> >> >> String url = "http://" + endpoint + REQUEST_URI + "?" + >> >> >> >> canonicalQS + "&Signature=" + sig; >> >> >> >> >> >> return url; >> >> >> >> } >> >> >> >> >> >> private String hmac(String stringToSign) { >> >> >> >> String signature = null; >> >> >> >> byte[] data; >> >> >> >> byte[] rawHmac; >> >> >> >> try { >> >> >> >> data = stringToSign.getBytes(UTF8_CHARSET); >> >> >> >> rawHmac = mac.doFinal(data); >> >> >> >> Base64 encoder = new Base64(); >> >> >> >> signature = new String(encoder.encode(rawHmac)); >> >> >> >> } catch (UnsupportedEncodingException e) { >> >> >> >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e); >> >> >> >> } >> >> >> >> return signature; >> >> >> >> } >> >> >> >> >> >> private String timestamp() { >> >> >> >> String timestamp = null; >> >> >> >> Calendar cal = Calendar.getInstance(); >> >> >> >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); >> >> >> >> dfm.setTimeZone(TimeZone.getTimeZone("GMT")); >> >> >> >> timestamp = dfm.format(cal.getTime()); >> >> >> >> return timestamp; >> >> >> >> } >> >> >> >> >> >> private String canonicalize(SortedMap<String, String> sortedParamMap) >> >> >> >> { >> >> >> >> if (sortedParamMap.isEmpty()) { >> >> >> >> return ""; >> >> >> >> } >> >> >> >> >> >> StringBuffer buffer = new StringBuffer(); >> >> >> >> Iterator<Map.Entry<String, String>> iter = >> >> >> >> sortedParamMap.entrySet().iterator(); >> >> >> >> >> >> while (iter.hasNext()) { >> >> >> >> Map.Entry<String, String> kvpair = iter.next(); >> >> >> >> buffer.append(percentEncodeRfc3986(kvpair.getKey())); >> >> >> >> buffer.append("="); >> >> >> >> buffer.append(percentEncodeRfc3986(kvpair.getValue())); >> >> >> >> if (iter.hasNext()) { >> >> >> >> buffer.append("&"); >> >> >> >> } >> >> >> >> } >> >> >> >> String cannoical = buffer.toString(); >> >> >> >> return cannoical; >> >> >> >> } >> >> >> >> >> >> private String percentEncodeRfc3986(String s) { >> >> >> >> String out; >> >> >> >> try { >> >> >> >> out = URLEncoder.encode(s, UTF8_CHARSET) >> >> >> >> .replace("+", "%20") >> >> >> >> .replace("*", "%2A") >> >> >> >> .replace("%7E", "~"); >> >> >> >> } catch (UnsupportedEncodingException e) { >> >> >> >> out = s; >> >> >> >> } >> >> >> >> return out; >> >> >> >> } >> >> >> >> >> >> /** >> >> >> >> * @param verb >> >> >> >> * @uml.property name="requestMethod" >> >> >> >> */ >> >> >> >> public void setRequestMethod(HTTPVerb verb ) >> >> >> >> { >> >> >> >> this.requestMethod = verb; >> >> >> >> } >> >> >> >> >> >> /** >> >> >> >> * @return >> >> >> >> * @uml.property name="requestMethod" >> >> >> >> */ >> >> >> >> public HTTPVerb getRequestMethod() >> >> >> >> { >> >> >> >> return requestMethod; >> >> >> >> } >> >> >> >> >> >> /** >> >> >> >> * @param keyId >> >> >> >> * @uml.property name="awsAccessKeyId" >> >> >> >> */ >> >> >> >> public void setAwsAccessKeyId(String keyId) >> >> >> >> { >> >> >> >> this.awsAccessKeyId = keyId; >> >> >> >> } >> >> >> >> >> >> /** >> >> >> >> * @return >> >> >> >> * @uml.property name="awsAccessKeyId" >> >> >> >> */ >> >> >> >> public String getAwsAccessKeyId() >> >> >> >> { >> >> >> >> return this.awsAccessKeyId; >> >> >> >> } >> >> >> >> >> >> /** >> >> >> >> * @param secretKey >> >> >> >> * @uml.property name="awsSecretKey" >> >> >> >> */ >> >> >> >> public void setAwsSecretKey (String secretKey) >> >> >> >> { >> >> >> >> this.awsSecretKey = secretKey; >> >> >> >> } >> >> >> >> >> >> /** >> >> >> >> * @return >> >> >> >> * @uml.property name="awsSecretKey" >> >> >> >> */ >> >> >> >> public String getAwsSecretKey () >> >> >> >> { >> >> >> >> return this.awsSecretKey; >> >> >> >> } >> >> >> >> >> >> >> >> } >> >> >> >> >> >> >> >> >> >> _______________________________________________ >> >> Users mailing list >> >> [email protected] >> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> >> >> >> -- >> >> Olivier Sallou >> >> IRISA / University of Rennes 1 >> >> Campus de Beaulieu, 35000 RENNES - FRANCE >> >> Tel: 02.99.84.71.95 >> >> >> >> gpg key id: 4096R/326D8438 (keyring.debian.org) >> >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 >> >> >> >> >> >> _______________________________________________ >> >> Users mailing list >> >> [email protected] >> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> >> >> > >> > >> > _______________________________________________ >> > Users mailing list >> > [email protected] >> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >> > >> >> >> >> -- >> Daniel Molina >> Project Engineer >> OpenNebula - The Open Source Solution for Data Center Virtualization >> www.OpenNebula.org | [email protected] | @OpenNebula >> > >
_______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
