Hi Charles, On 20 April 2012 22:31, Charles Rodamilans <[email protected]> wrote: > Hi, > > now I tried to configure ec2 and ssl, but econe tools don't work. I am > using apache 2 and centos 6. > > [oneadmin@lahpc_cloud_server ~]$ oneuser show > USER 0 INFORMATION > > ID : 0 > NAME : oneadmin > GROUP : oneadmin > PASSWORD : 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 > AUTH_DRIVER : core > ENABLED : Yes > > USER TEMPLATE > > > > [oneadmin@lahpc_cloud_server ~]$ econe-describe-images -U > https://localhost:8443 -K oneadmin -S > 5baa61e4c9b93f3f0682250b6cf8331b7ee68fd8 > econe-describe-images: Unexpected server error. response.body is: > <Response><Errors><Error><Code>AuthFailure</Code><Message>User not > authorized</Message></Error></Errors><RequestID>0</RequestID></Response> > > > Opennebula and apache setup : > > [oneadmin@lahpc_cloud_server ~]$ vim /etc/one/econe.conf > :server: 127.0.0.1 > :port: 4567 > :ssl_server: localhost > > > [root@lahpc_cloud_server ~]# vim /etc/httpd/conf.d/ssl.conf > > <VirtualHost _default_:8443> > > # General setup for the virtual host, inherited from global configuration > DocumentRoot "/var/www/html" > ServerName localhost:8443 > > ProxyPass / http://127.0.0.1:4567 > > > I tried replace localhost by IP, but I have not succeeded. Any helps?
I think the problem is you are using the port 8443 instead of the default one. Please, try changing the the :ssl_server parameter to "localhost:8443" instead of "localhost", otherwise the signature will be generated using the default 443 port. Cheers > > > Thanks, > > Charles Rodamilans > > > Em 20 de abril de 2012 10:50, Charles Rodamilans > <[email protected]> escreveu: > >> Hi Daniel, >> >> it was the problem. Thanks for help. >> >> Charles Rodamilans >> >> Em 19 de abril de 2012 11:08, Daniel Molina <[email protected]> >> escreveu: >>> >>> Hi Charles, >>> >>> >>> Are you using the plain password for the awsSecretKey? If so, use the >>> sha1 hashed version instead. You can retrieve it from the oneuser show >>> output. >>> >>> Hope this helps >>> >>> On 19 April 2012 13:54, Charles Rodamilans <[email protected]> >>> wrote: >>> > Yes. I encode the password in String url = signed.sign(params); >>> > >>> > You can see &Signature parameter in url. >>> > >>> > Em 17 de abril de 2012 12:53, Olivier Sallou <[email protected]> >>> > escreveu: >>> > >>> >> Did you encode the password in the url? >>> >> >>> >> Le 4/17/12 5:28 PM, Charles Rodamilans a écrit : >>> >> >>> >> Hi, >>> >> >>> >> i tried to use ec2 interface with opennebula 3.2, but I have problem. >>> >> >>> >> Ec2 tools work well. >>> >> >>> >> [oneadmin@lahpc_cloud_server ~]$ econe-describe-instances >>> >> oneadmin i-74 running 192.168.0.22 >>> >> small >>> >> >>> >> oneadmin i-75 running 192.168.0.20 >>> >> small >>> >> >>> >> oneadmin i-76 running 192.168.0.21 >>> >> small >>> >> >>> >> >>> >> >>> >> I use the java code, bellow, to generate url. It works well in amazon >>> >> ec2 >>> >> (ec2.amazonaws.com), but is not working in opennebula. >>> >> >>> >> [oneadmin@lahpc_cloud_server ~]$ curl >>> >> >>> >> "http://localhost:4567/?AWSAccessKeyId=oneadmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T14%3A58%3A07Z&Version=2011-01-01&Signature=LdbPDicLCFY%2BLNOqblKTBoY6sNl5jTJezV%2FCTmr5uBs%3D" >>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >>> >> >>> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >>> >> >>> >> >>> >> >>> >> I tried with others users (serveradmin and clouduser), but problem is >>> >> the >>> >> same. >>> >> >>> >> >>> >> >>> >> [oneadmin@lahpc_cloud_server ~]$ oneuser list >>> >> ID GROUP NAME AUTH >>> >> PASSWORD >>> >> 0 oneadmin oneadmin core >>> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f >>> >> 1 oneadmin serveradmin server_c >>> >> 96b438cf52a49348d0fbe773ff2c119bb4707994 >>> >> 22 ec2 clouduser public >>> >> b8c388d2e366b7835bcd9fe565fb67a17f84302f >>> >> >>> >> [oneadmin@lahpc_cloud_server ~]$ curl >>> >> >>> >> "http://localhost:4567/?AWSAccessKeyId=serveradmin&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A16%3A06Z&Version=2011-01-01&Signature=J3SPezX2sDZt8XPOKqkqa8Xw0AHyFNMedLJtGZ7IvUQ%3D" >>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >>> >> >>> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >>> >> >>> >> [oneadmin@lahpc_cloud_server ~]$ curl >>> >> >>> >> "http://localhost:4567/?AWSAccessKeyId=clouduser&Action=DescribeInstances&SignatureMethod=HmacSHA256&SignatureVersion=2&Timestamp=2012-04-17T15%3A18%3A51Z&Version=2011-01-01&Signature=t58LIMq7WYW0EslTkyn7CKVAX7BdWcw27jsRwSecGe0%3D" >>> >> <Response><Errors><Error><Code>AuthFailure</Code><Message>User not >>> >> >>> >> authorized</Message></Error></Errors><RequestID>0</RequestID></Response> >>> >> >>> >> >>> >> What is the problem? Any suggestion? >>> >> >>> >> Thanks, >>> >> >>> >> Charles Rodamilans >>> >> >>> >> >>> >> >>> >> import java.util.Map; >>> >> >>> >> >>> >> import org.junit.Test; >>> >> >>> >> >>> >> public class SignedRequestsTest { >>> >> >>> >> >>> >> @Test >>> >> >>> >> public void signed() { >>> >> >>> >> SignedRequests signed = new SignedRequests( "oneadmin", "password"); >>> >> >>> >> // SignedRequests signed = new SignedRequests( "serveradmin", >>> >> "password"); >>> >> >>> >> // SignedRequests signed = new SignedRequests( "clouduser", >>> >> "password"); >>> >> >>> >> >>> >> Map<String, String> params = new java.util.HashMap<String, String>(); >>> >> >>> >> params.put("Action", "DescribeInstances"); >>> >> >>> >> params.put("SignatureMethod", "HmacSHA256"); >>> >> >>> >> params.put("SignatureVersion", "2"); >>> >> >>> >> params.put("Version", "2010-06-15"); >>> >> >>> >> String url = signed.sign(params); >>> >> >>> >> System.out.println(url); >>> >> >>> >> } >>> >> >>> >> } >>> >> >>> >> >>> >> >>> >> >>> >> >>> >> /* >>> >> >>> >> * Code Reference >>> >> >>> >> >>> >> >>> >> * http://docs.amazonwebservices.com/AWSECommerceService/latest/DG/AuthJavaSampleSig2.html >>> >> >>> >> */ >>> >> >>> >> >>> >> import java.io.UnsupportedEncodingException; >>> >> >>> >> import java.net.URLEncoder; >>> >> >>> >> import java.security.InvalidKeyException; >>> >> >>> >> import java.security.NoSuchAlgorithmException; >>> >> >>> >> import java.text.DateFormat; >>> >> >>> >> import java.text.SimpleDateFormat; >>> >> >>> >> import java.util.Calendar; >>> >> >>> >> import java.util.Iterator; >>> >> >>> >> import java.util.Map; >>> >> >>> >> import java.util.SortedMap; >>> >> >>> >> import java.util.TimeZone; >>> >> >>> >> import java.util.TreeMap; >>> >> >>> >> >>> >> import javax.crypto.Mac; >>> >> >>> >> import javax.crypto.spec.SecretKeySpec; >>> >> >>> >> >>> >> import org.apache.commons.codec.binary.Base64; >>> >> >>> >> >>> >> import com.lahpc.cloud.essential.HTTPVerb; >>> >> >>> >> >>> >> public class SignedRequests { >>> >> >>> >> private static final String UTF8_CHARSET = "UTF-8"; >>> >> >>> >> private static final String HMAC_SHA256_ALGORITHM = "HmacSHA256"; >>> >> >>> >> private static final String REQUEST_URI = "/"; >>> >> >>> >> /** >>> >> >>> >> * @uml.property name="requestMethod" >>> >> >>> >> * @uml.associationEnd multiplicity="(1 1)" >>> >> >>> >> */ >>> >> >>> >> private HTTPVerb requestMethod = HTTPVerb.GET; >>> >> >>> >> >>> >> >>> >> /** >>> >> >>> >> * @uml.property name="endpoint" >>> >> >>> >> */ >>> >> >>> >> // private String endpoint = "ec2.amazonaws.com"; // must be lowercase >>> >> >>> >> private String endpoint = "localhost:4567"; // must be lowercase >>> >> >>> >> /** >>> >> >>> >> * @uml.property name="awsAccessKeyId" >>> >> >>> >> */ >>> >> >>> >> private String awsAccessKeyId; >>> >> >>> >> /** >>> >> >>> >> * @uml.property name="awsSecretKey" >>> >> >>> >> */ >>> >> >>> >> private String awsSecretKey; >>> >> >>> >> >>> >> /** >>> >> >>> >> * @uml.property name="secretKeySpec" >>> >> >>> >> * @uml.associationEnd multiplicity="(1 1)" >>> >> >>> >> */ >>> >> >>> >> private SecretKeySpec secretKeySpec = null; >>> >> >>> >> /** >>> >> >>> >> * @uml.property name="mac" >>> >> >>> >> * @uml.associationEnd multiplicity="(1 1)" >>> >> >>> >> */ >>> >> >>> >> private Mac mac = null; >>> >> >>> >> public SignedRequests(String awsAccessKeyId, String awsSecretKey) >>> >> >>> >> { >>> >> >>> >> this.setAwsAccessKeyId(awsAccessKeyId); >>> >> >>> >> this.setAwsSecretKey(awsSecretKey); >>> >> >>> >> setDefault(); >>> >> >>> >> } >>> >> >>> >> >>> >> private void setDefault() { >>> >> >>> >> >>> >> try >>> >> >>> >> { >>> >> >>> >> byte[] secretyKeyBytes = awsSecretKey.getBytes(UTF8_CHARSET); >>> >> >>> >> secretKeySpec = >>> >> >>> >> new SecretKeySpec(secretyKeyBytes, HMAC_SHA256_ALGORITHM); >>> >> >>> >> mac = Mac.getInstance(HMAC_SHA256_ALGORITHM); >>> >> >>> >> mac.init(secretKeySpec); >>> >> >>> >> } catch (UnsupportedEncodingException e) { >>> >> >>> >> e.printStackTrace(); >>> >> >>> >> } catch (NoSuchAlgorithmException e) { >>> >> >>> >> e.printStackTrace(); >>> >> >>> >> } catch (InvalidKeyException e) { >>> >> >>> >> e.printStackTrace(); >>> >> >>> >> } >>> >> >>> >> } >>> >> >>> >> >>> >> public String sign(Map<String, String> params) { >>> >> >>> >> params.put("AWSAccessKeyId", awsAccessKeyId); >>> >> >>> >> params.put("Timestamp", timestamp()); >>> >> >>> >> >>> >> SortedMap<String, String> sortedParamMap = >>> >> >>> >> new TreeMap<String, String>(params); >>> >> >>> >> String canonicalQS = canonicalize(sortedParamMap); >>> >> >>> >> String toSign = >>> >> >>> >> requestMethod.toString() + "\n" >>> >> >>> >> + endpoint + "\n" >>> >> >>> >> + REQUEST_URI + "\n" >>> >> >>> >> + canonicalQS; >>> >> >>> >> >>> >> String hmac = hmac(toSign); >>> >> >>> >> String sig = percentEncodeRfc3986(hmac); >>> >> >>> >> // String url = "https://" + endpoint + REQUEST_URI + "?" + >>> >> >>> >> // canonicalQS + "&Signature=" + sig; >>> >> >>> >> String url = "http://" + endpoint + REQUEST_URI + "?" + >>> >> >>> >> canonicalQS + "&Signature=" + sig; >>> >> >>> >> >>> >> return url; >>> >> >>> >> } >>> >> >>> >> >>> >> private String hmac(String stringToSign) { >>> >> >>> >> String signature = null; >>> >> >>> >> byte[] data; >>> >> >>> >> byte[] rawHmac; >>> >> >>> >> try { >>> >> >>> >> data = stringToSign.getBytes(UTF8_CHARSET); >>> >> >>> >> rawHmac = mac.doFinal(data); >>> >> >>> >> Base64 encoder = new Base64(); >>> >> >>> >> signature = new String(encoder.encode(rawHmac)); >>> >> >>> >> } catch (UnsupportedEncodingException e) { >>> >> >>> >> throw new RuntimeException(UTF8_CHARSET + " is unsupported!", e); >>> >> >>> >> } >>> >> >>> >> return signature; >>> >> >>> >> } >>> >> >>> >> >>> >> private String timestamp() { >>> >> >>> >> String timestamp = null; >>> >> >>> >> Calendar cal = Calendar.getInstance(); >>> >> >>> >> DateFormat dfm = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); >>> >> >>> >> dfm.setTimeZone(TimeZone.getTimeZone("GMT")); >>> >> >>> >> timestamp = dfm.format(cal.getTime()); >>> >> >>> >> return timestamp; >>> >> >>> >> } >>> >> >>> >> >>> >> private String canonicalize(SortedMap<String, String> sortedParamMap) >>> >> >>> >> { >>> >> >>> >> if (sortedParamMap.isEmpty()) { >>> >> >>> >> return ""; >>> >> >>> >> } >>> >> >>> >> >>> >> StringBuffer buffer = new StringBuffer(); >>> >> >>> >> Iterator<Map.Entry<String, String>> iter = >>> >> >>> >> sortedParamMap.entrySet().iterator(); >>> >> >>> >> >>> >> while (iter.hasNext()) { >>> >> >>> >> Map.Entry<String, String> kvpair = iter.next(); >>> >> >>> >> buffer.append(percentEncodeRfc3986(kvpair.getKey())); >>> >> >>> >> buffer.append("="); >>> >> >>> >> buffer.append(percentEncodeRfc3986(kvpair.getValue())); >>> >> >>> >> if (iter.hasNext()) { >>> >> >>> >> buffer.append("&"); >>> >> >>> >> } >>> >> >>> >> } >>> >> >>> >> String cannoical = buffer.toString(); >>> >> >>> >> return cannoical; >>> >> >>> >> } >>> >> >>> >> >>> >> private String percentEncodeRfc3986(String s) { >>> >> >>> >> String out; >>> >> >>> >> try { >>> >> >>> >> out = URLEncoder.encode(s, UTF8_CHARSET) >>> >> >>> >> .replace("+", "%20") >>> >> >>> >> .replace("*", "%2A") >>> >> >>> >> .replace("%7E", "~"); >>> >> >>> >> } catch (UnsupportedEncodingException e) { >>> >> >>> >> out = s; >>> >> >>> >> } >>> >> >>> >> return out; >>> >> >>> >> } >>> >> >>> >> >>> >> /** >>> >> >>> >> * @param verb >>> >> >>> >> * @uml.property name="requestMethod" >>> >> >>> >> */ >>> >> >>> >> public void setRequestMethod(HTTPVerb verb ) >>> >> >>> >> { >>> >> >>> >> this.requestMethod = verb; >>> >> >>> >> } >>> >> >>> >> >>> >> /** >>> >> >>> >> * @return >>> >> >>> >> * @uml.property name="requestMethod" >>> >> >>> >> */ >>> >> >>> >> public HTTPVerb getRequestMethod() >>> >> >>> >> { >>> >> >>> >> return requestMethod; >>> >> >>> >> } >>> >> >>> >> >>> >> /** >>> >> >>> >> * @param keyId >>> >> >>> >> * @uml.property name="awsAccessKeyId" >>> >> >>> >> */ >>> >> >>> >> public void setAwsAccessKeyId(String keyId) >>> >> >>> >> { >>> >> >>> >> this.awsAccessKeyId = keyId; >>> >> >>> >> } >>> >> >>> >> >>> >> /** >>> >> >>> >> * @return >>> >> >>> >> * @uml.property name="awsAccessKeyId" >>> >> >>> >> */ >>> >> >>> >> public String getAwsAccessKeyId() >>> >> >>> >> { >>> >> >>> >> return this.awsAccessKeyId; >>> >> >>> >> } >>> >> >>> >> >>> >> /** >>> >> >>> >> * @param secretKey >>> >> >>> >> * @uml.property name="awsSecretKey" >>> >> >>> >> */ >>> >> >>> >> public void setAwsSecretKey (String secretKey) >>> >> >>> >> { >>> >> >>> >> this.awsSecretKey = secretKey; >>> >> >>> >> } >>> >> >>> >> >>> >> /** >>> >> >>> >> * @return >>> >> >>> >> * @uml.property name="awsSecretKey" >>> >> >>> >> */ >>> >> >>> >> public String getAwsSecretKey () >>> >> >>> >> { >>> >> >>> >> return this.awsSecretKey; >>> >> >>> >> } >>> >> >>> >> >>> >> >>> >> } >>> >> >>> >> >>> >> >>> >> >>> >> _______________________________________________ >>> >> Users mailing list >>> >> [email protected] >>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >>> >> >>> >> >>> >> -- >>> >> Olivier Sallou >>> >> IRISA / University of Rennes 1 >>> >> Campus de Beaulieu, 35000 RENNES - FRANCE >>> >> Tel: 02.99.84.71.95 >>> >> >>> >> gpg key id: 4096R/326D8438 (keyring.debian.org) >>> >> Key fingerprint = 5FB4 6F83 D3B9 5204 6335 D26D 78DC 68DB 326D 8438 >>> >> >>> >> >>> >> _______________________________________________ >>> >> Users mailing list >>> >> [email protected] >>> >> http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >>> >> >>> > >>> > >>> > _______________________________________________ >>> > Users mailing list >>> > [email protected] >>> > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org >>> > >>> >>> >>> >>> -- >>> Daniel Molina >>> Project Engineer >>> OpenNebula - The Open Source Solution for Data Center Virtualization >>> www.OpenNebula.org | [email protected] | @OpenNebula >> >> > > > _______________________________________________ > Users mailing list > [email protected] > http://lists.opennebula.org/listinfo.cgi/users-opennebula.org > -- Daniel Molina Project Engineer OpenNebula - The Open Source Solution for Data Center Virtualization www.OpenNebula.org | [email protected] | @OpenNebula _______________________________________________ Users mailing list [email protected] http://lists.opennebula.org/listinfo.cgi/users-opennebula.org
