Monday, May 02, 2016

Creating functional ssh keypair on RDO Mitaka via Chrome Advanced REST Client

The problem here is that REST API POST request creating ssh-keypair to
access nova servers  doesn't write to disk rsa private key  and only upload
public one to nova. Closing Chrome Client results loosing rsa private key.
To prevent failure to write to disk private key , save response-export.json as shown bellow. Working via CLI ( invoking curl ) allows to upload rsa public key to Nova and create rsa private key as file :-

#!/bin/bash -x
curl -g -i -X POST http://192.169.142.127:8774/v2/052b16e56537467d8161266b52a43b54/os-keypairs \
-H "User-Agent: python-novaclient" \
-H "Content-Type: application/json" -H "Accept: application/json" \
-H "X-Auth-Token: 2ae281359a8f4b249d5e8cf36c4233c0" -d  \
'{"keypair": {"name": "oskey1"}}' | tail -1 >output.json
echo "Generating rsa privare key for server access as file";
echo "-----BEGIN RSA PRIVATE KEY-----" >  oskey1.pem ;
sed 's/\\n/\
/g' <  output.json | grep -v "keypair" | grep -v "user_id" >>oskey1.pem ;
chmod 600 oskey1.pem 


To start ( keystone api v3 environment ) obtain project's scoped token via
request

[root@ip-192-169-142-127 ~(keystone_admin)]# curl -i  -H "Content-Type: application/json" -d \
' { "auth":
   { "identity":
    { "methods": ["password"], "password":
     { "user":
      { "name": "admin", "domain":
        { "id": "default" }, "password": "7049f834927e4468" }
      }
     },
  "scope":
{ "project":
  { "name": "demo", "domain":
    { "id": "default" }
     }
      }
    }
}'  http://192.169.142.127:5000/v3/auth/tokens ; echo

HTTP/1.1 201 Created
Date: Mon, 02 May 2016 10:41:25 GMT
Server: Apache/2.4.6 (CentOS)
X-Subject-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx  <= token value
Vary: X-Auth-Token
x-openstack-request-id: req-bed4f407-8cbd-4d43-acd5-7450d028bc45
Content-Length: 5791
Connection: close
Content-Type: application/json




  

*******************************************************************************
The run script extracting from response-export.json the rsa private key
*******************************************************************************
#!/bin/bash -x
echo "Generating privare key for server access"
echo "-----BEGIN RSA PRIVATE KEY-----" > $1.pem
sed 's/\\n/\
/g' <  response-export.json | grep -v "keypair" | grep -v "user_id" >>$1.pem
chmod 600 $1.pem

like :-

# ./filter.sh oskeymitakaV3

***********************************
Shell command [ 1 ]  :-
***********************************
sed 's/\\n/\
/g' <  response-export.json


will replace '\n' by Carriage Return in  response-export.json.
Now login to dashboard and verify that rsa public key gets uploaded


Relaunch Chrome Advanced Rest Client and launch server with
"key_name" : "oskeymitakaV3"



******************************************************************************
Login to server using rsa private key  oskeymitakaV3.pem
******************************************************************************
[boris@fedora23wks json]$ ssh -i oskeymitakaV3.pem ubuntu@192.169.142.169
The authenticity of host '192.169.142.169 (192.169.142.169)' can't be established.
ECDSA key fingerprint is SHA256:khfhZEHHwz7T18oIlKMCKWKY9b6ctsS8XMW5ZpVlRa8.
ECDSA key fingerprint is MD5:25:98:50:9f:b3:37:f3:a1:ed:95:5d:44:f4:03:13:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.169.142.169' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-21-generic x86_64)

 * Documentation:  https://help.ubuntu.com/

  Get cloud support with Ubuntu Advantage Cloud Guest:
    http://www.ubuntu.com/business/services/cloud

0 packages can be updated.
0 updates are security updates.



The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.

To run a command as administrator (user "root"), use "sudo ".
See "man sudo_root" for details.

ubuntu@ubuntuxenialdevs:~$