The problem here is that REST API POST request creating ssh-keypair to
access nova servers doesn't write to disk rsa private key and only upload
public one to nova. Closing Chrome Client results loosing rsa private key.
To prevent failure to write to disk private key , save response-export.json as shown bellow. Working via CLI ( invoking curl ) allows to upload rsa public key to Nova and create rsa private key as file :-
To start ( keystone api v3 environment ) obtain project's scoped token via
request
[root@ip-192-169-142-127 ~(keystone_admin)]# curl -i -H "Content-Type: application/json" -d \
' { "auth":
{ "identity":
{ "methods": ["password"], "password":
{ "user":
{ "name": "admin", "domain":
{ "id": "default" }, "password": "7049f834927e4468" }
}
},
"scope":
{ "project":
{ "name": "demo", "domain":
{ "id": "default" }
}
}
}
}' http://192.169.142.127:5000/v3/auth/tokens ; echo
HTTP/1.1 201 Created
Date: Mon, 02 May 2016 10:41:25 GMT
Server: Apache/2.4.6 (CentOS)
X-Subject-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <= token value
Vary: X-Auth-Token
x-openstack-request-id: req-bed4f407-8cbd-4d43-acd5-7450d028bc45
Content-Length: 5791
Connection: close
Content-Type: application/json
*******************************************************************************
The run script extracting from response-export.json the rsa private key
*******************************************************************************
#!/bin/bash -x
echo "Generating privare key for server access"
echo "-----BEGIN RSA PRIVATE KEY-----" > $1.pem
sed 's/\\n/\
/g' < response-export.json | grep -v "keypair" | grep -v "user_id" >>$1.pem
chmod 600 $1.pem
like :-
# ./filter.sh oskeymitakaV3
***********************************
Shell command [ 1 ] :-
***********************************
sed 's/\\n/\
/g' < response-export.json
will replace '\n' by Carriage Return in response-export.json.
Now login to dashboard and verify that rsa public key gets uploaded
Relaunch Chrome Advanced Rest Client and launch server with
"key_name" : "oskeymitakaV3"
******************************************************************************
Login to server using rsa private key oskeymitakaV3.pem
******************************************************************************
[boris@fedora23wks json]$ ssh -i oskeymitakaV3.pem ubuntu@192.169.142.169
The authenticity of host '192.169.142.169 (192.169.142.169)' can't be established.
ECDSA key fingerprint is SHA256:khfhZEHHwz7T18oIlKMCKWKY9b6ctsS8XMW5ZpVlRa8.
ECDSA key fingerprint is MD5:25:98:50:9f:b3:37:f3:a1:ed:95:5d:44:f4:03:13:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.169.142.169' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-21-generic x86_64)
* Documentation: https://help.ubuntu.com/
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo
See "man sudo_root" for details.
ubuntu@ubuntuxenialdevs:~$
access nova servers doesn't write to disk rsa private key and only upload
public one to nova. Closing Chrome Client results loosing rsa private key.
To prevent failure to write to disk private key , save response-export.json as shown bellow. Working via CLI ( invoking curl ) allows to upload rsa public key to Nova and create rsa private key as file :-
#!/bin/bash -x curl -g -i -X POST http://192.169.142.127:8774/v2/052b16e56537467d8161266b52a43b54/os-keypairs \ -H "User-Agent: python-novaclient" \ -H "Content-Type: application/json" -H "Accept: application/json" \ -H "X-Auth-Token: 2ae281359a8f4b249d5e8cf36c4233c0" -d \ '{"keypair": {"name": "oskey1"}}' | tail -1 >output.json echo "Generating rsa privare key for server access as file"; echo "-----BEGIN RSA PRIVATE KEY-----" > oskey1.pem ; sed 's/\\n/\ /g' < output.json | grep -v "keypair" | grep -v "user_id" >>oskey1.pem ; chmod 600 oskey1.pem
To start ( keystone api v3 environment ) obtain project's scoped token via
request
[root@ip-192-169-142-127 ~(keystone_admin)]# curl -i -H "Content-Type: application/json" -d \
' { "auth":
{ "identity":
{ "methods": ["password"], "password":
{ "user":
{ "name": "admin", "domain":
{ "id": "default" }, "password": "7049f834927e4468" }
}
},
"scope":
{ "project":
{ "name": "demo", "domain":
{ "id": "default" }
}
}
}
}' http://192.169.142.127:5000/v3/auth/tokens ; echo
HTTP/1.1 201 Created
Date: Mon, 02 May 2016 10:41:25 GMT
Server: Apache/2.4.6 (CentOS)
X-Subject-Token: xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx <= token value
Vary: X-Auth-Token
x-openstack-request-id: req-bed4f407-8cbd-4d43-acd5-7450d028bc45
Content-Length: 5791
Connection: close
Content-Type: application/json
*******************************************************************************
The run script extracting from response-export.json the rsa private key
*******************************************************************************
#!/bin/bash -x
echo "Generating privare key for server access"
echo "-----BEGIN RSA PRIVATE KEY-----" > $1.pem
sed 's/\\n/\
/g' < response-export.json | grep -v "keypair" | grep -v "user_id" >>$1.pem
chmod 600 $1.pem
like :-
# ./filter.sh oskeymitakaV3
***********************************
Shell command [ 1 ] :-
***********************************
sed 's/\\n/\
/g' < response-export.json
will replace '\n' by Carriage Return in response-export.json.
Now login to dashboard and verify that rsa public key gets uploaded
Relaunch Chrome Advanced Rest Client and launch server with
"key_name" : "oskeymitakaV3"
******************************************************************************
Login to server using rsa private key oskeymitakaV3.pem
******************************************************************************
[boris@fedora23wks json]$ ssh -i oskeymitakaV3.pem ubuntu@192.169.142.169
The authenticity of host '192.169.142.169 (192.169.142.169)' can't be established.
ECDSA key fingerprint is SHA256:khfhZEHHwz7T18oIlKMCKWKY9b6ctsS8XMW5ZpVlRa8.
ECDSA key fingerprint is MD5:25:98:50:9f:b3:37:f3:a1:ed:95:5d:44:f4:03:13:14.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '192.169.142.169' (ECDSA) to the list of known hosts.
Welcome to Ubuntu 16.04 LTS (GNU/Linux 4.4.0-21-generic x86_64)
* Documentation: https://help.ubuntu.com/
Get cloud support with Ubuntu Advantage Cloud Guest:
http://www.ubuntu.com/business/services/cloud
0 packages can be updated.
0 updates are security updates.
The programs included with the Ubuntu system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Ubuntu comes with ABSOLUTELY NO WARRANTY, to the extent permitted by
applicable law.
To run a command as administrator (user "root"), use "sudo
See "man sudo_root" for details.
ubuntu@ubuntuxenialdevs:~$
