Closed wandergeek closed 5 years ago
@wandergeek
we have an utility that generates them it is in https://github.com/NBISweden/LocalEGA-deploy-init and there is pending PR to make it easier; it is also part of this installation guide (see Readme)
When deploying a dev environment for the first time you need to create the secrets using the deploy.py script from LocalEGA-deploy-k8s.
Maybe this helps:
cega_creds
- are the User credentials used in Inbox: https://github.com/EGA-archive/EGA-auth/blob/master/auth.conf.sample#L8 for CEGA User REST Authentication see:cega_mq_pass
- CEGA MQ password to connect to that brokermq_password
- LocalEGA MQ passwordMaybe for the rest @jbygdell can help a bit more with what they are
Hey @blankdots thanks for that.
How does this script differ from the other configuration generation script in https://github.com/NBISweden/LocalEGA-deploy-k8s? Maybe its worth deprecating one of them?
Can you comment on the hashes in cega/conf/cega.json
and dummy.yml
?
@wandergeek https://github.com/NBISweden/LocalEGA-deploy-k8s has been renamed to https://github.com/NBISweden/LocalEGA-deploy-init ... PR will follow :D
The password hash in dummy.yml
I think we are not using it and the same might go for the cega/conf/cega.json
one.
This is sorta related, I guess, but another thing I'm after is the private key that corresponds to that dummy user. I tried to replace it with my own key, but had an issue with paramiko: paramiko.ssh_exception.SSHException: not a valid RSA private key file
.
For your reference this is what my user config looks like:
---
username: dummy
password_hash: $1$b0YnuEsc$8METjSpQmprwFwpxL0x7f0
pubkey: ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQDHubGbeMJHs6iymY/KLWNc+fSWSIbr0P/VousmAcRtjbFHJxDX27bKvXl3bx+t8wx3ho8i7969nqBu8dxRGv4yODCfg9m1Uc9KVq1XAWEgeleHS5V5Mp+yknMXa7uCPNZB9VSqU2knUXK06s9U9fcmJU1BH7VVETxBSu/EyVVq5Hyu+yXTon4Nqrubu22ZMQFE6CJd9ETgXokRD7QMD3bCt31AhSpMgV22ktV+R7UUP8nA2zWr4QRPnwe1j7k7MXhw3tDJKFfOoVRWIN9U/FummX7udYUQ0KU1kGCd5f771bkDvYJt3FM+JyMuP4R6eQXXgLBGGN1vRVu6A+eAm5Pl nrclark@5690L-150616-M.local
uid: 1
gecos: dummy user
and my private key:
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABFwAAAAdzc2gtcn
NhAAAAAwEAAQAAAQEAx7mxm3jCR7OospmPyi1jXPn0lkiG69D/1aLrJgHEbY2xRycQ19u2
yr15d28frfMMd4aPIu/evZ6gbvHcURr+Mjgwn4PZtVHPSlatVwFhIHpXh0uVeTKfspJzF2
u7gjzWQfVUqlNpJ1FytOrPVPX3JiVNQR+1VRE8QUrvxMlVauR8rvsl06J+Daq7m7ttmTEB
ROgiXfRE4F6JEQ+0DA92wrd9QIUqTIFdtpLVfke1FD/JwNs1q+EET58HtY+5OzF4cN7QyS
hXzqFUViDfVPxbppl+7nWFENClNZBgneX++9W5A72CbdxTPicjLj+EenkF14CwRhjdb0Vb
ugPngJuT5QAAA9gXpIOEF6SDhAAAAAdzc2gtcnNhAAABAQDHubGbeMJHs6iymY/KLWNc+f
SWSIbr0P/VousmAcRtjbFHJxDX27bKvXl3bx+t8wx3ho8i7969nqBu8dxRGv4yODCfg9m1
Uc9KVq1XAWEgeleHS5V5Mp+yknMXa7uCPNZB9VSqU2knUXK06s9U9fcmJU1BH7VVETxBSu
/EyVVq5Hyu+yXTon4Nqrubu22ZMQFE6CJd9ETgXokRD7QMD3bCt31AhSpMgV22ktV+R7UU
P8nA2zWr4QRPnwe1j7k7MXhw3tDJKFfOoVRWIN9U/FummX7udYUQ0KU1kGCd5f771bkDvY
Jt3FM+JyMuP4R6eQXXgLBGGN1vRVu6A+eAm5PlAAAAAwEAAQAAAQAs8qh64cFvW4pir1aB
3JcZDJOz4pyio4V/8ctT4V/we8vixHLw8VyA4gVdEKAjiKhMmfbKmQsax4E5lqrLgfSlHq
oqrASp3sB07W7TPtc59O6P3z3DadYw3O6T3cX0OHbLn0evkVf/5j+XYaTJbRVy+0AYoOcx
PtC9rPyq39ieVmnC401rEt7UKs0ZiX4Ki71MevOOD+szYISe48+SofjymxXP/lpHwfq7lN
V2k0ed2E44CtWzCAAMSW4/CIL6uQWR2oBS1LUi0y+lGt42FmqvZKlOrUC38wRJZn+7BLwU
C9eN9Wn0uSm0tp6aEucsI3Rg1arlQt/gDSVsFNZBb+ihAAAAgFZVjhCLGwVwj7kH/SqJae
bZDAlOHheoWGbUS+05OucCZ4B1g8S9n0p92z2L9URtCA//4L/bXqmhMHBWer9/wynOSXIv
fd7kxoZH1h2PpAPKDVES4ilL2VODiHVBBf6DKvvoVP2s6a525gTX7O7Roq+xAOpdvuUb37
88n2A7XC1fAAAAgQDltkMVMyfU0daxy2Mv0lqQjTJ/qc9fh1wwPKcTmuCUCGazWmXwGCLf
THzKAXzpigs3dzX65ljfIHeOKE8YkHbKYyunOuYOVfrHhYo4u8aIGtCvxVHul16NUsdbAB
yJ8p5m99CMS5KGFI6zaz5ggNiVMw+Lc1qSaYuyEpTSw051bQAAAIEA3pTuj5reJ1mM0Uaf
hFUrdUdaRGKKRjH6WGxlvMdRJ+c3xRKAUXqBMxMm4Wgf0wBSY8yfCZ5croI3jju/Z1mD6c
OeVKo88QuA5PL7Os/FJd/E+n7bJlOcnTdIitctx5KmrFvs0vdPXZfXl/dTzuPMRmzCcwA5
EyshIzgiuKNMJVkAAAAcbnJjbGFya0A1NjkwTC0xNTA2MTYtTS5sb2NhbAECAwQFBgc=
-----END OPENSSH PRIVATE KEY-----
And this is how I'm running it, via your testing script: python3 test.py conf/test_file config.yaml
I have confirmed both keys match.
@wandergeek I think paramiko
might be the actual issue here: https://github.com/paramiko/paramiko/issues/1382
This might help when generating keys:
ssh-keygen -m PEM -t rsa -b 4096 -C "your_email@example.com"
Look for this header:
-----BEGIN RSA PRIVATE KEY-----
That fixed it. Thanks for that.
In other news, I'm trying to debug the auth pam module, but am unable to get any logging messages out of it. I've recompiled it with make debug3
and set SYSLOG = true
in the makefile.
Can you please assist?
Also can you please please tell me what the password hash for the dummy user corresponds to? I have no idea how to generate my own and I am trying to get inbox working.
Also can you please please tell me what the password hash for the dummy user corresponds to? I have no idea how to generate my own and I am trying to get inbox working.
The dummy password should be dummy
, but it should not be needed as the sftp inbox works with key based auth.
I'm trying to debug the auth pam module, but am unable to get any logging messages out of it. I've recompiled it with make debug3 and set SYSLOG = true in the makefie
Recompiling with debug3
is usually enough.
Make sure that you are using the nbisweden/ega-inbox:m4
image.
One thing you can test from you inbox container is to do the user lookup manually:
curl -u $CEGA_ENDPOINT_CREDS http://<YOUR FAKE CEGA USERS ENDPOINT>/lega/v1/legas/users/dummy?idType=username
Ah ha, ok, using the m4 image worked. The values.yml
defaults to latest. I'll fix it up. Heads up key auth doesn't want to work in latest-- I provide the key, but it still asks for a password for some reason.
Thanks for your help.
@wandergeek We are in the process of addressing issues and tags, for now the stable tags are as @jbygdell pointed out m4
and for the cscfi/
images m4-alpine
, these will change in the following weeks, also may I close this issue and/or PR ?
I'll give it another whirl with your changes, will reopen if necessary.
Description
I'm trying to get local versions of CEGA and LEGA chatting with one another and having a hard time wrangling the config. What variables in values.yml (for fakecega and lega) need to be changed?
As of now, my values.yml looks like so:
I have a helm installation of fakecega running as
cega
and am able to resolve these names.A few other issues I've run into:
cega/conf/cega.json
what values do these correspond to? Do these have anything to do with what's in values.yml?cega_creds
cega_mq_pass
mq_password
refer to since they are undocumented in the readme.dummy.yml
correspond to?Proposed solution
cega_creds
cega_mq_pass
mq_password
Definition of Done
Great work on this by the way! I'm looking forward to getting these components singing! 🚀