New Question
0

Unable to Import Key Pair

asked 2017-06-14 15:38:15 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

I try to follow instruction on "Windows authentication without passwords in OpenStack" but it seems like it is missing instruction for Import Key Pair via OpenStack Horizon.

After I run script create-winrm-client-cert.sh I have got 2 files

winrm_client_cert.pem 
winrm_client_cert.pfx

I need to export Public key from winrm_client_cert.pem by this OpenSSL command 

openssl x509 -pubkey -noout -in winrm_client_cert.pem -out pubkey.pem

Then I try to import this public key to my project:

-----BEGIN CERTIFICATE-----
MIIDIjCCAgqgAwIBAgIJAPb3vERlPtSwMA0GCSqGSI......
............+0rcoyVMWNI50SrXPWpX6uaIuyWsN1Vc
-----END PUBLIC KEY-----

but I encountered with “Unable to import key pair” when trying to import the Key Pair via the  OpenStack Horizon same as this link https://schwulet.wordpress.com/2016/0...

Please can you let me know what did I missing?

edit retag flag offensive close merge delete
add a comment

3 answers

Sort by » oldest newest most voted
1

answered 2017-06-14 17:20:20 +0300

Claudiu Belu gravatar image

Hello,

The article you mentioned is passing the x509 certificate to the instance through instance user_data, not as a keypair:

nova boot --flavor 2 --image your_windows_image --key-name key1 vm1 --user_data=your_cert.pem

That being said, since then, support for x509 has been added to nova-api (but not horizon). See the help for the nova keypair-add command:

usage: nova keypair-add [--pub-key <pub-key>] [--key-type <key-type>]
                        [--user <user-id>]
                        <name>

Create a new key pair for use with servers.

Positional arguments:
  <name>                 Name of key.

Optional arguments:
  --pub-key <pub-key>    Path to a public ssh key.
  --key-type <key-type>  Keypair type. Can be ssh or x509. (Supported by API
                         versions '2.2' - '2.latest')
  --user <user-id>       ID of user to whom to add key-pair (Admin only).
                         (Supported by API versions '2.10' - '2.latest')

This has been introduced in nova-api v2.1 (microversion 2.2), so make sure you have that registered as an endpoint:

openstack endpoint list
# you should see something like this:
# | 34291deac24a4a9195c340b70f03830f | RegionOne | nova         | compute        | True    | admin     | http://10.14.0.149:8774/v2.1              |

If not, you'll have to register a new endpoint for the /v2.1 URL, and then run a command like this:

nova --service-type endpoint_name keypair-add ...

By default, the microversion 2.latest is used, but if not, you will probably want to be explicit:

nova --service-type endpoint_name --os-compute-api-version 2.2 keypair-add ...

Best regards,

Claudiu Belu

edit flag offensive delete link more
add a comment
0

answered 2017-06-14 20:39:43 +0300

this post is marked as community wiki

This post is a wiki. Anyone with karma >75 is welcome to improve it.

What about the existing Keypair I created via OpenStack Horizon and downloaded .pem with Private kay, Is there any solution to export Private Key from .pem and import into my local Windows computer certificates?

edit flag offensive delete link more

Comments

Hello, after all I know, there is no such transformation possible between the keys, and if it exists, it is not implemented in OpenStack or cloudbase-init. I suggest to you using either userdata scripts, either the x509 key type feature in Nova. Thank you, Adrian Vladu.

avladu gravatar imageavladu ( 2017-06-15 15:51:38 +0300 )edit
add a comment
0

answered 2017-06-14 23:24:55 +0300

avladu gravatar image

Hello,

You can install OpenSSH server on the Windows image from https://www.mls-software.com/opensshd... or from https://github.com/PowerShell/Win32-O.... Then, you can use any ssh client to connect with your private key associated to the ssh public key from Nova to your Windows machine and issue batch/PowerShell commands.

Thank you,
Adrian Vladu

edit flag offensive delete link more
add a comment

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

1 follower

subscribe to rss feed

Stats

Asked: 2017-06-14 15:38:15 +0300

Seen: 1,577 times

Last updated: Jun 15 '17

© 2014-2023 Cloudbase Solutions Content on this site is licensed under a Creative Commons Attribution Share Alike 3.0 license.
about | faq | help | privacy policy | terms of service
Powered by Askbot version 0.10.2