Blog
  • Welcome to egonzalez blog
  • Software Supply Chain Security
    • Software Supply Chain Security: Why It Matters
    • Software Supply Chain Security: A Technical Deep Dive
    • SLSA and the Software Supply Chain Security: Time to Get Serious
  • Provenance
    • Understanding Provenance in Software Supply Chain Security
  • Building a secure development framework
  • Hacking
    • Index
      • Hack the box writeups
        • Dyplesher HTB writeup
        • Fatty HTB writeup
        • Oouch HTB writeup
        • Sauna HTB writeup
      • Python Vulnerabilities
        • Data Deserialization
          • Pickle
          • XML
          • YAML
      • Hacking cheatsheet
  • DevSecOps
    • Index
      • Gitlab CI minikube development environment
      • Gerrit review minikube
      • Gerrit and gitlab replication and CI job hooks on k8s
      • Vault integration with Gitlab CI
      • Gitlab CI template for DefectDojo
      • Falco real time runtime thread detection on k8s
      • Zarf - Airgap deployment in kubernetes
      • OWASP Dependency-track
      • OpenDaylight in a Docker
      • To conditional or to skip, that's the Ansible question
      • Spacewalk Red Hat Satellite v5 in a Docker container PoC
      • Ansible INI file module
  • OpenStack
    • Index
      • OpenStack tacker and service function chaining sfc with kolla
      • Deploy OpenStack designate with kolla-ansible
      • OpenStack keystone zero downtime upgrade process newton to ocata
      • Midonet integration with OpenStack Mitaka
      • OpenStack kolla deployment
      • Magnum in RDO OpenStack Liberty
      • Nova VNC flows under the hood
      • Ceph Ansible baremetal deployment
      • Rally OpenStack benchmarking with Docker
      • OpenStack affinity/anti-affinity groups
      • Migrate keystone v2.0 to keystone v3 OpenStack
      • Neutron DVR OpenStack Liberty
      • OpenStack segregation with availability zones and host aggregates
      • Nova Docker driver
      • Murano in RDO OpenStack manual installation
      • Ceph RadosGW admin Ops
      • Multiple store locations for glance images
      • List all tenants belonging an user
      • Load balancer as a service OpenStack LbaaS
      • OpenStack nova API start error
      • Delete OpenStack neutron networks
Powered by GitBook
On this page

Was this helpful?

  1. OpenStack
  2. Index

Ceph RadosGW admin Ops

How to use it

Using RadosGW admin ops for the first time, can be a real headache , for this purpose i have made this post, where you will understand how to use this API.

Let's start:

For issue a request through admin ops, you need to have a signature, this signature is make it signing a header. The header must to be composed by the current date, the request type(GET/PUT/POST/DELETE) and the request itself. This header must be signed by SSL including the admin ops secret on this signature.

Now , you can make a request.

Sometimes, the time is not the same as the radosgw node expect, you can hack on it changing the date=$(date) value with:

If your host has two hours more than the radosgw node, substract this two hours under $(( 10#$i-2)) variable, where 2 is the two hours to substract.

date=$(for i in $(date "+%H") ; do date "+%a, %d %b %Y $(( 10#$i-2 )):%M:%S +0000" ; done)

Examples:

Create a user named egonzalez

#!/bin/bash
token=U2JCD4ZG4D1XJOI5XNF4 ## USER_TOKEN
secret=+IFgr7POzLWS0i3hQnC+dd3DOAZObHoY5NYm6m3b ## USER_SECRET
query=$1
name=$2
query3="&uid="
query2=admin/user
query4="&quota-type=user"
date=$(date)
header="PUT\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X PUT "http://10.0.2.10/${query2}?format=json${query3}${query}&display-name=${name}" -H "Host: 10.0.2.10"
##Change IPs with your own IPs

See quotas

   #!/bin/bash
   token=U2JCD4ZG4D1XJOI5XNF4 ## USER_TOKEN
   secret=+IFgr7POzLWS0i3hQnC+dd3DOAZObHoY5NYm6m3b ## USER_SECRET
   query=$1
   query3="&uid="
   query2=admin/user
   query4="&quota-type=user"
   date=$(date)
   header="GET\n\n\n${date}\n/${query2}"
   sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
   curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X GET "http://10.0.2.10/${query2}?quota${query3}${query}&quota-type=user" -H "Host: 10.0.2.10"
   ##Change IPs with your own IPs

See egonzalez user information

#!/bin/bash
token=U2JCD4ZG4D1XJOI5XNF4 ## USER_TOKEN
secret=+IFgr7POzLWS0i3hQnC+dd3DOAZObHoY5NYm6m3b ## USER_SECRET
query=$1
query3="&uid="
query2=admin/user
date=$(date)
header="GET\n\n\n${date}\n/${query2}"
sig=$(echo -en ${header} | openssl sha1 -hmac ${secret} -binary | base64)
curl -v -H "Date: ${date}" -H "Authorization: AWS ${token}:${sig}" -L -X GET "http://10.0.2.10/${query2}?format=json${query3}${query}" -H "Host: 10.0.2.10"
##Change IPs with your own IPs

When you really understand how admin ops works, is not as difficult to use it, just search at the official documentation and modify the desired values.

I hope this helps:

Regards, Eduardo.

PreviousMurano in RDO OpenStack manual installationNextMultiple store locations for glance images

Last updated 5 years ago

Was this helpful?