<html><head><meta http-equiv="Content-Type" content="text/html charset=windows-1252"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div><div><br></div><div> add local sends back an error</div><div><br></div><div><div>root@kev:/home/kev# lxc remote add local 192.168.0.50:8443</div><div><br></div><div>error: remote local exists as <<a href="unix:///var/lib/lxd/unix.socket">unix:///var/lib/lxd/unix.socket</a>></div></div></div><div><br></div><div><br></div><div><br></div><div><br></div><div>running just wget ( I've not used wget before ) so I am not sure how or if it's possible to send in the host name now or ??</div><div><br></div><div><br></div><div><div><br></div></div><div><br></div><div>root@kev:~/.config/lxc# wget --no-check-certificate <a href="https://192.168.0.50:8443/1.0/">https://192.168.0.50:8443/1.0/</a> --certificate=client.crt --private-key=client.key -O - -v</div><div><br></div><div>--2015-05-23 13:12:13-- <a href="https://192.168.0.50:8443/1.0/">https://192.168.0.50:8443/1.0/</a></div><div><br></div><div>Connecting to 192.168.0.50:8443... connected.</div><div>WARNING: cannot verify 192.168.0.50's certificate, issued by ‘O=<a href="http://linuxcontainer.org">linuxcontainer.org</a>’:</div><div> Unable to locally verify the issuer's authority.</div><div> WARNING: certificate common name ‘’ doesn't match requested host name ‘192.168.0.50’.</div><div>HTTP request sent, awaiting response... 404 Not Found</div><div>2015-05-23 13:12:13 ERROR 404: Not Found.</div><div><br></div><div><br></div><div><br></div><div><div>Sounds like LXD server is working for you….. but still no idea why it's not for me yet.</div><div></div></div><div><br></div><div><br></div><div>-Kevin</div><div><br></div><div><br></div><div><br></div><div><br></div><div><div>On May 23, 2015, at 12:26 PM, Janjaap Bos <<a href="mailto:janjaapbos@gmail.com">janjaapbos@gmail.com</a>> wrote:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div dir="ltr"><div>Remove the /finger from the url given in the example, as that is no longer a published service.<br></div><div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px"><span style="font-size:small">This is from OSX, using wget. </span><br></div><div style="font-size:12.8000001907349px"><span style="font-size:small"><br></span></div><div style="font-size:12.8000001907349px"><div>wget --no-check-certificate <a href="https://myhost:8443/1.0" target="_blank">https://myhost:8443/1.0</a> --certificate=client.crt --private-key=client.key -O - -q</div><div><br></div><div>{"type":"sync","status":"Success","status_code":200,"metadata":{"api_compat":1,"auth":"trusted","config":{"trust-password":true},"environment":{"backing_fs":"ext4","driver":"lxc","kernel_version":"3.16.0-37-generic","lxc_version":"1.1.0","lxd_version":"0.9"}}}</div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">2015-05-23 21:16 GMT+02:00 Janjaap Bos <span dir="ltr"><<a href="mailto:janjaapbos@gmail.com" target="_blank">janjaapbos@gmail.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="ltr"><div>Before trying at OSX, make sure it works on your LXD host.</div><div><br></div>Follow the steps for hacking on:<div><br></div><div><a href="https://github.com/lxc/lxd" target="_blank">https://github.com/lxc/lxd</a><br></div><div><br></div><div>It works for me.</div><div><h2 style="margin-top:1em;margin-bottom:16px;line-height:1.225;font-size:1.75em;padding-bottom:0.3em;border-bottom-width:1px;border-bottom-style:solid;border-bottom-color:rgb(238,238,238);color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif">Hacking</h2><p style="margin-top:0px;margin-bottom:16px;color:rgb(51,51,51);font-family:'Helvetica Neue',Helvetica,'Segoe UI',Arial,freesans,sans-serif;font-size:16px;line-height:25.6000003814697px">Sometimes it is useful to view the raw response that LXD sends; you can do this by:</p><pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;margin-top:0px;margin-bottom:16px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;padding:0px;margin:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent">lxc config set password foo
lxc remote add local <a href="http://127.0.0.1:8443/" target="_blank">127.0.0.1:8443</a>
wget --no-check-certificate <a href="https://127.0.0.1:8443/1.0/finger" target="_blank">https://127.0.0.1:8443/1.0/finger</a> --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -O - -q</code></pre><pre style="overflow:auto;font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;margin-top:0px;margin-bottom:16px;font-stretch:normal;line-height:1.45;padding:16px;border-radius:3px;word-wrap:normal;color:rgb(51,51,51);background-color:rgb(247,247,247)"><code style="font-family:Consolas,'Liberation Mono',Menlo,Courier,monospace;font-size:13.6000003814697px;padding:0px;margin:0px;border-radius:3px;word-break:normal;border:0px;display:inline;max-width:initial;overflow:initial;line-height:inherit;word-wrap:normal;background:transparent"><br></code></pre></div></div><div class="HOEnZb"><div class="h5"><div class="gmail_extra"><br><div class="gmail_quote">2015-05-23 21:13 GMT+02:00 Kevin LaTona <span dir="ltr"><<a href="mailto:lists@studiosola.com" target="_blank">lists@studiosola.com</a>></span>:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
<br>
I noticed I did not run the lxc config trust add client.crt call as suggested earlier.<br>
<br>
So I<br>
<br>
cd<br>
/root/.config/lxc<br>
<span><br>
lxc config trust add client.crt<br>
<br>
<br>
</span>then<br>
<br>
lxc config trust list<br>
<br>
and got to finger prints back<br>
<br>
<br>
<br>
Next ran<br>
<span><br>
<br>
curl -v -k <a href="https://192.168.0.50:8443/1.0/images" target="_blank">https://192.168.0.50:8443/1.0/images</a><br>
<br>
* Hostname was NOT found in DNS cache<br>
* Trying 192.168.0.50...<br>
* Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0)<br>
* successfully set certificate verify locations:<br>
* CAfile: none<br>
CApath: /etc/ssl/certs<br>
* SSLv3, TLS handshake, Client hello (1):<br>
* SSLv3, TLS handshake, Server hello (2):<br>
* SSLv3, TLS handshake, CERT (11):<br>
* SSLv3, TLS handshake, Server key exchange (12):<br>
* SSLv3, TLS handshake, Request CERT (13):<br>
* SSLv3, TLS handshake, Server finished (14):<br>
* SSLv3, TLS handshake, CERT (11):<br>
* SSLv3, TLS handshake, Client key exchange (16):<br>
* SSLv3, TLS change cipher, Client hello (1):<br>
* SSLv3, TLS handshake, Finished (20):<br>
* SSLv3, TLS alert, Server hello (2):<br>
* error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate<br>
* Closing connection 0<br>
curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate<br>
<br>
<br>
root@c5:~#<br>
<br>
<br>
<br>
<br>
</span>Unless I am missing another config step here.<br>
<br>
Sure looks like the LDX image server is sending out bad certs into the wild.<br>
<div><br>
<br>
-Kevin<br>
_______________________________________________<br>
lxc-users mailing list<br>
<a href="mailto:lxc-users@lists.linuxcontainers.org" target="_blank">lxc-users@lists.linuxcontainers.org</a><br>
<a href="http://lists.linuxcontainers.org/listinfo/lxc-users" target="_blank">http://lists.linuxcontainers.org/listinfo/lxc-users</a></div></blockquote></div><br></div>
</div></div></blockquote></div><br></div>
_______________________________________________<br>lxc-users mailing list<br><a href="mailto:lxc-users@lists.linuxcontainers.org">lxc-users@lists.linuxcontainers.org</a><br>http://lists.linuxcontainers.org/listinfo/lxc-users</blockquote></div><br></body></html>