[lxc-users] What is the best way to report bug issues with LXD rest server?
Kevin LaTona
lists at studiosola.com
Sat May 23 20:17:55 UTC 2015
add local sends back an error
root at kev:/home/kev# lxc remote add local 192.168.0.50:8443
error: remote local exists as <unix:///var/lib/lxd/unix.socket>
running just wget ( I've not used wget before ) so I am not sure how or if it's possible to send in the host name now or ??
root at kev:~/.config/lxc# wget --no-check-certificate https://192.168.0.50:8443/1.0/ --certificate=client.crt --private-key=client.key -O - -v
--2015-05-23 13:12:13-- https://192.168.0.50:8443/1.0/
Connecting to 192.168.0.50:8443... connected.
WARNING: cannot verify 192.168.0.50's certificate, issued by ‘O=linuxcontainer.org’:
Unable to locally verify the issuer's authority.
WARNING: certificate common name ‘’ doesn't match requested host name ‘192.168.0.50’.
HTTP request sent, awaiting response... 404 Not Found
2015-05-23 13:12:13 ERROR 404: Not Found.
Sounds like LXD server is working for you….. but still no idea why it's not for me yet.
-Kevin
On May 23, 2015, at 12:26 PM, Janjaap Bos <janjaapbos at gmail.com> wrote:
> Remove the /finger from the url given in the example, as that is no longer a published service.
>
> This is from OSX, using wget.
>
> wget --no-check-certificate https://myhost:8443/1.0 --certificate=client.crt --private-key=client.key -O - -q
>
> {"type":"sync","status":"Success","status_code":200,"metadata":{"api_compat":1,"auth":"trusted","config":{"trust-password":true},"environment":{"backing_fs":"ext4","driver":"lxc","kernel_version":"3.16.0-37-generic","lxc_version":"1.1.0","lxd_version":"0.9"}}}
>
>
> 2015-05-23 21:16 GMT+02:00 Janjaap Bos <janjaapbos at gmail.com>:
> Before trying at OSX, make sure it works on your LXD host.
>
> Follow the steps for hacking on:
>
> https://github.com/lxc/lxd
>
> It works for me.
> Hacking
>
> Sometimes it is useful to view the raw response that LXD sends; you can do this by:
>
> lxc config set password foo
> lxc remote add local 127.0.0.1:8443
> wget --no-check-certificate https://127.0.0.1:8443/1.0/finger --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -O - -q
>
>
> 2015-05-23 21:13 GMT+02:00 Kevin LaTona <lists at studiosola.com>:
>
>
> I noticed I did not run the lxc config trust add client.crt call as suggested earlier.
>
> So I
>
> cd
> /root/.config/lxc
>
> lxc config trust add client.crt
>
>
> then
>
> lxc config trust list
>
> and got to finger prints back
>
>
>
> Next ran
>
>
> curl -v -k https://192.168.0.50:8443/1.0/images
>
> * Hostname was NOT found in DNS cache
> * Trying 192.168.0.50...
> * Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv3, TLS handshake, Request CERT (13):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS alert, Server hello (2):
> * error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> * Closing connection 0
> curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>
>
> root at c5:~#
>
>
>
>
> Unless I am missing another config step here.
>
> Sure looks like the LDX image server is sending out bad certs into the wild.
>
>
> -Kevin
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> _______________________________________________
> lxc-users mailing list
> lxc-users at lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20150523/e49c2d5e/attachment.html>
More information about the lxc-users
mailing list