[lxc-users] What is the best way to report bug issues with LXD rest server?

Tycho Andersen tycho.andersen at canonical.com
Wed May 27 05:09:14 UTC 2015


On Tue, May 26, 2015 at 06:37:59PM -0700, Kevin LaTona wrote:
> 
> On May 26, 2015, at 4:37 PM, Tycho Andersen <tycho.andersen at canonical.com> wrote:
> 
> > Hi Kevin,
> > 
> > On Mon, May 25, 2015 at 07:38:12PM -0700, Kevin LaTona wrote:
> >> 
> >> On May 25, 2015, at 12:16 PM, Kevin LaTona <lists at studiosola.com> wrote:
> >> 
> >>> The simplest way I found so far to connect from a Mac running 10.8.5 to the LDX 0.9 rest server is using a Python Subprocess call via SSH into the host machine which runs a Curl call to the LXD server which then returns the JSON/Dict object.
> >>> 
> >>> While it sounds like a round about way to get there, it's the only way I have found so far to bypass the surrounding issue of getting TLS1_2 to run on OS X  10.8.5 and or Python 2.7.9.
> >>> 
> >> 
> >> 
> >> Well that was one really short lived idea. 
> >> 
> >> Making those ssh based subprocess calls to the host is just not cutting it from me after all, even if it does work the overhead cost to do them kind of kills the idea for all but simple use.
> >> 
> >> I was really wanting to stick by and use the LXD Rest server and not have to re-invent the wheel here.
> >> 
> >> 
> >> Guess it's not going to happen, so instead I've decided to create a Python based Tornado Rest server running on the host and calling the LXD Cli calls.
> >> 
> >> This way I can back the SSL library down from the TLS1_2 idea. I guess some need that level of security, for now I can live without it.
> >> 
> >> 
> >> Plus Tornado opens up some other areas to look at doing some container management like ideas.
> >> 
> >> So this may turn out better over the long haul until LXD matures and becomes a bit more solid.
> >> 
> >> 
> >> 
> >> 
> >>> 
> >>> If there is any Python users on this list using the Requests module and has it working with both TLS1_2 and the LXD rest server, please share your process.
> >> 
> >> 
> >> Again if there is any Pythonista on this LXC mailing list who has been able to get TLS1_2 wrapped and working with Requests.
> > 
> > I just wrote http://tycho.ws/blog/2015/05/lxd-python.html which works
> > fine for me on Ubuntu.
> 
> 
> Looks good should help folks with correct machine setups to see how easy it can be.
> 
> 
> 
> > 
> > I do have an old OSX system laying around so I tried it there and got
> > an SSL error. It looks like the version of SSL it has only has TLS 1.0
> > built in. I don't really know anything about OSX, but the obvious
> > solution seems to be to use the above program and a version of openssl
> > that has TLS 1.2 compiled in. Perhaps upgrading OSX or using some
> > package manager to give you an new libssl would work.
> 
> 
> It appears the big road block here right now is Apple's use of an outdated OpenSSL library that makes using TSL1_2 impossible with out access to a newer version of OpenSSL.
> 
> Maybe that is possible with 10.10 or even 10.9, but right now I need to keep this machine frozen at 10.8.5.
> 
> 
> The pylxd app mentioned in your blog looks interesting since it's using unix domain sockets.
> 
> If that ends up getting access to lxc calls without having to make ny kind of a subprocess call to command line, it may turn out to be a tad bit faster when interfacing with this Tornado rest server I am working on.
> 
> 
> It's pretty clear to me now that if anyone has any client that can not use TSL1_2 that the only way to efficient access a LXD server will be by running their own server on the host as well.
> 
> Or totally bypassing LXD and go back to using legacy LXC calls.
> 
> 
> If there is any Mac users on the list that know of a way that allows OS X 10.8.5 and Python 2.7.10 to use newer versions of OpenSSL,  let me now how you did it, if you care to share.
> 
> 
> Tycho ….thanks for looking into this and sharing what you found out.

Another option would be to use socat:

https://github.com/raharper/lxd_tools/blob/master/setup.sh#L19


More information about the lxc-users mailing list