[lxc-users] websocket and authentication

Frans Meulenbroeks fransmeulenbroeks at gmail.com
Wed Feb 15 21:47:03 UTC 2017 

This is as far as I got, but I am not properly authenticated.
The program is below.

The error I get is:
  File "/home/frans/lxd/websock.py", line 42, in <module>
    ws.connect(wsurl)
  File "/usr/local/lib/python2.7/dist-packages/websocket/_core.py", line
211, in connect
    options.pop('socket', None))
  File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line
77, in connect
    sock = _ssl_socket(sock, options.sslopt, hostname)
  File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line
179, in _ssl_socket
    sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
  File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line
160, in _wrap_sni_socket
    server_hostname=hostname,
  File "/usr/lib/python2.7/ssl.py", line 353, in wrap_socket
    _context=self)
  File "/usr/lib/python2.7/ssl.py", line 601, in __init__
    self.do_handshake()
  File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake
    self._sslobj.do_handshake()
ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
(_ssl.c:590)

Obviously something wrong with certificates, but what ?
Anyone a clue?

Thanks, Frans

#!/usr/bin/python2
import json
import requests
import sys
import websocket
import urllib
URL = '127.0.0.1:8443'

if len(sys.argv) < 2:
    print('usage: exec <container> cmd')
    sys.exit(1)

u='https://%s/1.0/containers/%s/exec' % (URL, sys.argv[1])
cert = ('client.crt', 'client.key')
command = {
    "command": sys.argv[2:],
    "wait-for-websocket": True,
}
params = json.dumps(command)
print(u)
print(params)
r = requests.post(u, data=params, verify=False, cert=cert)
content = json.loads(r.text)
op = content['operation']
fds = content['metadata']['metadata']['fds']
sockets = {}

stdout = '1'
stdin = '0'
stderr = '2'

ssl_options = {
       "certfile": "client.crt",
       "keyfile": "client.key",
    };

for fd in [stdin, stdout, stderr]:
    secret = urllib.urlencode({'secret': fds[fd]})
    wsurl = 'wss://%s%s/websocket?%s' %(URL, op, secret)
    ws = websocket.WebSocket(sslopt=ssl_options)
    ws.connect(wsurl)

    sockets[fd] = ws

# stdout = 1, stderr = 2
output = sockets[stdout].recv()
error = sockets[stderr].recv()

print(output)


2017-02-15 16:28 GMT+01:00 Frans Meulenbroeks <fransmeulenbroeks at gmail.com>:

> Hi,
>
> I was wondering if someone could help me a bit with exec over the REST API
> (in python in my case).
>
> I found this example: https://github.com/lxc/lxd/issues/231 but
> unfortunately this did not work for me (after changing 8080 to 8443).
>
> I suspect this is caused by missing authentication, but as I am a
> websocket n00b, I was wondering if someone could help me out by providing
> some more info, a link or a code snippet.
>
> Also: should I use ws:// or wss:// ?
>
> Thanks for any help!
> Frans
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170215/c5f54078/attachment.html>

More information about the lxc-users mailing list