[lxc-users] websocket and authentication
Frans Meulenbroeks
fransmeulenbroeks at gmail.com
Fri Feb 17 10:14:00 UTC 2017
Hi all,
I found the issue. I just had to use CERT_NONE
Below is the working test code.
If someone else is struggling with this I hope google will lead them to
this.
I understand the documentation can't explain everything and that websocket
is considered to be known.
Then again it would have been nice to have a note somewhere stating that
the websocket did not need a certificate.
Enjoy, Frans.
#!/usr/bin/python2
# code is a minimally adapted version of the code of raharper as found on
# https://github.com/lxc/lxd/issues/231
import json
import requests
import sys
import websocket
import urllib
import ssl
URL = '127.0.0.1:8443'
if len(sys.argv) < 2:
print('usage: exec <container> cmd')
sys.exit(1)
u='https://%s/1.0/containers/%s/exec' % (URL, sys.argv[1])
cert = ('client.crt', 'client.key')
command = {
"command": sys.argv[2:],
"wait-for-websocket": True,
}
params = json.dumps(command)
r = requests.post(u, data=params, verify=False, cert=cert)
content = json.loads(r.text)
op = content['operation']
fds = content['metadata']['metadata']['fds']
sockets = {}
stdout = '1'
stdin = '0'
stderr = '2'
ssl_options = {
"cert_reqs": ssl.CERT_NONE,
};
for fd in [stdin, stdout, stderr]:
secret = urllib.urlencode({'secret': fds[fd]})
wsurl = 'wss://%s%s/websocket?%s' %(URL, op, secret)
ws = websocket.create_connection(wsurl, sslopt=ssl_options)
sockets[fd] = ws
# stdout = 1, stderr = 2
output = sockets[stdout].recv()
error = sockets[stderr].recv()
print(output)
2017-02-15 22:47 GMT+01:00 Frans Meulenbroeks <fransmeulenbroeks at gmail.com>:
> This is as far as I got, but I am not properly authenticated.
> The program is below.
>
> The error I get is:
> File "/home/frans/lxd/websock.py", line 42, in <module>
> ws.connect(wsurl)
> File "/usr/local/lib/python2.7/dist-packages/websocket/_core.py", line
> 211, in connect
> options.pop('socket', None))
> File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line
> 77, in connect
> sock = _ssl_socket(sock, options.sslopt, hostname)
> File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line
> 179, in _ssl_socket
> sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname)
> File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line
> 160, in _wrap_sni_socket
> server_hostname=hostname,
> File "/usr/lib/python2.7/ssl.py", line 353, in wrap_socket
> _context=self)
> File "/usr/lib/python2.7/ssl.py", line 601, in __init__
> self.do_handshake()
> File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake
> self._sslobj.do_handshake()
> ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed
> (_ssl.c:590)
>
> Obviously something wrong with certificates, but what ?
> Anyone a clue?
>
> Thanks, Frans
>
> [ non working code deleted in order not to confuse people]
>
> 2017-02-15 16:28 GMT+01:00 Frans Meulenbroeks <fransmeulenbroeks at gmail.com
> >:
>
>> Hi,
>>
>> I was wondering if someone could help me a bit with exec over the REST
>> API (in python in my case).
>>
>> I found this example: https://github.com/lxc/lxd/issues/231 but
>> unfortunately this did not work for me (after changing 8080 to 8443).
>>
>> I suspect this is caused by missing authentication, but as I am a
>> websocket n00b, I was wondering if someone could help me out by providing
>> some more info, a link or a code snippet.
>>
>> Also: should I use ws:// or wss:// ?
>>
>> Thanks for any help!
>> Frans
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxcontainers.org/pipermail/lxc-users/attachments/20170217/0807c597/attachment-0001.html>
More information about the lxc-users
mailing list