On May 22, 2015, at 9:39 PM, Tycho Andersen <[email protected]> wrote:
> On Fri, May 22, 2015 at 09:32:05PM -0700, Kevin LaTona wrote: >> >> On May 22, 2015, at 9:13 PM, Tycho Andersen <[email protected]> >> wrote: >> >>> On Fri, May 22, 2015 at 05:14:06PM -0700, Kevin LaTona wrote: >>>> >>>> This past week or so I ran into an issue of not being able to connect a >>>> test LXD rest server on my local network. >>>> >>>> I've tested this problem out from pretty much every angle I can think of. >>>> >>>> Every thing from fresh OS, server, SSL lib installs to upgrades of current >>>> running apps on my machines. >>>> >>>> >>>> Pretty much unless I am missing some small fundamental piece that is >>>> preventing current shipping vivid server to allow connections to the LXD >>>> rest server. >>>> >>>> My take is there is a bug . >>>> >>>> If this true, what is the best way to let the LXC team know about this to >>>> see how to get to next step? >>>> >>>> >>>> To sum it up I am able to connect to a public LXD rest server. >>>> >>>> # from vivid container --> public LXD server ( >>>> container to public ) >>>> curl -k https://images.linuxcontainers.org/1.0/images >>>> # {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6 >>>> >>>> >>>> No matter how and from what angle I try connecting to a local test LXD >>>> rest server it is having connections issues. >>>> >>>> # vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host >>>> machine ) >>>> # this container can ping 192.168.0.50 >>>> curl -k https://192.168.0.50:8443/1.0/images >>>> # curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad >>>> certificate >>> >>> You probably need to pass --cert and --key to curl as well; you can >>> see examples of this in the /tests directory. >> >> >> I'll look into that to see if that helps. >> >> >> Yet I am able to hit the images.linuxcontainers.org server from all …. > > Yes, images.linuxcontainers.org is not a real LXD server, it just > implements parts of the rest API (the public bits). There was enough of it running to help me figure out I am able to connect to a LDX server at least. I know the Request Library has a helper app in it deal with all the various provider of certs to make it easier for folks to have to mess around. But with self signed certs…….. all bets are off. > >> Using OS X, Ubuntu host and from Container and all with the same Curl >> command calls. >> >> Which has me wondering why that server and not my local LXD rest server? >> >> So far makes zero sense to me and the Rest server should make things simpler >> in the end. >> >> >> >> Unless I am missing something in configs or settings some where else… or >> there is bug. >> >> >> I've chased enough code problems to know when you hammer on it from all >> possible ways. >> >> And it's working part of the time….. some thing is off as it's just not >> making sense. >> >> Plus I am not seeing any mention in LXD docs about need for cert and keys >> for this kind of call. > > I suppose there's no reason we couldn't allow requests without a > client cert to work for unauthenticated requests; I don't anticipate > it being a hugely common use case, though, as most people should be > using a client or API to access LXD. It was a dim light in the end of tunnel figuring out why some people must having it work and I can't so far. Either some one is not documented something important in the publically published doc's or ????????? > >> >> If I need them for the local server I would need them for the pulbic server >> as well since Linuxcontainers is using self signed cert on that site. > > images.linuxcontainers.org shouldn't be using a self signed cert; LXD > does, though. > This is what info the lc.org cert shows > Tycho > >> >> >> -Kevin >> >> >> >> >> >> >> >> >> >>> Tycho >>> >>>> >>>> >>>> # OS X term window --> vivid server (same 192.168.x.x >>>> network) >>>> curl -k https://192.168.0.50:8443/1.0/images >>>> # curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 >>>> alert protocol version >>>> >>>> >>>> >>>> If any one has any ideas or suggestions please send them along. >>>> >>>> -Kevin >>>> >>>> >>>> >>>> _______________________________________________ >>>> lxc-users mailing list >>>> [email protected] >>>> http://lists.linuxcontainers.org/listinfo/lxc-users >>> _______________________________________________ >>> lxc-users mailing list >>> [email protected] >>> http://lists.linuxcontainers.org/listinfo/lxc-users >> >> _______________________________________________ >> lxc-users mailing list >> [email protected] >> http://lists.linuxcontainers.org/listinfo/lxc-users > _______________________________________________ > lxc-users mailing list > [email protected] > http://lists.linuxcontainers.org/listinfo/lxc-users
_______________________________________________ lxc-users mailing list [email protected] http://lists.linuxcontainers.org/listinfo/lxc-users
