Hi all, I found the issue. I just had to use CERT_NONE Below is the working test code. If someone else is struggling with this I hope google will lead them to this.
I understand the documentation can't explain everything and that websocket is considered to be known. Then again it would have been nice to have a note somewhere stating that the websocket did not need a certificate. Enjoy, Frans. #!/usr/bin/python2 # code is a minimally adapted version of the code of raharper as found on # https://github.com/lxc/lxd/issues/231 import json import requests import sys import websocket import urllib import ssl URL = '127.0.0.1:8443' if len(sys.argv) < 2: print('usage: exec <container> cmd') sys.exit(1) u='https://%s/1.0/containers/%s/exec' % (URL, sys.argv[1]) cert = ('client.crt', 'client.key') command = { "command": sys.argv[2:], "wait-for-websocket": True, } params = json.dumps(command) r = requests.post(u, data=params, verify=False, cert=cert) content = json.loads(r.text) op = content['operation'] fds = content['metadata']['metadata']['fds'] sockets = {} stdout = '1' stdin = '0' stderr = '2' ssl_options = { "cert_reqs": ssl.CERT_NONE, }; for fd in [stdin, stdout, stderr]: secret = urllib.urlencode({'secret': fds[fd]}) wsurl = 'wss://%s%s/websocket?%s' %(URL, op, secret) ws = websocket.create_connection(wsurl, sslopt=ssl_options) sockets[fd] = ws # stdout = 1, stderr = 2 output = sockets[stdout].recv() error = sockets[stderr].recv() print(output) 2017-02-15 22:47 GMT+01:00 Frans Meulenbroeks <fransmeulenbro...@gmail.com>: > This is as far as I got, but I am not properly authenticated. > The program is below. > > The error I get is: > File "/home/frans/lxd/websock.py", line 42, in <module> > ws.connect(wsurl) > File "/usr/local/lib/python2.7/dist-packages/websocket/_core.py", line > 211, in connect > options.pop('socket', None)) > File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line > 77, in connect > sock = _ssl_socket(sock, options.sslopt, hostname) > File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line > 179, in _ssl_socket > sock = _wrap_sni_socket(sock, sslopt, hostname, check_hostname) > File "/usr/local/lib/python2.7/dist-packages/websocket/_http.py", line > 160, in _wrap_sni_socket > server_hostname=hostname, > File "/usr/lib/python2.7/ssl.py", line 353, in wrap_socket > _context=self) > File "/usr/lib/python2.7/ssl.py", line 601, in __init__ > self.do_handshake() > File "/usr/lib/python2.7/ssl.py", line 830, in do_handshake > self._sslobj.do_handshake() > ssl.SSLError: [SSL: CERTIFICATE_VERIFY_FAILED] certificate verify failed > (_ssl.c:590) > > Obviously something wrong with certificates, but what ? > Anyone a clue? > > Thanks, Frans > > [ non working code deleted in order not to confuse people] > > 2017-02-15 16:28 GMT+01:00 Frans Meulenbroeks <fransmeulenbro...@gmail.com > >: > >> Hi, >> >> I was wondering if someone could help me a bit with exec over the REST >> API (in python in my case). >> >> I found this example: https://github.com/lxc/lxd/issues/231 but >> unfortunately this did not work for me (after changing 8080 to 8443). >> >> I suspect this is caused by missing authentication, but as I am a >> websocket n00b, I was wondering if someone could help me out by providing >> some more info, a link or a code snippet. >> >> Also: should I use ws:// or wss:// ? >> >> Thanks for any help! >> Frans >> > >
_______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
