[Bug 1180355] Re: LXC Template ubuntu-cloud does not work
** No longer affects: lxc (Ubuntu) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ca-certificates/+bug/1180355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
RE: [Bug 1180355] Re: LXC Template ubuntu-cloud does not work
Could you show the result of curl -Iv https://cloud-images.ubuntu.com/query/precise/server/released- dl.current.txt This is the result: curl -Iv https://cloud-images.ubuntu.com/query/precise/server/released-dl.current.txt * About to connect() to cloud-images.ubuntu.com port 443 (#0) * Trying 91.189.88.141... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS alert, Server hello (2): * SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed * Closing connection #0 curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I looked into synaptic and ca-certificates and ca-certificates-java are installed. I also verified that all installed the files are there and everything was in place. After that i reinstalled both packages and after that it worked: * About to connect() to cloud-images.ubuntu.com port 443 (#0) * Trying 91.189.88.141... connected * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSL connection using DHE-RSA-AES256-SHA * Server certificate: * subject: O=cloud-images.ubuntu.com; OU=Domain Control Validated; CN=cloud-images.ubuntu.com * start date: 2012-07-12 13:57:09 GMT * expire date: 2013-07-14 07:49:21 GMT * subjectAltName: cloud-images.ubuntu.com matched * issuer: C=US; ST=Arizona; L=Scottsdale; O=GoDaddy.com, Inc.; OU=http://certificates.godaddy.com/repository; CN=Go Daddy Secure Certification Authority; serialNumber=07969287 * SSL certificate verify ok. HEAD /query/precise/server/released-dl.current.txt HTTP/1.1 User-Agent: curl/7.22.0 (x86_64-pc-linux-gnu) libcurl/7.22.0 OpenSSL/1.0.1 zlib/1.2.3.4 libidn/1.23 librtmp/2.3 Host: cloud-images.ubuntu.com Accept: */* HTTP/1.1 200 OK HTTP/1.1 200 OK Date: Mon, 10 Jun 2013 06:08:15 GMT Date: Mon, 10 Jun 2013 06:08:15 GMT Server: Apache/2.2.14 (Ubuntu) Server: Apache/2.2.14 (Ubuntu) Last-Modified: Mon, 03 Jun 2013 15:09:15 GMT Last-Modified: Mon, 03 Jun 2013 15:09:15 GMT ETag: 29c013b-1e9-4de41590b5cc0 ETag: 29c013b-1e9-4de41590b5cc0 Accept-Ranges: bytes Accept-Ranges: bytes Content-Length: 489 Content-Length: 489 Vary: Accept-Encoding Vary: Accept-Encoding Content-Type: text/plain Content-Type: text/plain * Connection #0 to host cloud-images.ubuntu.com left intact * Closing connection #0 * SSLv3, TLS alert, Client hello (1): Is there any kind of cache or something that gets refreshed after a reinstall? As i have written before, all installed files were in place. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ca-certificates/+bug/1180355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
RE: [Bug 1180355] Re: LXC Template ubuntu-cloud does not work
It still happenes. Wouldn't it be better to move this bug report somewhere else? Because the problem seems to exist in a different component. I use the regular precise wget. Now i've build the 1.14 package from saucy. But even with this version i get the same error. I also tried the link with three different browsers (firefox, google-chrome and opera) and there is no problem with the url. Now i tried the link with curl and i get this: curl https://cloud-images.ubuntu.com/query/precise/server/released-dl.current.txt curl: (60) SSL certificate problem, verify that the CA cert is OK. Details: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed More details here: http://curl.haxx.se/docs/sslcerts.html curl performs SSL certificate verification by default, using a bundle of Certificate Authority (CA) public keys (CA certs). If the default bundle file isn't adequate, you can specify an alternate file using the --cacert option. If this HTTPS server uses a certificate signed by a CA represented in the bundle, the certificate verification probably failed due to a problem with the certificate (it might be expired, or the name might not match the domain name in the URL). If you'd like to turn off curl's verification of the certificate, use the -k (or --insecure) option. I don't think that both wget and curl have the same problem. Maybe somewhere in their libs? Date: Thu, 6 Jun 2013 20:34:12 + From: 1180...@bugs.launchpad.net To: nudgegoon...@hotmail.com Subject: [Bug 1180355] Re: LXC Template ubuntu-cloud does not work Is this still happening for you? Are you behind a proxy that would explain this behavior? (I wonder if this could actually be a bug/misconfiguration in your ca- certificates?) -- You received this bug notification because you are subscribed to the bug report. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work Status in “lxc” package in Ubuntu: Incomplete Bug description: I tried the template with regular precise lxc package and then the with the 0.8 backport. Both resulted in the error reading: failed to get https://cloud-images.ubuntu.com/query/precise/server /released-dl.current.txt When i copy this URL into a browser the file is there. The problem must be in the ubuntu-cloud template. The normal ubuntu template works. My specs: Ubuntu 12.04.2, LTS Release: 12.04, lxc 0.7.5-3ubuntu67 and 0.8.0~rc1-4ubuntu39.12.10.2~ubuntu12.04.1 ProblemType: Bug DistroRelease: Ubuntu 12.04 Package: lxc 0.8.0~rc1-4ubuntu39.12.10.2~ubuntu12.04.1 ProcVersionSignature: Ubuntu 3.8.0-20.31~precise1-generic 3.8.11 Uname: Linux 3.8.0-20-generic x86_64 ApportVersion: 2.0.1-0ubuntu17.2 Architecture: amd64 Date: Wed May 15 10:58:20 2013 InstallationMedia: Ubuntu 12.04.2 LTS Precise Pangolin - Release amd64 (20130213) MarkForUpload: True ProcEnviron: TERM=xterm PATH=(custom, no user) LANG=de_DE.UTF-8 SHELL=/bin/bash SourcePackage: lxc UpgradeStatus: No upgrade log present (probably fresh install) modified.conffile..etc.default.lxc: [modified] modified.conffile..etc.dnsmasq.d.available.lxc: [deleted] mtime.conffile..etc.default.lxc: 2013-05-14T15:21:31.327779 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1180355/+subscriptions -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1180355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1180355] Re: LXC Template ubuntu-cloud does not work
Is this still happening for you? Are you behind a proxy that would explain this behavior? (I wonder if this could actually be a bug/misconfiguration in your ca- certificates?) -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1180355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
RE: [Bug 1180355] Re: LXC Template ubuntu-cloud does not work
Thank you very much for your answer. I tried: $ sudo lxc-create -t ubuntu-cloud -n test With that i get the same error: $ sudo lxc-create -t ubuntu-cloud -n test No config file specified, using the default config ubuntu-cloudimg-query ist /usr/bin/ubuntu-cloudimg-query wget ist /usr/bin/wget failed to get https://cloud-images.ubuntu.com/query/precise/server/released-dl.current.txt failed to execute template 'ubuntu-cloud' aborted Doing a wget on the url was the right tip. It resulted in: $ wget https://cloud-images.ubuntu.com/query/precise/server/released-dl.current.txt --2013-05-22 09:35:41-- https://cloud-images.ubuntu.com/query/precise/server/released-dl.current.txt Auflösen des Hostnamen »cloud-images.ubuntu.com (cloud-images.ubuntu.com)«... 91.189.88.141 Verbindungsaufbau zu cloud-images.ubuntu.com (cloud-images.ubuntu.com)|91.189.88.141|:443... verbunden. FEHLER: Kann das Zertifikat von »cloud-images.ubuntu.com« nicht prüfen, ausgestellt von »»/C=US/ST=Arizona/L=Scottsdale/O=GoDaddy.com, Inc./OU=http://certificates.godaddy.com/repository/CN=Go Daddy Secure Certification Authority/serialNumber=07969287««:. Ein selbst-signiertes Zertifikat gefunden. Verwenden Sie »--no-check-certificate«, um zu dem Server »cloud-images.ubuntu.com« eine nicht gesicherte Verbindung aufzubauen. There must be a problem with the certificates. Altough i havn't changed or configured anything in that direction. I tried to modify the /usr/share/lxc/templates/lxc-ubuntu-cloud script with the --no-check- certificate option on both wget calls but it didn't help. I don't think this is a bug in the lxc package but a bug concerning wget or the certificates. I tried the link from the wget outpuz and the certificate does not seem to exist. Could it be that there is a loadbalancer behind the url and you are getting a different mirror? Regards, Andreas -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1180355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1180355] Re: LXC Template ubuntu-cloud does not work
Thank you for taking the time to report this bug and helping to make Ubuntu better. I failed to reproduce this bug on 12.04. Using lxc 0.7.5-3ubuntu67, I get: $ sudo lxc-create -t ubuntu-cloud -n test No config file specified, using the default config ubuntu-cloudimg-query is /usr/bin/ubuntu-cloudimg-query wget is /usr/bin/wget --2013-05-15 15:45:34-- https://cloud-images.ubuntu.com/server/releases/precise/release-20130502/ubuntu-12.04-server-cloudimg-amd64-root.tar.gz Resolving cloud-images.ubuntu.com (cloud-images.ubuntu.com)... 91.189.88.141 Connecting to cloud-images.ubuntu.com (cloud-images.ubuntu.com)|91.189.88.141|:443... connected. HTTP request sent, awaiting response... 302 Found Location: https://cloud-images.ubuntu.com/releases/precise/release-20130502/ubuntu-12.04-server-cloudimg-amd64-root.tar.gz [following] --2013-05-15 15:45:34-- https://cloud-images.ubuntu.com/releases/precise/release-20130502/ubuntu-12.04-server-cloudimg-amd64-root.tar.gz Reusing existing connection to cloud-images.ubuntu.com:443. HTTP request sent, awaiting response... 200 OK Length: 230466207 (220M) [application/x-gzip] Saving to: `ubuntu-12.04-server-cloudimg-amd64-root.tar.gz' 100%[=] 230,466,207 37.6M/s in 6.0s 2013-05-15 15:45:40 (36.6 MB/s) - `ubuntu-12.04-server-cloudimg- amd64-root.tar.gz' saved [230466207/230466207] Extracting container rootfs Configuring for running outside of a cloud environment If you want to configure for a cloud evironment, please use '-- -C' to create the container Container test created. 'ubuntu-cloud' template installed 'test' created You have not posted exact steps to reproduce your problem. Please do so, explain why you believe this is a bug rather than a network problem at your end, and then change the bug status back to New. On the other hand, if this turns out to be a problem at your end, please change the bug status to Invalid. Also please try running wget against the failed URL directly, rather than pasting it into a browser on what I presume is a different machine, and post the output. Thanks! ** Changed in: lxc (Ubuntu) Status: New = Incomplete -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to lxc in Ubuntu. https://bugs.launchpad.net/bugs/1180355 Title: LXC Template ubuntu-cloud does not work To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/lxc/+bug/1180355/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
