On Fri, May 22, 2015 at 09:32:05PM -0700, Kevin LaTona wrote: > > On May 22, 2015, at 9:13 PM, Tycho Andersen <tycho.ander...@canonical.com> > wrote: > > > On Fri, May 22, 2015 at 05:14:06PM -0700, Kevin LaTona wrote: > >> > >> This past week or so I ran into an issue of not being able to connect a > >> test LXD rest server on my local network. > >> > >> I've tested this problem out from pretty much every angle I can think of. > >> > >> Every thing from fresh OS, server, SSL lib installs to upgrades of current > >> running apps on my machines. > >> > >> > >> Pretty much unless I am missing some small fundamental piece that is > >> preventing current shipping vivid server to allow connections to the LXD > >> rest server. > >> > >> My take is there is a bug . > >> > >> If this true, what is the best way to let the LXC team know about this to > >> see how to get to next step? > >> > >> > >> To sum it up I am able to connect to a public LXD rest server. > >> > >> # from vivid container --> public LXD server ( > >> container to public ) > >> curl -k https://images.linuxcontainers.org/1.0/images > >> # {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6 > >> > >> > >> No matter how and from what angle I try connecting to a local test LXD > >> rest server it is having connections issues. > >> > >> # vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host > >> machine ) > >> # this container can ping 192.168.0.50 > >> curl -k https://192.168.0.50:8443/1.0/images > >> # curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad > >> certificate > > > > You probably need to pass --cert and --key to curl as well; you can > > see examples of this in the /tests directory. > > > I'll look into that to see if that helps. > > > Yet I am able to hit the images.linuxcontainers.org server from all ….
Yes, images.linuxcontainers.org is not a real LXD server, it just implements parts of the rest API (the public bits). > Using OS X, Ubuntu host and from Container and all with the same Curl command > calls. > > Which has me wondering why that server and not my local LXD rest server? > > So far makes zero sense to me and the Rest server should make things simpler > in the end. > > > > Unless I am missing something in configs or settings some where else… or > there is bug. > > > I've chased enough code problems to know when you hammer on it from all > possible ways. > > And it's working part of the time….. some thing is off as it's just not > making sense. > > Plus I am not seeing any mention in LXD docs about need for cert and keys for > this kind of call. I suppose there's no reason we couldn't allow requests without a client cert to work for unauthenticated requests; I don't anticipate it being a hugely common use case, though, as most people should be using a client or API to access LXD. > > If I need them for the local server I would need them for the pulbic server > as well since Linuxcontainers is using self signed cert on that site. images.linuxcontainers.org shouldn't be using a self signed cert; LXD does, though. Tycho > > > -Kevin > > > > > > > > > > > Tycho > > > >> > >> > >> # OS X term window --> vivid server (same 192.168.x.x > >> network) > >> curl -k https://192.168.0.50:8443/1.0/images > >> # curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 > >> alert protocol version > >> > >> > >> > >> If any one has any ideas or suggestions please send them along. > >> > >> -Kevin > >> > >> > >> > >> _______________________________________________ > >> lxc-users mailing list > >> lxc-users@lists.linuxcontainers.org > >> http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > > lxc-users mailing list > > lxc-users@lists.linuxcontainers.org > > http://lists.linuxcontainers.org/listinfo/lxc-users > > _______________________________________________ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users