On Tue, May 26, 2015 at 06:37:59PM -0700, Kevin LaTona wrote: > > On May 26, 2015, at 4:37 PM, Tycho Andersen <tycho.ander...@canonical.com> > wrote: > > > Hi Kevin, > > > > On Mon, May 25, 2015 at 07:38:12PM -0700, Kevin LaTona wrote: > >> > >> On May 25, 2015, at 12:16 PM, Kevin LaTona <li...@studiosola.com> wrote: > >> > >>> The simplest way I found so far to connect from a Mac running 10.8.5 to > >>> the LDX 0.9 rest server is using a Python Subprocess call via SSH into > >>> the host machine which runs a Curl call to the LXD server which then > >>> returns the JSON/Dict object. > >>> > >>> While it sounds like a round about way to get there, it's the only way I > >>> have found so far to bypass the surrounding issue of getting TLS1_2 to > >>> run on OS X 10.8.5 and or Python 2.7.9. > >>> > >> > >> > >> Well that was one really short lived idea. > >> > >> Making those ssh based subprocess calls to the host is just not cutting it > >> from me after all, even if it does work the overhead cost to do them kind > >> of kills the idea for all but simple use. > >> > >> I was really wanting to stick by and use the LXD Rest server and not have > >> to re-invent the wheel here. > >> > >> > >> Guess it's not going to happen, so instead I've decided to create a Python > >> based Tornado Rest server running on the host and calling the LXD Cli > >> calls. > >> > >> This way I can back the SSL library down from the TLS1_2 idea. I guess > >> some need that level of security, for now I can live without it. > >> > >> > >> Plus Tornado opens up some other areas to look at doing some container > >> management like ideas. > >> > >> So this may turn out better over the long haul until LXD matures and > >> becomes a bit more solid. > >> > >> > >> > >> > >>> > >>> If there is any Python users on this list using the Requests module and > >>> has it working with both TLS1_2 and the LXD rest server, please share > >>> your process. > >> > >> > >> Again if there is any Pythonista on this LXC mailing list who has been > >> able to get TLS1_2 wrapped and working with Requests. > > > > I just wrote http://tycho.ws/blog/2015/05/lxd-python.html which works > > fine for me on Ubuntu. > > > Looks good should help folks with correct machine setups to see how easy it > can be. > > > > > > > I do have an old OSX system laying around so I tried it there and got > > an SSL error. It looks like the version of SSL it has only has TLS 1.0 > > built in. I don't really know anything about OSX, but the obvious > > solution seems to be to use the above program and a version of openssl > > that has TLS 1.2 compiled in. Perhaps upgrading OSX or using some > > package manager to give you an new libssl would work. > > > It appears the big road block here right now is Apple's use of an outdated > OpenSSL library that makes using TSL1_2 impossible with out access to a newer > version of OpenSSL. > > Maybe that is possible with 10.10 or even 10.9, but right now I need to keep > this machine frozen at 10.8.5. > > > The pylxd app mentioned in your blog looks interesting since it's using unix > domain sockets. > > If that ends up getting access to lxc calls without having to make ny kind of > a subprocess call to command line, it may turn out to be a tad bit faster > when interfacing with this Tornado rest server I am working on. > > > It's pretty clear to me now that if anyone has any client that can not use > TSL1_2 that the only way to efficient access a LXD server will be by running > their own server on the host as well. > > Or totally bypassing LXD and go back to using legacy LXC calls. > > > If there is any Mac users on the list that know of a way that allows OS X > 10.8.5 and Python 2.7.10 to use newer versions of OpenSSL, let me now how > you did it, if you care to share. > > > Tycho ….thanks for looking into this and sharing what you found out.
Another option would be to use socat: https://github.com/raharper/lxd_tools/blob/master/setup.sh#L19 _______________________________________________ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
