Re: [lxc-users] How to setup a static IP in a container with LX[C|D] 2.0.0.*
On Mar 21, 2016, at 2:26 AM, Andrey Repin wrote: Greetings, Mahesh Patade! > Hi, > here is simple and sweet how to on bridge networking. > > https://insights.ubuntu.com/2015/11/10/converting-eth0-to-br0-and-getting-all-your-lxc-or-lxd-onto-your-lan/ > Google is your friend. ;) > That's no better than LXCBR… > Try macvlan bridge one day. So yhy do you thinkmacvlan is any better than the default lxcbr0 style of doing this and using iptables… care to share your thoughts? https://www.flockport.com/lxc-macvlan-networking/ These days with LXD 2.0.0 pretty much ready to go…... all the infomation anyone can find on Google is getting to be very dated and now will confuse most users….. new or otherwise ….rather than help them to get going or solve a problem. Meaning much of what anyone can find on Google is about worthless and is a huge time suck trying to pull out any little nuggets from it these days. The one positive thing in the works is Stephane Graber is in the process of rewriting / updating his blog post series to reflect the state of LXD 2.0 vs LXC .08 https://insights.ubuntu.com/2016/03/16/lxd-2-0-installing-and-configuring-lxd-212/ Until the LXC/D community comes up with a way to create a singular information site that makes it easy for people to both learn from and share their experiences about LXD. Docker is going to continue to hog the spotlight and working with LXD will forever require more work than the average typically user will dive into inorder to get up to speed with it. That’s my take on it….. LXD is pretty much amazing… but has a huge info / documentation brick wall in front of it. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Accessing LXD remote error --509: cannot validate certificate
I built LXD for OS X and at one point had it working with some earlier tests back a few months ago, but not it’s choking on me. When I issue this call from a OS X terminal window lxc info host50:c1 I am getting this error: error: Get https://192.168.0.50:8443/1.0/containers/c1: x509: cannot validate certificate for 192.168.0.50 because it doesn't contain any IP SANs I’m assuming my OS X version of LXD is not sending over the proper cert handshake. Can anyone point out how to get this all working again? Currently I am able to connect to the 192.168.0.50 server with a Python client I created, so I know the server is working correctly. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD 2.0.0.rc2 -- IP Tables -- Ubuntu 15.10 -- not responding
In case some one comes upon this via a google search with the same problem in the future. The iptable rules shown do work The problem was a small typo I missed in one of them. -Kevin > On Mar 10, 2016, at 6:53 PM, Kevin LaTona wrote: > > I jus tried installing 15.10 on a 3 different test servers with LXD 2.0.0.rc2. > > The ip tables rules I had been using with 14.04 would not work. > > Here is an example: > > iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT > --to-destination 10.0.3.250:8080 > iptables -A FORWARD -p tcp -d 10.0.3.250 --dport 8080 -m state --state > NEW,ESTABLISHED,RELATED -j ACCEPT > iptables -t nat -A OUTPUT -p tcp -o lo --dport 8080 -j DNAT --to-destination > 10.0.3.250:8080 > > In the past I have used these iptable rules to allow outside of the local lan > access to a container when needed. > > > Curious is anyone else running into this issue with 15.10? > > If so, what did you do to allow outside public access to a container? > > > Since I jumped from 14.04 + LXD 0.9 to 1510 2.0.0.rc2 in my testing and it > broke. > > I have no idea if there is new or better way that has been introduced since > 0.9 when needing direct public access to a container while using the default > lxcbr0 bridge + 10.0.3.x DHCP setup. > > > > I ended up rolling back to 15.04 for now and it’s all back to working as it > was in 14.04. > > > Thanks for any thoughts or insights? > > -Kevin > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD 2.0.0.rc2 -- IP Tables -- Ubuntu 15.10 -- not responding
I jus tried installing 15.10 on a 3 different test servers with LXD 2.0.0.rc2. The ip tables rules I had been using with 14.04 would not work. Here is an example: iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 8080 -j DNAT --to-destination 10.0.3.250:8080 iptables -A FORWARD -p tcp -d 10.0.3.250 --dport 8080 -m state --state NEW,ESTABLISHED,RELATED -j ACCEPT iptables -t nat -A OUTPUT -p tcp -o lo --dport 8080 -j DNAT --to-destination 10.0.3.250:8080 In the past I have used these iptable rules to allow outside of the local lan access to a container when needed. Curious is anyone else running into this issue with 15.10? If so, what did you do to allow outside public access to a container? Since I jumped from 14.04 + LXD 0.9 to 1510 2.0.0.rc2 in my testing and it broke. I have no idea if there is new or better way that has been introduced since 0.9 when needing direct public access to a container while using the default lxcbr0 bridge + 10.0.3.x DHCP setup. I ended up rolling back to 15.04 for now and it’s all back to working as it was in 14.04. Thanks for any thoughts or insights? -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Live (and recorded) introduction to LXD (with demo), this Thursday at 16:00 UTC
Very nice presentation and well worth the time for both new users as well as not so new users. Very easy to follow and great to see LXD in action like this. Stéphane hopefully you can find time in the future to do more videos along this line showing off other LXD features as well. Thanks for putting this on. -Kevin On Nov 5, 2015, at 9:14 AM, Stéphane Graber wrote: > On Tue, Nov 03, 2015 at 01:58:33PM -0500, Stéphane Graber wrote: >> Hello, >> >> I'll be speaking at the Ubuntu Online Summit on Thursday at 16:00 UTC. >> >> This will be an hangout on air so can be watched by anyone with access >> to youtube, the session will be available at: >> http://summit.ubuntu.com/uos-1511/meeting/22625/an-introduction-to-lxd-the-container-hypervisor/ >> >> I'll start with a short introduction to LXD, what it is, what it isn't, >> how it all started and presenting the API and main features. >> >> Then move on to a demo of all of the current features, including some >> cool new stuff. >> >> And finally conclude with our roadmap for the next few months, leading >> to the 2.0 version of all the LXC projects and what that will involve. >> >> >> You can watch it live or watch it on youtube after the fact. > > Hello, > > The recording is now available here: > https://www.youtube.com/watch?v=B_vRmItDORo > ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] lxd not providing port 8443
Hey Mark, There was an issue like this back around 0.8 but it was fixed. See if this link gives you any clues. https://github.com/lxc/lxd/issues/550 Or go back through LXD list from around May 2015 as it sounds like the Unix socket is not running. -Kevin On Aug 11, 2015, at 9:16 PM, Mark Constable wrote: > I have 2 *buntu 15.10 hosts and my local one has a few trusty, utopic and > wily containers. I've just updated a local LAN remote NAS to wily (so both > ends run the same version of lxd/lxc) and want to test copying and migration. > > However, neither my local or remote test machines have anything running on > port 8443. Is there some "trick" to start lxd plus access via port 8443? > > > ~ p lxd > root 2098 0.0 0.1 380028 19756 ?Ssl Aug11 0:02 /usr/bin/lxd > --group lxd --logfile=/var/log/lxd/lxd.log > root 2123 0.0 0.0 213924 6352 ?Ss Aug11 0:00 [lxc > monitor] /var/lib/lxd/containers gc1 > root 5803 0.0 0.0 213924 4308 ?Ss Aug11 0:00 [lxc > monitor] /var/lib/lxd/containers gc5 > > ~ lxc list > +---+-+-+--+---+---+ > | NAME| STATE |IPV4 | IPV6 | EPHEMERAL | SNAPSHOTS | > +---+-+-+--+---+---+ > | gc4 | STOPPED | | | NO| 0 | > | gc5 | RUNNING | 192.168.0.5 | | NO| 0 | > | gc6 | STOPPED | | | NO| 0 | > | gc1 | RUNNING | 192.168.0.3 | | NO| 0 | > +---+-+-+--+---+---+ > > ~ sudo netstat -tanup | grep 8443 > [... nothing ...] > > From the remote back to my local host... > > ~ lxc remote add mbox https://mbox:8443 --debug > DBUG[08-12|14:08:45] Error reading the server certificate for mbox: > open /home/markc/.config/lxc/servercerts/mbox.crt: no such file or directory > > DBUG[08-12|14:08:45] fingering the daemon > error Get https://mbox:8443/1.0: Unable to connect to: mbox:8443 > > > There is no firewall between them (from remote LAN NAS back to my laptop). > > ~ nmap mbox > > Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-12 14:11 AEST > Nmap scan report for mbox (192.168.0.2) > Host is up (0.00032s latency). > Not shown: 997 closed ports > PORT STATE SERVICE > 53/tcp open domain > 111/tcp open rpcbind > 2049/tcp open nfs > > Nmap done: 1 IP address (1 host up) scanned in 0.07 seconds > > And fwiw this is the wily container running on my local host scanned > from the remote LAN NAS (ie; no fundamental networking issues)... > > ~ nmap gc1 > > Starting Nmap 6.47 ( http://nmap.org ) at 2015-08-12 14:12 AEST > Nmap scan report for gc1 (192.168.0.3) > Host is up (0.00032s latency). > Not shown: 994 closed ports > PORTSTATE SERVICE > 22/tcp open ssh > 25/tcp open smtp > 80/tcp open http > 443/tcp open https > 465/tcp open smtps > 993/tcp open imaps > > Nmap done: 1 IP address (1 host up) scanned in 0.08 seconds > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Feature request -- LXC CLI output options
A feature request allow the end user to config and decide whiter the output from a LXC CLI call returns either as a JSON dict or stdout text? -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
On Aug 1, 2015, at 2:03 AM, Stéphane Graber wrote: > On Fri, Jul 31, 2015 at 09:26:28PM -0700, Kevin LaTona wrote: >> >> I just tried to add a remote host as per the LXC docs like this >> lxc remote add host-a https://192.168.50.1:8443 >> It's now asking for a admin password. > > Locally on the remote server, run: > lxc config set core.trust_password YOUR-PASSWORD Thanks that did it. > > We don't set any password by default for obvious security reasons. Which is why it was confusing to me. Maybe it worth making note in the remote call docs. To alert people that they will need to config the server with a password to do remote calls like this. So far the LXC client is running great under OS X 10.8.6 as well. For lots of dev's who code on a Mac, but deploy to Linux, this could be a big plus to know it's now possible to do like this. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
I just tried to add a remote host as per the LXC docs like this lxc remote add host-a https://192.168.50.1:8443 It's now asking for a admin password. I give it my Ubuntu test server admin password and it choked. I looked around LXC docs to see if there some default admin password and did not see one. As I don't ever recall giving the LXD server a admin password. Any body have ideas or suggestions of how to get around this? Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
Mike, Thanks that showed me what I was doing wrong. The LXC client did get built, I was not calling it's path correctly. I was thinking this LXC client would have gone into a Mac OS level folder and not these GO folders. -Kevin On Jul 31, 2015, at 2:56 PM, Mike McCracken wrote: > Hi Kevin, this just worked for me on OS X 10.10.4 with golang 1.4.2 installed > from the package here: https://golang.org/dl/ > > mkdir ~/go > export GOPATH=~/go > go get -v github.com/lxc/lxd > cd ~go/src/github.com/lxc/lxd > go get -v ./... > go install -v ./lxc > > ~/go/bin/lxc version > > ==> 1.4 > > If the same steps don't work for you, please copy in the error message you're > seeing and I'll try to help out. > > Thanks! > -mike > > > On Fri, Jul 31, 2015 at 1:12 PM, Kevin LaTona wrote: > > > I just walked through a bunch of path levels trying to see what might build. > > It looked like it did at one point build a client or > > But then I have not been able to locate it. > > Nor will it execute in the OS X terminal yet to even error out in any way to > say it's found. > > > it choked here > /Users/kevin/.go/src/github.com/lxc > > it seemed like it was building here > /Users/kevin/.go/src/github.com/lxc/lxd > > Then it chocked here > /Users/kevin/.go/src/github.com/lxc/lxd/lxc > > > I know development is smoking along here and folks are slammed. > > But right now there is zero docs about how to make this happen make a LXC > client run on a OS X machine. > > Any thoughts from anyone who has it running under OS X are welcomed. > > > -Kevin > > > > > On Jul 31, 2015, at 12:50 PM, Kevin LaTona wrote: > > > > > Thanks Tycho as it seems I am getting closer but not there yet. > > > > When I installed Go on this Mac I placed a folder at ~/.go > > > > From there I had Go install the LXD files based on what I found floating > > about on the net. > > > > I think it's done correctly. > > > > > > I took your suggestion and tried a few other path options and so far none > > are working. > > > > > > > > It appears that Go is looking for a path at > > > > /Users/kevin/.go/src/github.com/lxc/lxc > > > > And what was installed in the /Users/kevin/.go/src/github.com path > > > > > > Is a lxd folder and not a lxc folder at that level > > > > /Users/kevin/.go/src/github.com/lxc/lxd > > > > > > > > At this point not sure if the Go LXD script is looking at the wrong place. > > > > Or something was not install that should of been in the initial install > > process. > > > > > > I'll keep tweaking some things to see if it will kick in. > > > > But again if anyone has any insights on what or why this doing this… thanks. > > > > > > -Kevin > > > > > > > > > > > > On Jul 30, 2015, at 11:44 PM, Tycho Andersen > > wrote: > > > >> On Thu, Jul 30, 2015 at 03:27:44PM -0700, Kevin LaTona wrote: > >>> Thanks Bill, that got me closer but it still is not working. > >>> > >>> > >>> When I do a make I get back > >>> > >>> > >>> lxd kevin$ make > >>> go get -v -d ./... > >>> go install -v ./... > >>> github.com/lxc/lxd/lxd/migration > >>> # github.com/lxc/lxd/lxd/migration > >>> lxd/migration/migrate.go:38: undefined: lxc.Container > >>> make: *** [default] Error 2 > >>> > >>> > >>> If anyone is running the client on OS X and has it working…… any insights > >>> would be helpful. > >> > >> Here you're trying to build the daemon; don't do that :). Try, > >> > >> go install ./lxc > >> > >> Tycho > >> > >>> > >>> Thanks > >>> -Kevin > >>> > >>> > >>> > >>> On Jul 30, 2015, at 12:57 PM, Bill Anderson > >>> wrote: > >>> > >>>> > >>>>> On Jul 30, 2015, at 2:23 PM, Kevin LaTona wrote: > >>>>> > >>>>> > >>>>> Looking for any GO people on the list who might be able to help me > >>>>> dechiper what this error means which trying to install LXD CLI on to a > >>>>> OS X machine. > >>>>
Re: [lxc-users] LXD + OS X
I just walked through a bunch of path levels trying to see what might build. It looked like it did at one point build a client or But then I have not been able to locate it. Nor will it execute in the OS X terminal yet to even error out in any way to say it's found. it choked here /Users/kevin/.go/src/github.com/lxc it seemed like it was building here /Users/kevin/.go/src/github.com/lxc/lxd Then it chocked here /Users/kevin/.go/src/github.com/lxc/lxd/lxc I know development is smoking along here and folks are slammed. But right now there is zero docs about how to make this happen make a LXC client run on a OS X machine. Any thoughts from anyone who has it running under OS X are welcomed. -Kevin On Jul 31, 2015, at 12:50 PM, Kevin LaTona wrote: > > Thanks Tycho as it seems I am getting closer but not there yet. > > When I installed Go on this Mac I placed a folder at ~/.go > > From there I had Go install the LXD files based on what I found floating > about on the net. > > I think it's done correctly. > > > I took your suggestion and tried a few other path options and so far none are > working. > > > > It appears that Go is looking for a path at > > /Users/kevin/.go/src/github.com/lxc/lxc > > And what was installed in the /Users/kevin/.go/src/github.com path > > > Is a lxd folder and not a lxc folder at that level > > /Users/kevin/.go/src/github.com/lxc/lxd > > > > At this point not sure if the Go LXD script is looking at the wrong place. > > Or something was not install that should of been in the initial install > process. > > > I'll keep tweaking some things to see if it will kick in. > > But again if anyone has any insights on what or why this doing this… thanks. > > > -Kevin > > > > > > On Jul 30, 2015, at 11:44 PM, Tycho Andersen > wrote: > >> On Thu, Jul 30, 2015 at 03:27:44PM -0700, Kevin LaTona wrote: >>> Thanks Bill, that got me closer but it still is not working. >>> >>> >>> When I do a make I get back >>> >>> >>> lxd kevin$ make >>> go get -v -d ./... >>> go install -v ./... >>> github.com/lxc/lxd/lxd/migration >>> # github.com/lxc/lxd/lxd/migration >>> lxd/migration/migrate.go:38: undefined: lxc.Container >>> make: *** [default] Error 2 >>> >>> >>> If anyone is running the client on OS X and has it working…… any insights >>> would be helpful. >> >> Here you're trying to build the daemon; don't do that :). Try, >> >> go install ./lxc >> >> Tycho >> >>> >>> Thanks >>> -Kevin >>> >>> >>> >>> On Jul 30, 2015, at 12:57 PM, Bill Anderson >>> wrote: >>> >>>> >>>>> On Jul 30, 2015, at 2:23 PM, Kevin LaTona wrote: >>>>> >>>>> >>>>> Looking for any GO people on the list who might be able to help me >>>>> dechiper what this error means which trying to install LXD CLI on to a OS >>>>> X machine. >>>>> >>>>> If I check my current GO path on OS X it's at /usr/local/go >>>>> >>>>> Which is where GO installed it at. >>>>> >>>>> >>>>> I got the current LXD tar ball >>>>> CD to it's top folder and called make >>>>> >>>>> From here it give GO path not found error…….through out the whole make >>>>> script >>>>> >>>>> lxd-0.14 kevin$ make >>>>> go get -v -d ./... >>>>> package github.com/chai2010/gettext-go/gettext: cannot download, $GOPATH >>>>> not set. >>>> >>>> You need to set your GOPATH environment variable. This is where it will >>>> put the repo which ‘go get’ will get. Personally, I use $HOME/.go but it >>>> can be wherever you want it to be. See >>>> https://github.com/golang/go/wiki/GOPATH and/or >>>> http://www.ryanday.net/2012/10/01/installing-go-and-gopath/ for more >>>> details. >>> >> >>> ___ >>> lxc-users mailing list >>> lxc-users@lists.linuxcontainers.org >>> http://lists.linuxcontainers.org/listinfo/lxc-users >> >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
Thanks Tycho as it seems I am getting closer but not there yet. When I installed Go on this Mac I placed a folder at ~/.go From there I had Go install the LXD files based on what I found floating about on the net. I think it's done correctly. I took your suggestion and tried a few other path options and so far none are working. It appears that Go is looking for a path at /Users/kevin/.go/src/github.com/lxc/lxc And what was installed in the /Users/kevin/.go/src/github.com path Is a lxd folder and not a lxc folder at that level /Users/kevin/.go/src/github.com/lxc/lxd At this point not sure if the Go LXD script is looking at the wrong place. Or something was not install that should of been in the initial install process. I'll keep tweaking some things to see if it will kick in. But again if anyone has any insights on what or why this doing this… thanks. -Kevin On Jul 30, 2015, at 11:44 PM, Tycho Andersen wrote: > On Thu, Jul 30, 2015 at 03:27:44PM -0700, Kevin LaTona wrote: >> Thanks Bill, that got me closer but it still is not working. >> >> >> When I do a make I get back >> >> >> lxd kevin$ make >> go get -v -d ./... >> go install -v ./... >> github.com/lxc/lxd/lxd/migration >> # github.com/lxc/lxd/lxd/migration >> lxd/migration/migrate.go:38: undefined: lxc.Container >> make: *** [default] Error 2 >> >> >> If anyone is running the client on OS X and has it working…… any insights >> would be helpful. > > Here you're trying to build the daemon; don't do that :). Try, > > go install ./lxc > > Tycho > >> >> Thanks >> -Kevin >> >> >> >> On Jul 30, 2015, at 12:57 PM, Bill Anderson >> wrote: >> >>> >>>> On Jul 30, 2015, at 2:23 PM, Kevin LaTona wrote: >>>> >>>> >>>> Looking for any GO people on the list who might be able to help me >>>> dechiper what this error means which trying to install LXD CLI on to a OS >>>> X machine. >>>> >>>> If I check my current GO path on OS X it's at /usr/local/go >>>> >>>> Which is where GO installed it at. >>>> >>>> >>>> I got the current LXD tar ball >>>> CD to it's top folder and called make >>>> >>>> From here it give GO path not found error…….through out the whole make >>>> script >>>> >>>> lxd-0.14 kevin$ make >>>> go get -v -d ./... >>>> package github.com/chai2010/gettext-go/gettext: cannot download, $GOPATH >>>> not set. >>> >>> You need to set your GOPATH environment variable. This is where it will put >>> the repo which ‘go get’ will get. Personally, I use $HOME/.go but it can be >>> wherever you want it to be. See https://github.com/golang/go/wiki/GOPATH >>> and/or http://www.ryanday.net/2012/10/01/installing-go-and-gopath/ for >>> more details. >> > >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
Thanks Bill, that got me closer but it still is not working. When I do a make I get back lxd kevin$ make go get -v -d ./... go install -v ./... github.com/lxc/lxd/lxd/migration # github.com/lxc/lxd/lxd/migration lxd/migration/migrate.go:38: undefined: lxc.Container make: *** [default] Error 2 If anyone is running the client on OS X and has it working…… any insights would be helpful. Thanks -Kevin On Jul 30, 2015, at 12:57 PM, Bill Anderson wrote: > >> On Jul 30, 2015, at 2:23 PM, Kevin LaTona wrote: >> >> >> Looking for any GO people on the list who might be able to help me dechiper >> what this error means which trying to install LXD CLI on to a OS X machine. >> >> If I check my current GO path on OS X it's at /usr/local/go >> >> Which is where GO installed it at. >> >> >> I got the current LXD tar ball >> CD to it's top folder and called make >> >> From here it give GO path not found error…….through out the whole make script >> >> lxd-0.14 kevin$ make >> go get -v -d ./... >> package github.com/chai2010/gettext-go/gettext: cannot download, $GOPATH not >> set. > > You need to set your GOPATH environment variable. This is where it will put > the repo which ‘go get’ will get. Personally, I use $HOME/.go but it can be > wherever you want it to be. See https://github.com/golang/go/wiki/GOPATH > and/or http://www.ryanday.net/2012/10/01/installing-go-and-gopath/ for more > details. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
Looking for any GO people on the list who might be able to help me dechiper what this error means which trying to install LXD CLI on to a OS X machine. If I check my current GO path on OS X it's at /usr/local/go Which is where GO installed it at. I got the current LXD tar ball CD to it's top folder and called make From here it give GO path not found error…….through out the whole make script lxd-0.14 kevin$ make go get -v -d ./... package github.com/chai2010/gettext-go/gettext: cannot download, $GOPATH not set. Has any one tried doing this on OS X yet and can see what is going wrong here? -Kevin On Jul 25, 2015, at 7:17 AM, Stéphane Graber wrote: > On Fri, Jul 24, 2015 at 06:30:07PM -0700, Kevin LaTona wrote: >> >> >> >>> This is the first release of LXD where the client may be built on operating >>> systems >>> other than Linux. At the moment, MacOS X has been confirmed to work and >>> Windows is known not to work, >>> other Unix may work too but haven't been tested. >> >> >> I noticed this on the Linux Containers.org website today and it piqued my >> interest but not much else info to figure out what it really means yet. >> >> Does anyone know of any links to any other information that talks about it >> yet? >> >> The reference to a "client" is not making much sense to me, given I thought >> LXD runs as a daemon that allows a CLI or Rest interaction to a Host running >> LXC's >> >> >> -Kevin > > It means the CLI tool can be built and run on OSX. The daemon is > Linux-specific. > > > -- > Stéphane Graber > Ubuntu developer > http://www.ubuntu.com > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + OS X
On Jul 25, 2015, at 7:17 AM, Stéphane Graber wrote: > On Fri, Jul 24, 2015 at 06:30:07PM -0700, Kevin LaTona wrote: >> >>> This is the first release of LXD where the client may be built on operating >>> systems >>> other than Linux. At the moment, MacOS X has been confirmed to work and >>> Windows is known not to work, >>> other Unix may work too but haven't been tested. >> >> >> I noticed this on the Linux Containers.org website today and it piqued my >> interest but not much else info to figure out what it really means yet. >> >> Does anyone know of any links to any other information that talks about it >> yet? >> >> The reference to a "client" is not making much sense to me, given I thought >> LXD runs as a daemon that allows a CLI or Rest interaction to a Host running >> LXC's > > It means the CLI tool can be built and run on OSX. The daemon is > Linux-specific. Does this mean a SSH connection has now been incorporated into the LXD CLI tool running on a OS X machine and a Linux box? -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD + OS X
> This is the first release of LXD where the client may be built on operating > systems > other than Linux. At the moment, MacOS X has been confirmed to work and > Windows is known not to work, > other Unix may work too but haven't been tested. I noticed this on the Linux Containers.org website today and it piqued my interest but not much else info to figure out what it really means yet. Does anyone know of any links to any other information that talks about it yet? The reference to a "client" is not making much sense to me, given I thought LXD runs as a daemon that allows a CLI or Rest interaction to a Host running LXC's -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD server's HTTP header mime type appears to be incorrect
Typically when a JSON object is being returned it should be set as
"Content-Type: application/json" and not set to text/plain as some client code
may flag it as an error even though one can still read it.
('HTTP/1.0 200 OK\r\nDate: Sat, 13 Jun 2015 23:00:34 GMT\r\nContent-Length:
121\r\nContent-Type: text/plain; charset=utf-8\r\n\r\n', {u'status':
u'Success', u'status_code': 200, u'type': u'sync', u'metadata': {u'status':
u'STOPPED', u'status_code': 1, u'init': 0, u'ips': None}})
http://www.iana.org/assignments/media-types/media-types.xhtml___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] How to remove old trusted certs from LXD server
On Jun 1, 2015, at 12:57 PM, Serge Hallyn wrote: > Quoting Kevin LaTona (li...@studiosola.com): >> >> I tried the lxc config trust remove call and it's not working for me. >> >> This is how I sent in some test calls to delete past cert's. >> >> lxc config trust remove 40 8b 09 af a6 c7 75 41 ff 97 5c 97 79 61 75 39 75 >> 47 3a 57 b6 10 c7 96 52 04 7a f0 76 a3 d6 60 >> >> It did nothing so I removed the spaced and it did nothing so far. >> >> lxc config trust remove >> 429ac28733afc1aa71dade876b9e8463976dcc0c4dd0a616ebf8caa5ad2939ed > > Hm. Don't remove the spaces. > > lxc config trust remove "40 8b 09 af a6 c7 75 41 ff 97 5c 97 79 61 75 39 75 > 47 3a 57 b6 10 c7 96 52 04 7a f0 76 a3 d6 60" > > Kinda ugly, we should probably support removing the spaces. Agh…..Thanks spaced on adding the quotes around it. Never fails it's the simple things that get overlooked. No spaces could be a good idea to consider. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD newbie question
to verfiy LDX is running in terminal do a: ps aux | grep lxd this example shows LXD us running if you are not seeing some thing like than it's not running root 783 0.0 0.2 436592 19584 ?Ssl May26 0:15 /usr/bin/lxd --group lxd --tcp [::]:8443 this will tell what version you have lxc version 0.9 I found running LXD version 0.9 solved the booting problem you describe, so update soon. if you are running an older version of LXD you can kick start it with systemctl start lxd and then verify it's running with ps aux | grep lxd Also beware LDX requires TLSv1.2 openssl version OpenSSL 1.0.1f 6 Jan 2014 If you are version is lower than about 1.0.1x Looking into verifying your OpenSSL package does handle TLSv1.2 as this issue has been brewing for a good long while and hits everyone. This was a huge stumbling block for me just this past week so any older client machines will need to be updated to deal with this level of security. -Kevin___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 22, 2015, at 9:39 PM, Tycho Andersen
wrote:
> On Fri, May 22, 2015 at 09:32:05PM -0700, Kevin LaTona wrote:
>>
>> On May 22, 2015, at 9:13 PM, Tycho Andersen
>> wrote:
>>
>>> On Fri, May 22, 2015 at 05:14:06PM -0700, Kevin LaTona wrote:
>>>>
>>>> This past week or so I ran into an issue of not being able to connect a
>>>> test LXD rest server on my local network.
>>>>
>>>> I've tested this problem out from pretty much every angle I can think of.
>>>>
>>>> Every thing from fresh OS, server, SSL lib installs to upgrades of current
>>>> running apps on my machines.
>>>>
>>>>
>>>> Pretty much unless I am missing some small fundamental piece that is
>>>> preventing current shipping vivid server to allow connections to the LXD
>>>> rest server.
>>>>
>>>> My take is there is a bug .
>>>>
>>>> If this true, what is the best way to let the LXC team know about this to
>>>> see how to get to next step?
>>>>
>>>>
>>>> To sum it up I am able to connect to a public LXD rest server.
>>>>
>>>> # from vivid container --> public LXD server (
>>>> container to public )
>>>> curl -k https://images.linuxcontainers.org/1.0/images
>>>> # {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6
>>>>
>>>>
>>>> No matter how and from what angle I try connecting to a local test LXD
>>>> rest server it is having connections issues.
>>>>
>>>> # vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host
>>>> machine )
>>>> # this container can ping 192.168.0.50
>>>> curl -k https://192.168.0.50:8443/1.0/images
>>>> # curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>>>> certificate
>>>
>>> You probably need to pass --cert and --key to curl as well; you can
>>> see examples of this in the /tests directory.
>>
>>
>> I'll look into that to see if that helps.
>>
>>
>> Yet I am able to hit the images.linuxcontainers.org server from all ….
>
> Yes, images.linuxcontainers.org is not a real LXD server, it just
> implements parts of the rest API (the public bits).
There was enough of it running to help me figure out I am able to connect to a
LDX server at least.
I know the Request Library has a helper app in it deal with all the various
provider of certs to make it easier for folks to have to mess around.
But with self signed certs…….. all bets are off.
>
>> Using OS X, Ubuntu host and from Container and all with the same Curl
>> command calls.
>>
>> Which has me wondering why that server and not my local LXD rest server?
>>
>> So far makes zero sense to me and the Rest server should make things simpler
>> in the end.
>>
>>
>>
>> Unless I am missing something in configs or settings some where else… or
>> there is bug.
>>
>>
>> I've chased enough code problems to know when you hammer on it from all
>> possible ways.
>>
>> And it's working part of the time….. some thing is off as it's just not
>> making sense.
>>
>> Plus I am not seeing any mention in LXD docs about need for cert and keys
>> for this kind of call.
>
> I suppose there's no reason we couldn't allow requests without a
> client cert to work for unauthenticated requests; I don't anticipate
> it being a hugely common use case, though, as most people should be
> using a client or API to access LXD.
It was a dim light in the end of tunnel figuring out why some people must
having it work and I can't so far.
Either some one is not documented something important in the publically
published doc's or ?
>
>>
>> If I need them for the local server I would need them for the pulbic server
>> as well since Linuxcontainers is using self signed cert on that site.
>
> images.linuxcontainers.org shouldn't be using a self signed cert; LXD
> does, though.
>
This is what info the lc.org cert shows
> Tycho
>
>>
>>
>> -Kevin
>>
>>
>>
>>
>>
>>
>>
>>
>>
>>> Tycho
>>>
>>>>
>>>>
>>>> # OS X term window --> vivid server(same 192.168.x.x
>>>> net
[lxc-users] How to remove old trusted certs from LXD server
I tried the lxc config trust remove call and it's not working for me. This is how I sent in some test calls to delete past cert's. lxc config trust remove 40 8b 09 af a6 c7 75 41 ff 97 5c 97 79 61 75 39 75 47 3a 57 b6 10 c7 96 52 04 7a f0 76 a3 d6 60 It did nothing so I removed the spaced and it did nothing so far. lxc config trust remove 429ac28733afc1aa71dade876b9e8463976dcc0c4dd0a616ebf8caa5ad2939ed Any thoughts how to get this going again? Thanks -Kevin___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
After chasing down all kind of SSL errors coming from every which way and as it turns out for the most part not from the LDX server . This shift to using TLSv1.2 in LDX server is a big deal at the OS level on older machines. Save yourself loads of time and run ( openssl version ) in terminal. If it's lower than OpenSSL 1.0.1f 6 ( Jan 2014 ) best visit OpenSSL.org to verify what verision you have running will work or not. For Mac users on the list I ended using Brew and installed a new version of Python 2.7.9 with OpenSSL 1.0.2a 19 (Mar 2015) embedded within Python. From all I read don't mess with the OpenSSL binary that Apple installed…. Just leave it be. Also Mac users the LXD client.crt needs to be installed in your key chain… double click the crt and verify you trust the items you want in the popups. Finally make sure you run a ( lxc config trust add ~/.config/lxc/client.crt ) on the server. Thanks to all who jumped in here to lend me a hand as in a nutshell when SSL goes sideways it's one huge PITA to fix. -Kevin On May 26, 2015, at 10:09 PM, Tycho Andersen wrote: Again if there is any Pythonista on this LXC mailing list who has been able to get TLS1_2 wrapped and working with Requests. >>> >>> I just wrote http://tycho.ws/blog/2015/05/lxd-python.html which works >>> fine for me on Ubuntu. >> >> >> Looks good should help folks with correct machine setups to see how easy it >> can be. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 26, 2015, at 4:37 PM, Tycho Andersen wrote: > I just wrote http://tycho.ws/blog/2015/05/lxd-python.html which works > fine for me on Ubuntu. In Tycho's blog post he was connecting to the LXD server locally. When one is logging in via a remote client to a LXD rest server what files would be used by the remote client software for the SSL connection given this is a self signed cert? -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 26, 2015, at 4:37 PM, Tycho Andersen wrote: > Hi Kevin, > > On Mon, May 25, 2015 at 07:38:12PM -0700, Kevin LaTona wrote: >> >> On May 25, 2015, at 12:16 PM, Kevin LaTona wrote: >> >>> The simplest way I found so far to connect from a Mac running 10.8.5 to the >>> LDX 0.9 rest server is using a Python Subprocess call via SSH into the host >>> machine which runs a Curl call to the LXD server which then returns the >>> JSON/Dict object. >>> >>> While it sounds like a round about way to get there, it's the only way I >>> have found so far to bypass the surrounding issue of getting TLS1_2 to run >>> on OS X 10.8.5 and or Python 2.7.9. >>> >> >> >> Well that was one really short lived idea. >> >> Making those ssh based subprocess calls to the host is just not cutting it >> from me after all, even if it does work the overhead cost to do them kind of >> kills the idea for all but simple use. >> >> I was really wanting to stick by and use the LXD Rest server and not have to >> re-invent the wheel here. >> >> >> Guess it's not going to happen, so instead I've decided to create a Python >> based Tornado Rest server running on the host and calling the LXD Cli calls. >> >> This way I can back the SSL library down from the TLS1_2 idea. I guess some >> need that level of security, for now I can live without it. >> >> >> Plus Tornado opens up some other areas to look at doing some container >> management like ideas. >> >> So this may turn out better over the long haul until LXD matures and becomes >> a bit more solid. >> >> >> >> >>> >>> If there is any Python users on this list using the Requests module and has >>> it working with both TLS1_2 and the LXD rest server, please share your >>> process. >> >> >> Again if there is any Pythonista on this LXC mailing list who has been able >> to get TLS1_2 wrapped and working with Requests. > > I just wrote http://tycho.ws/blog/2015/05/lxd-python.html which works > fine for me on Ubuntu. Looks good should help folks with correct machine setups to see how easy it can be. > > I do have an old OSX system laying around so I tried it there and got > an SSL error. It looks like the version of SSL it has only has TLS 1.0 > built in. I don't really know anything about OSX, but the obvious > solution seems to be to use the above program and a version of openssl > that has TLS 1.2 compiled in. Perhaps upgrading OSX or using some > package manager to give you an new libssl would work. It appears the big road block here right now is Apple's use of an outdated OpenSSL library that makes using TSL1_2 impossible with out access to a newer version of OpenSSL. Maybe that is possible with 10.10 or even 10.9, but right now I need to keep this machine frozen at 10.8.5. The pylxd app mentioned in your blog looks interesting since it's using unix domain sockets. If that ends up getting access to lxc calls without having to make ny kind of a subprocess call to command line, it may turn out to be a tad bit faster when interfacing with this Tornado rest server I am working on. It's pretty clear to me now that if anyone has any client that can not use TSL1_2 that the only way to efficient access a LXD server will be by running their own server on the host as well. Or totally bypassing LXD and go back to using legacy LXC calls. If there is any Mac users on the list that know of a way that allows OS X 10.8.5 and Python 2.7.10 to use newer versions of OpenSSL, let me now how you did it, if you care to share. Tycho ….thanks for looking into this and sharing what you found out. -Kevin > > Tycho > >> It would really be great if you could share a blog link or even a bit code >> as it's one messy thing to get all those parts working. >> >> >> So in the end LXD rest server is working, but sure is one tough nut to crack >> right now… hopefully some of these TLS like setup issues will smooth out >> over time. >> >> -Kevin >> >> >> >> >> >> >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 25, 2015, at 12:16 PM, Kevin LaTona wrote: > The simplest way I found so far to connect from a Mac running 10.8.5 to the > LDX 0.9 rest server is using a Python Subprocess call via SSH into the host > machine which runs a Curl call to the LXD server which then returns the > JSON/Dict object. > > While it sounds like a round about way to get there, it's the only way I have > found so far to bypass the surrounding issue of getting TLS1_2 to run on OS X > 10.8.5 and or Python 2.7.9. > Well that was one really short lived idea. Making those ssh based subprocess calls to the host is just not cutting it from me after all, even if it does work the overhead cost to do them kind of kills the idea for all but simple use. I was really wanting to stick by and use the LXD Rest server and not have to re-invent the wheel here. Guess it's not going to happen, so instead I've decided to create a Python based Tornado Rest server running on the host and calling the LXD Cli calls. This way I can back the SSL library down from the TLS1_2 idea. I guess some need that level of security, for now I can live without it. Plus Tornado opens up some other areas to look at doing some container management like ideas. So this may turn out better over the long haul until LXD matures and becomes a bit more solid. > > If there is any Python users on this list using the Requests module and has > it working with both TLS1_2 and the LXD rest server, please share your > process. Again if there is any Pythonista on this LXC mailing list who has been able to get TLS1_2 wrapped and working with Requests. It would really be great if you could share a blog link or even a bit code as it's one messy thing to get all those parts working. So in the end LXD rest server is working, but sure is one tough nut to crack right now… hopefully some of these TLS like setup issues will smooth out over time. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 25, 2015, at 12:16 PM, Kevin LaTona wrote: > The simplest way I found so far to connect from a Mac running 10.8.5 to the > LDX 0.9 rest server is using a Python Subprocess call via SSH into the host > machine which runs a Curl call to the LXD server which then returns the > JSON/Dict object. > > While it sounds like a round about way to get there, it's the only way I have > found so far to bypass the surrounding issue of getting TLS1_2 to run on OS X > 10.8.5 and or Python 2.7.9. > Well that was one really short lived idea. Making those ssh based subprocess calls to the host is just not cutting it from me after all, even if it does work the overhead cost to do them kind of kills the idea for all but simple use. I was really wanting to stick by and use the LXD Rest server and not have to re-invent the wheel here. Guess it's not going to happen, so instead I've decided to create a Python based Tornado Rest server running on the host and calling the LXD Cli calls. This way I can back the SSL library down from the TLS1_2 idea. I guess some need that level of security, for now I can live without it. Plus Tornado opens up some other areas to look at doing some container management like ideas. So this may turn out better over the long haul until LXD matures and becomes a bit more solid. > > If there is any Python users on this list using the Requests module and has > it working with both TLS1_2 and the LXD rest server, please share your > process. Again if there is any Pythonista on this LXC mailing list who has been able to get TLS1_2 wrapped and working with Requests. It would really be great if you could share a blog link or even a bit code as it's one messy thing to get all those parts working. So in the end LXD rest server is working, but sure is one tough nut to crack right now… hopefully some of these TLS like setup issues will smooth out over time. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
If one is using Mac OS X 10.8.5, Python 2.7.9, Requests or Curl, unless you can get them config'd to work with TLS1_2, the LXD rest server is not going to work for you. The simplest way I found so far to connect from a Mac running 10.8.5 to the LDX 0.9 rest server is using a Python Subprocess call via SSH into the host machine which runs a Curl call to the LXD server which then returns the JSON/Dict object. While it sounds like a round about way to get there, it's the only way I have found so far to bypass the surrounding issue of getting TLS1_2 to run on OS X 10.8.5 and or Python 2.7.9. If there is any Python users on this list using the Requests module and has it working with both TLS1_2 and the LXD rest server, please share your process. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 23, 2015, at 1:24 PM, Janjaap Bos wrote:
> Try removing the trailing / from the url.
Got error message again.
>
> 2015-05-23 22:17 GMT+02:00 Kevin LaTona :
>
> add local sends back an error
>
> root@kev:/home/kev# lxc remote add local 192.168.0.50:8443
>
> error: remote local exists as
>
>
>
>
> running just wget ( I've not used wget before ) so I am not sure how or if
> it's possible to send in the host name now or ??
>
>
>
>
> root@kev:~/.config/lxc# wget --no-check-certificate
> https://192.168.0.50:8443/1.0/ --certificate=client.crt
> --private-key=client.key -O - -v
>
> --2015-05-23 13:12:13-- https://192.168.0.50:8443/1.0/
>
> Connecting to 192.168.0.50:8443... connected.
> WARNING: cannot verify 192.168.0.50's certificate, issued by
> ‘O=linuxcontainer.org’:
> Unable to locally verify the issuer's authority.
> WARNING: certificate common name ‘’ doesn't match requested host name
> ‘192.168.0.50’.
> HTTP request sent, awaiting response... 404 Not Found
> 2015-05-23 13:12:13 ERROR 404: Not Found.
>
>
>
> Sounds like LXD server is working for you….. but still no idea why it's not
> for me yet.
>
>
> -Kevin
>
>
>
>
> On May 23, 2015, at 12:26 PM, Janjaap Bos wrote:
>
>> Remove the /finger from the url given in the example, as that is no longer a
>> published service.
>>
>> This is from OSX, using wget.
>>
>> wget --no-check-certificate https://myhost:8443/1.0 --certificate=client.crt
>> --private-key=client.key -O - -q
>>
>> {"type":"sync","status":"Success","status_code":200,"metadata":{"api_compat":1,"auth":"trusted","config":{"trust-password":true},"environment":{"backing_fs":"ext4","driver":"lxc","kernel_version":"3.16.0-37-generic","lxc_version":"1.1.0","lxd_version":"0.9"}}}
>>
>>
>> 2015-05-23 21:16 GMT+02:00 Janjaap Bos :
>> Before trying at OSX, make sure it works on your LXD host.
>>
>> Follow the steps for hacking on:
>>
>> https://github.com/lxc/lxd
>>
>> It works for me.
>> Hacking
>>
>> Sometimes it is useful to view the raw response that LXD sends; you can do
>> this by:
>>
>> lxc config set password foo
>> lxc remote add local 127.0.0.1:8443
>> wget --no-check-certificate https://127.0.0.1:8443/1.0/finger
>> --certificate=$HOME/.config/lxc/client.crt
>> --private-key=$HOME/.config/lxc/client.key -O - -q
>>
>>
>> 2015-05-23 21:13 GMT+02:00 Kevin LaTona :
>>
>>
>> I noticed I did not run the lxc config trust add client.crt call as
>> suggested earlier.
>>
>> So I
>>
>> cd
>> /root/.config/lxc
>>
>> lxc config trust add client.crt
>>
>>
>> then
>>
>> lxc config trust list
>>
>> and got to finger prints back
>>
>>
>>
>> Next ran
>>
>>
>> curl -v -k https://192.168.0.50:8443/1.0/images
>>
>> * Hostname was NOT found in DNS cache
>> * Trying 192.168.0.50...
>> * Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0)
>> * successfully set certificate verify locations:
>> * CAfile: none
>> CApath: /etc/ssl/certs
>> * SSLv3, TLS handshake, Client hello (1):
>> * SSLv3, TLS handshake, Server hello (2):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Server key exchange (12):
>> * SSLv3, TLS handshake, Request CERT (13):
>> * SSLv3, TLS handshake, Server finished (14):
>> * SSLv3, TLS handshake, CERT (11):
>> * SSLv3, TLS handshake, Client key exchange (16):
>> * SSLv3, TLS change cipher, Client hello (1):
>> * SSLv3, TLS handshake, Finished (20):
>> * SSLv3, TLS alert, Server hello (2):
>> * error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
>> * Closing connection 0
>> curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>> certificate
>>
>>
>> root@c5:~#
>>
>>
>>
>>
>> Unless I am missing another config step here.
>>
>> Sure looks like the LDX image server is sending out bad certs into the wild.
>>
>>
>> -Kevin
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>>
>>
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
add local sends back an error
root@kev:/home/kev# lxc remote add local 192.168.0.50:8443
error: remote local exists as
running just wget ( I've not used wget before ) so I am not sure how or if
it's possible to send in the host name now or ??
root@kev:~/.config/lxc# wget --no-check-certificate
https://192.168.0.50:8443/1.0/ --certificate=client.crt
--private-key=client.key -O - -v
--2015-05-23 13:12:13-- https://192.168.0.50:8443/1.0/
Connecting to 192.168.0.50:8443... connected.
WARNING: cannot verify 192.168.0.50's certificate, issued by
‘O=linuxcontainer.org’:
Unable to locally verify the issuer's authority.
WARNING: certificate common name ‘’ doesn't match requested host name
‘192.168.0.50’.
HTTP request sent, awaiting response... 404 Not Found
2015-05-23 13:12:13 ERROR 404: Not Found.
Sounds like LXD server is working for you….. but still no idea why it's not for
me yet.
-Kevin
On May 23, 2015, at 12:26 PM, Janjaap Bos wrote:
> Remove the /finger from the url given in the example, as that is no longer a
> published service.
>
> This is from OSX, using wget.
>
> wget --no-check-certificate https://myhost:8443/1.0 --certificate=client.crt
> --private-key=client.key -O - -q
>
> {"type":"sync","status":"Success","status_code":200,"metadata":{"api_compat":1,"auth":"trusted","config":{"trust-password":true},"environment":{"backing_fs":"ext4","driver":"lxc","kernel_version":"3.16.0-37-generic","lxc_version":"1.1.0","lxd_version":"0.9"}}}
>
>
> 2015-05-23 21:16 GMT+02:00 Janjaap Bos :
> Before trying at OSX, make sure it works on your LXD host.
>
> Follow the steps for hacking on:
>
> https://github.com/lxc/lxd
>
> It works for me.
> Hacking
>
> Sometimes it is useful to view the raw response that LXD sends; you can do
> this by:
>
> lxc config set password foo
> lxc remote add local 127.0.0.1:8443
> wget --no-check-certificate https://127.0.0.1:8443/1.0/finger
> --certificate=$HOME/.config/lxc/client.crt
> --private-key=$HOME/.config/lxc/client.key -O - -q
>
>
> 2015-05-23 21:13 GMT+02:00 Kevin LaTona :
>
>
> I noticed I did not run the lxc config trust add client.crt call as suggested
> earlier.
>
> So I
>
> cd
> /root/.config/lxc
>
> lxc config trust add client.crt
>
>
> then
>
> lxc config trust list
>
> and got to finger prints back
>
>
>
> Next ran
>
>
> curl -v -k https://192.168.0.50:8443/1.0/images
>
> * Hostname was NOT found in DNS cache
> * Trying 192.168.0.50...
> * Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0)
> * successfully set certificate verify locations:
> * CAfile: none
> CApath: /etc/ssl/certs
> * SSLv3, TLS handshake, Client hello (1):
> * SSLv3, TLS handshake, Server hello (2):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Server key exchange (12):
> * SSLv3, TLS handshake, Request CERT (13):
> * SSLv3, TLS handshake, Server finished (14):
> * SSLv3, TLS handshake, CERT (11):
> * SSLv3, TLS handshake, Client key exchange (16):
> * SSLv3, TLS change cipher, Client hello (1):
> * SSLv3, TLS handshake, Finished (20):
> * SSLv3, TLS alert, Server hello (2):
> * error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate
> * Closing connection 0
> curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate
>
>
> root@c5:~#
>
>
>
>
> Unless I am missing another config step here.
>
> Sure looks like the LDX image server is sending out bad certs into the wild.
>
>
> -Kevin
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
I noticed I did not run the lxc config trust add client.crt call as suggested earlier. So I cd /root/.config/lxc lxc config trust add client.crt then lxc config trust list and got to finger prints back Next ran curl -v -k https://192.168.0.50:8443/1.0/images * Hostname was NOT found in DNS cache * Trying 192.168.0.50... * Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate * Closing connection 0 curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate root@c5:~# Unless I am missing another config step here. Sure looks like the LDX image server is sending out bad certs into the wild. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
I am still sorting out issues with OS X SSL certs OS things. In between that I just ran a test from a LXC container running on my local Vivid host. Earlier today I re-ran the lxc remote add lxc-org images.linuxcontainers.org call replacing all files at /root/.config/lxc with new in case something there was not in step or bad. Next I rebooted server and fired up a new container ran a call against the host LXD server and I still am getting errors. root@c5:~# curl -v -k https://192.168.0.50:8443/1.0/images * Hostname was NOT found in DNS cache * Trying 192.168.0.50... * Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0) * successfully set certificate verify locations: * CAfile: none CApath: /etc/ssl/certs * SSLv3, TLS handshake, Client hello (1): * SSLv3, TLS handshake, Server hello (2): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Server key exchange (12): * SSLv3, TLS handshake, Request CERT (13): * SSLv3, TLS handshake, Server finished (14): * SSLv3, TLS handshake, CERT (11): * SSLv3, TLS handshake, Client key exchange (16): * SSLv3, TLS change cipher, Client hello (1): * SSLv3, TLS handshake, Finished (20): * SSLv3, TLS alert, Server hello (2): * error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate * Closing connection 0 curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad certificate root@c5:~# Ran another call against curl -k https://images.linuxcontainers.org/1.0/images from this container and it's working fine. From the curl error message I assuming that the LXD image server is sending out bad certs for servers to use and work from or The version and setup of curl used for test. root@c5:~# curl -V curl 7.35.0 (x86_64-pc-linux-gnu) libcurl/7.35.0 OpenSSL/1.0.1f zlib/1.2.8 libidn/1.28 librtmp/2.3 Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtmp rtsp smtp smtps telnet tftp Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz TLS-SRP Any one have any thoughts on how to get to next step? -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 23, 2015, at 12:13 AM, Janjaap Bos wrote: > Yes, you are a step further now that TLS is spoken. However, I would suggest > to first get your test working locally on the lxd server, since my homebrew > OSX curl has further restrictions. You can only use certificates that are in > the keychain: > * WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private > key must be in the Keychain. > * WARNING: SSL: Certificate type not set, assuming PKCS#12 format. When I did all of the steps you suggested the nev version of Curl sent back curl: (58) SSL: Can't load the certificate "server.crt" and its private key: OSStatus -50 I tried to import the server.crt into keychain and it choked. Not sure why maybe it just didn't like how I created it or ??? > > When trying your example on my lxd server, I do the following steps (as root > user). > > # cd /root/.config/lxc > # ls > client.crt client.key config.yml servercerts Interesting as the config.yaml and servercert where not in my folder just now. I double checked my steps taken notes and do see I issued a call to lxc remote add lxc-org images.linuxcontainers.org And it did not load at the the initial call set up time. > > Now, if you don't have these files, use can get them by doing the following: > # lxc remote add lxc-org images.linuxcontainers.org I did just re call this "remote add" call And this time it added all the files and not only some of them. > > This should also initialise the local client certificate if it does not exist. > > Then: > # lxc config trust add client.crt > # lxc config trust list > This should list the fingerprint. > > And it should work: > # curl --key client.key --cert client.crt -v -k > https://localhost:8443/1.0/images > > (do not use the -s option as it will suppress the output) /usr/local/Cellar/curl/7.42.1/bin/curl --cert server.crt --key server.key -v -k https://192.168.0.50:8443/ * Trying 192.168.0.50... * Connected to 192.168.0.50 (192.168.0.50) port 8443 (#0) * WARNING: SSL: CURLOPT_SSLKEY is ignored by Secure Transport. The private key must be in the Keychain. * WARNING: SSL: Certificate type not set, assuming PKCS#12 format. * SSL: Can't load the certificate "server.crt" and its private key: OSStatus -50 * Closing connection 0 curl: (58) SSL: Can't load the certificate "server.crt" and its private key: OSStatus -50 Well it's closer to working now. I still need to resolve how to get the private cert into to OS X's keychain. Hopefully if any other OS X users come along and find these notes it will help them get it working or closer to finding out how to get it all going on Macs connecting to Ubuntu 15.04 Vivid. -Kevin > > > 2015-05-23 7:53 GMT+02:00 Kevin LaTona : > > On May 22, 2015, at 10:33 PM, Kevin LaTona wrote: > >>> Ok, but you are testing with a curl that does not support TLS. That is why >>> you cannot connect to that particular LXD instance. Depending on the OS and >>> distribution, other LXD instances may still support SSL. >>> >>> > > > > > I did a quick upgrade of curl to 7.42.1 > > Now when I try it > > /usr/local/Cellar/curl/7.42.1/bin/curl -s --cert server.crt --key server.key > -k https://192.168.0.50:8443/1.0/images > > I know I don't want to mess with Apple's install of Curl for now. > > > I get curl: (35) SSL peer handshake failed, the server most likely > requires a client certificate to connect > > So maybe I am getting closer and some thing is off with the cert I just made. > > > Would be nice to know what version of LDX is running at linuxcontainers.org > > It sure might help saving lots of time chasing after another avenue that in > the end may or may not solve problem. > > -Kevin > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 22, 2015, at 10:33 PM, Kevin LaTona wrote: >> Ok, but you are testing with a curl that does not support TLS. That is why >> you cannot connect to that particular LXD instance. Depending on the OS and >> distribution, other LXD instances may still support SSL. >> >> I did a quick upgrade of curl to 7.42.1 Now when I try it /usr/local/Cellar/curl/7.42.1/bin/curl -s --cert server.crt --key server.key -k https://192.168.0.50:8443/1.0/images I know I don't want to mess with Apple's install of Curl for now. I get curl: (35) SSL peer handshake failed, the server most likely requires a client certificate to connect So maybe I am getting closer and some thing is off with the cert I just made. Would be nice to know what version of LDX is running at linuxcontainers.org It sure might help saving lots of time chasing after another avenue that in the end may or may not solve problem. -Kevin___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
I see your point and that makes good sense.
I currently have no idea what version of LXD is running at
images.linuxcontainers.org.
If it's older that makes sense as I am running 0.9 and was running 0.7 and had
issue with both
Right now I am working on creating certs to see if that solves problem.
At this point I was thinking lc.org would be running latest version.
Thanks for your thoughts.
-Kevin
On May 22, 2015, at 10:18 PM, Janjaap Bos wrote:
> Ok, but you are testing with a curl that does not support TLS. That is why
> you cannot connect to that particular LXD instance. Depending on the OS and
> distribution, other LXD instances may still support SSL.
> Op 23 mei 2015 07:12 schreef "Kevin LaTona" :
>
>
> Thanks… but I actually have no plans to use Curl.
>
> It was the only tool I had that I could test all the various connections with
> one common tool most folks have.
>
> To see what LXD servers I could or could not connect to.
>
>
> My core problem is I can connect to a single Public LDX rest server,
>
> But so far after hammering away for about a week now at finding out why I
> can't hit my local test LXD rest server?
>
> It's only my network and the port is open… but it keeps sending errors and
> alerts with the same calls to the public one that works.
>
> I have to assume both should responded the same way to the same calls.
>
> But one works the other not.
>
> -Kevin
>
>
>
> On May 22, 2015, at 9:51 PM, Janjaap Bos wrote:
>
>> You should upgrade your local curl, so it uses TLS and not SSL which is no
>> longer secure, and therefore disabled at the server. I guess the images
>> repo still accepts SSL.
>> Op 23 mei 2015 02:14 schreef "Kevin LaTona" :
>>
>> This past week or so I ran into an issue of not being able to connect a test
>> LXD rest server on my local network.
>>
>> I've tested this problem out from pretty much every angle I can think of.
>>
>> Every thing from fresh OS, server, SSL lib installs to upgrades of current
>> running apps on my machines.
>>
>>
>> Pretty much unless I am missing some small fundamental piece that is
>> preventing current shipping vivid server to allow connections to the LXD
>> rest server.
>>
>> My take is there is a bug .
>>
>> If this true, what is the best way to let the LXC team know about this to
>> see how to get to next step?
>>
>>
>> To sum it up I am able to connect to a public LXD rest server.
>>
>> # from vivid container --> public LXD server ( container
>> to public )
>> curl -k https://images.linuxcontainers.org/1.0/images
>> # {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6
>>
>>
>> No matter how and from what angle I try connecting to a local test LXD rest
>> server it is having connections issues.
>>
>> # vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host
>> machine )
>> # this container can ping 192.168.0.50
>> curl -k https://192.168.0.50:8443/1.0/images
>> # curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>> certificate
>>
>>
>>
>> # OS X term window --> vivid server(same 192.168.x.x network)
>> curl -k https://192.168.0.50:8443/1.0/images
>> # curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
>> protocol version
>>
>>
>>
>> If any one has any ideas or suggestions please send them along.
>>
>> -Kevin
>>
>>
>>
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
Thanks… but I actually have no plans to use Curl.
It was the only tool I had that I could test all the various connections with
one common tool most folks have.
To see what LXD servers I could or could not connect to.
My core problem is I can connect to a single Public LDX rest server,
But so far after hammering away for about a week now at finding out why I
can't hit my local test LXD rest server?
It's only my network and the port is open… but it keeps sending errors and
alerts with the same calls to the public one that works.
I have to assume both should responded the same way to the same calls.
But one works the other not.
-Kevin
On May 22, 2015, at 9:51 PM, Janjaap Bos wrote:
> You should upgrade your local curl, so it uses TLS and not SSL which is no
> longer secure, and therefore disabled at the server. I guess the images repo
> still accepts SSL.
> Op 23 mei 2015 02:14 schreef "Kevin LaTona" :
>
> This past week or so I ran into an issue of not being able to connect a test
> LXD rest server on my local network.
>
> I've tested this problem out from pretty much every angle I can think of.
>
> Every thing from fresh OS, server, SSL lib installs to upgrades of current
> running apps on my machines.
>
>
> Pretty much unless I am missing some small fundamental piece that is
> preventing current shipping vivid server to allow connections to the LXD rest
> server.
>
> My take is there is a bug .
>
> If this true, what is the best way to let the LXC team know about this to see
> how to get to next step?
>
>
> To sum it up I am able to connect to a public LXD rest server.
>
> # from vivid container --> public LXD server ( container
> to public )
> curl -k https://images.linuxcontainers.org/1.0/images
> # {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6
>
>
> No matter how and from what angle I try connecting to a local test LXD rest
> server it is having connections issues.
>
> # vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host
> machine )
> # this container can ping 192.168.0.50
> curl -k https://192.168.0.50:8443/1.0/images
> # curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
> certificate
>
>
>
> # OS X term window --> vivid server(same 192.168.x.x network)
> curl -k https://192.168.0.50:8443/1.0/images
> # curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
> protocol version
>
>
>
> If any one has any ideas or suggestions please send them along.
>
> -Kevin
>
>
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] What is the best way to report bug issues with LXD rest server?
On May 22, 2015, at 9:13 PM, Tycho Andersen
wrote:
> On Fri, May 22, 2015 at 05:14:06PM -0700, Kevin LaTona wrote:
>>
>> This past week or so I ran into an issue of not being able to connect a test
>> LXD rest server on my local network.
>>
>> I've tested this problem out from pretty much every angle I can think of.
>>
>> Every thing from fresh OS, server, SSL lib installs to upgrades of current
>> running apps on my machines.
>>
>>
>> Pretty much unless I am missing some small fundamental piece that is
>> preventing current shipping vivid server to allow connections to the LXD
>> rest server.
>>
>> My take is there is a bug .
>>
>> If this true, what is the best way to let the LXC team know about this to
>> see how to get to next step?
>>
>>
>> To sum it up I am able to connect to a public LXD rest server.
>>
>> # from vivid container --> public LXD server ( container
>> to public )
>> curl -k https://images.linuxcontainers.org/1.0/images
>> # {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6
>>
>>
>> No matter how and from what angle I try connecting to a local test LXD rest
>> server it is having connections issues.
>>
>> # vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host
>> machine )
>> # this container can ping 192.168.0.50
>> curl -k https://192.168.0.50:8443/1.0/images
>> # curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
>> certificate
>
> You probably need to pass --cert and --key to curl as well; you can
> see examples of this in the /tests directory.
I'll look into that to see if that helps.
Yet I am able to hit the images.linuxcontainers.org server from all ….
Using OS X, Ubuntu host and from Container and all with the same Curl command
calls.
Which has me wondering why that server and not my local LXD rest server?
So far makes zero sense to me and the Rest server should make things simpler in
the end.
Unless I am missing something in configs or settings some where else… or there
is bug.
I've chased enough code problems to know when you hammer on it from all
possible ways.
And it's working part of the time….. some thing is off as it's just not making
sense.
Plus I am not seeing any mention in LXD docs about need for cert and keys for
this kind of call.
If I need them for the local server I would need them for the pulbic server as
well since Linuxcontainers is using self signed cert on that site.
-Kevin
> Tycho
>
>>
>>
>> # OS X term window --> vivid server(same 192.168.x.x network)
>> curl -k https://192.168.0.50:8443/1.0/images
>> # curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
>> protocol version
>>
>>
>>
>> If any one has any ideas or suggestions please send them along.
>>
>> -Kevin
>>
>>
>>
>> ___
>> lxc-users mailing list
>> lxc-users@lists.linuxcontainers.org
>> http://lists.linuxcontainers.org/listinfo/lxc-users
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXC shell argument -- what, what and how
Cool …. never had I need to do something like that before now. Thanks…. -Kevin On May 22, 2015, at 8:25 PM, Mark Constable wrote: > On Fri, 22 May 2015 08:06:13 PM Kevin LaTona wrote: >> Can any one clue me in on what the -- is used for in the >> lxc exec call? > > It's a shell thing. Anything before the -- is passed directly > to the calling program and anything after the -- is ignored but > generally available to any program launched by the first program. > > lxc exec sysadm ls -l > > vs > > lxc exec sysadm ls -- -l > lxc exec sysadm ls -- -la > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXC shell argument -- what, what and how
Can any one clue me in on what the -- is used for in the lxc exec call? So far I can't seem to find anything about it in the docs. Not sure if it is a LDX thing or Shell thing or a Linux thing. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] using lxc to run untrusted code
Alex Also look at this for ideas http://pythontutor.com the code is up on github as I recall. So while this is meant to debug and teach folks how to write Python. There might be some good ideas in the code base to help you along faster since it's running Python code in a web browser. -Kevin On May 22, 2015, at 6:23 PM, Kevin LaTona wrote: > > Alex, > > > I would say yes, depending on you final needs it is possible to do what you > are asking for. > > Back at PyCon 2013 during a Lighting talk when Docker was first shown > publicly what you are asking for kind was one the selling points back then > for Docker. > > Also back in those early days Docker was based on LXC's. > > https://www.youtube.com/watch?v=wW9CAH9nSLs > > > You also should spend some time here as it's a good starting point to get a > good background on LXC and LXD. > https://linuxcontainers.org/lxc/getting-started/ > > > AWS is in my back yard and some months back at local meeting a AWS PM was > showing off their AWS Lambda service. When I saw it was only running NodeJS > code. We were told that it was possible to spin up Python from Node in one of > these AWS Lambda's. > > The PM for it stated that AWS was going to be offering other languages like > Python, Ruby, Scala, etc etc. But were starting out with NodeJS given their > existing client base it made the most the sense to start there to work out > the issues. > > But it does kind of do what you are asking for as service and not having to > managing anything on the back side. I recall it also tied into S3 in some > manner or other. > > I have to think there are other options out there as well. Heck AWS seems to > be adding something new every few weeks. > > Google has offerings and I am sure others do as well along these > micro-service like ideas. > > I recall hearing about a service called something like Python anywhere or > everywhere. So you may want to Google around to see if that is close to want > you are after. > > Maybe some one else might chime in here to add in some other thoughts and > ideas for you. > > Bottom line is yes LXC can do it and give you ways to control things. Given > you want to run Python code in the wild…. no matter how you deal it with it's > going to have issues to look after. > > -Kevin > > > > On May 22, 2015, at 5:38 PM, Alex Flint wrote: > >> I'm writing a web application that runs untrusted user code (python scripts >> uploaded as strings through a web form) and I'm trying to understand whether >> LXC is the right tool for the job: >> >> - I need to prevent user code from tampering with the server on which it's >> running. Mostly I want to isolate the user code within some filesystem, and >> restrict access to network ports and a few other system resources. >> >> - Latency is very important to me. I want to receive some user code, do >> whatever setup is required, run the code, and do whatever teardown is >> required all within ~100ms. >> >> - I do _not_ need to support different operating system. In fact ideally I >> would like to have the python interpreter and the whole python environment >> live on the host OS, not within the container. I would (ideally) launch the >> python interpreter in the host OS and then isolate it within an LXC >> container before running the user code. Or something like this. >> >> I understand that what I'm trying to do is not exactly a typical >> containerization scenario. Is LXC a good fit for me? Can you suggest how I >> could use LXC to achieve the above? >> >> Thanks! >> Alex >> >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] using lxc to run untrusted code
Alex, I would say yes, depending on you final needs it is possible to do what you are asking for. Back at PyCon 2013 during a Lighting talk when Docker was first shown publicly what you are asking for kind was one the selling points back then for Docker. Also back in those early days Docker was based on LXC's. https://www.youtube.com/watch?v=wW9CAH9nSLs You also should spend some time here as it's a good starting point to get a good background on LXC and LXD. https://linuxcontainers.org/lxc/getting-started/ AWS is in my back yard and some months back at local meeting a AWS PM was showing off their AWS Lambda service. When I saw it was only running NodeJS code. We were told that it was possible to spin up Python from Node in one of these AWS Lambda's. The PM for it stated that AWS was going to be offering other languages like Python, Ruby, Scala, etc etc. But were starting out with NodeJS given their existing client base it made the most the sense to start there to work out the issues. But it does kind of do what you are asking for as service and not having to managing anything on the back side. I recall it also tied into S3 in some manner or other. I have to think there are other options out there as well. Heck AWS seems to be adding something new every few weeks. Google has offerings and I am sure others do as well along these micro-service like ideas. I recall hearing about a service called something like Python anywhere or everywhere. So you may want to Google around to see if that is close to want you are after. Maybe some one else might chime in here to add in some other thoughts and ideas for you. Bottom line is yes LXC can do it and give you ways to control things. Given you want to run Python code in the wild…. no matter how you deal it with it's going to have issues to look after. -Kevin On May 22, 2015, at 5:38 PM, Alex Flint wrote: > I'm writing a web application that runs untrusted user code (python scripts > uploaded as strings through a web form) and I'm trying to understand whether > LXC is the right tool for the job: > > - I need to prevent user code from tampering with the server on which it's > running. Mostly I want to isolate the user code within some filesystem, and > restrict access to network ports and a few other system resources. > > - Latency is very important to me. I want to receive some user code, do > whatever setup is required, run the code, and do whatever teardown is > required all within ~100ms. > > - I do _not_ need to support different operating system. In fact ideally I > would like to have the python interpreter and the whole python environment > live on the host OS, not within the container. I would (ideally) launch the > python interpreter in the host OS and then isolate it within an LXC container > before running the user code. Or something like this. > > I understand that what I'm trying to do is not exactly a typical > containerization scenario. Is LXC a good fit for me? Can you suggest how I > could use LXC to achieve the above? > > Thanks! > Alex > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] What is the best way to report bug issues with LXD rest server?
This past week or so I ran into an issue of not being able to connect a test
LXD rest server on my local network.
I've tested this problem out from pretty much every angle I can think of.
Every thing from fresh OS, server, SSL lib installs to upgrades of current
running apps on my machines.
Pretty much unless I am missing some small fundamental piece that is preventing
current shipping vivid server to allow connections to the LXD rest server.
My take is there is a bug .
If this true, what is the best way to let the LXC team know about this to see
how to get to next step?
To sum it up I am able to connect to a public LXD rest server.
# from vivid container --> public LXD server ( container to
public )
curl -k https://images.linuxcontainers.org/1.0/images
# {"status": "Success", "metadata": ["/1.0/images/e7ae410ee8abeb6
No matter how and from what angle I try connecting to a local test LXD rest
server it is having connections issues.
# vivid container 10.0.3.5 --> 192.168.0.50:8443 ( container to host
machine )
# this container can ping 192.168.0.50
curl -k https://192.168.0.50:8443/1.0/images
# curl: (35) error:14094412:SSL routines:SSL3_READ_BYTES:sslv3 alert bad
certificate
# OS X term window --> vivid server(same 192.168.x.x network)
curl -k https://192.168.0.50:8443/1.0/images
# curl: (35) error:1407742E:SSL routines:SSL23_GET_SERVER_HELLO:tlsv1 alert
protocol version
If any one has any ideas or suggestions please send them along.
-Kevin
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
On May 20, 2015, at 11:56 AM, Tycho Andersen wrote: > Hi Kevin, > > On Wed, May 20, 2015 at 09:59:33AM -0700, Kevin LaTona wrote: >> New twist I would of assumed that using a browser would get some kind of >> response from LXD rest server. >> >> Safari would not connect. >> >> Mozilla's Firefox did not like the self sign cert and made me approve it, >> which I need. >> >> Then when I tried to hit LXD rest server and I got this error message back >> >> An error occurred during a connection to 192.168.0.50:8443. SSL peer cannot >> verify your certificate. (Error code: ssl_error_bad_cert_alert) >> >>The page you are trying to view cannot be shown because the authenticity >> of the received data could not be verified. >>Please contact the website owners to inform them of this problem. >> >> >> >> Which seems to be in keeping with all the other issues I have been having >> going direct in user other methods. >> >> >> >> Which leads me back is any one getting in to the LXD rest server? >> >> If so, how are you doing it? >> >> >> As it seems to me like the SSL cert for the LXD rest server is having issues >> right now. > > The SSL cert LXD uses is generated and not signed by any CA, so your > browser won't respect it (of course, you can click past all the auth > warnings in your browser and actually do a GET if you want). Tycho, I did accept the self-signed cert in Firefox as Mozilla makes that a simple process to do. Firefox got the above error when trying to hit. At this point there is no reason for user auth, as I understand the docs is some kind of data is sent back without the whole user + password handshake dance. What I am looking for is does any one have this LXD rest server running out in the wild? I've tried about every way I know to resolve this issue. I would of thought going to a browser would been the great equalizer ot at least got some kind of a response. If one can not log into a local running instance of LXD server using a browser even when it say it's running. Something is up and not working is my best guess. No idea how to resolve it at this moment. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
New twist I would of assumed that using a browser would get some kind of response from LXD rest server. Safari would not connect. Mozilla's Firefox did not like the self sign cert and made me approve it, which I need. Then when I tried to hit LXD rest server and I got this error message back An error occurred during a connection to 192.168.0.50:8443. SSL peer cannot verify your certificate. (Error code: ssl_error_bad_cert_alert) The page you are trying to view cannot be shown because the authenticity of the received data could not be verified. Please contact the website owners to inform them of this problem. Which seems to be in keeping with all the other issues I have been having going direct in user other methods. Which leads me back is any one getting in to the LXD rest server? If so, how are you doing it? As it seems to me like the SSL cert for the LXD rest server is having issues right now. From all I've read it seems more like a server problem and less of a client problem happening here. But by no means am I SSL expert on the finer points of SSL issues deep under the hood. Thanks -Kevin On May 20, 2015, at 8:50 AM, Kevin LaTona wrote: > > Can I ask is any one else on this list using the LXD rest api calls yet? > > If yes, is it working for you? > > If yes, what OS and App are you using to do this with? > > Thanks > -Kevin > > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
Can I ask is any one else on this list using the LXD rest api calls yet? If yes, is it working for you? If yes, what OS and App are you using to do this with? Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
I used brew to install the most current version of OpenSSL -- OpenSSL 1.0.2a 19 Mar 2015 --. on my Mac. The Python Requests library so far is still choking. I was able tell from running this openssl s_client -connect 192.168.0.50:8443 -cipher 'ALL:!SSLv2' That the new version of OpenSSL that I just installed now can do TLSv1.2 So now I know that all SSL stuff should be working. Now just need to get Python to play nice now with LXD rest api. -Kevin On May 19, 2015, at 7:41 PM, Kevin LaTona wrote: > >> On May 19, 2015, at 5:28 PM, Tycho Andersen >> wrote: >>> >>> LXD requires TLS 1.2, it looks like perhaps the build of ssl your >>> python-requests is linked against doesn't provide it. > > > So far from what I have been able to find and read this makes LDX Rest APi a > show stopper for some people running Apple OS X machines connecting to LDX > servers. > > So far I've not found a way to install OpenSSL 1.02 that shipped in Jan 2015 > on my Mac without possible messing with core Apple OS issues. > > If anyone has any ideas or has done it please share how you did it or share a > link that talks about ways to do it. > > For now I am going back to writing my SSH Python based CLI client to LDX…. > seems like SSH after all is looking like the simpler solution today. > > Thanks > -Kevin > > > > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
> On May 19, 2015, at 5:28 PM, Tycho Andersen > wrote: >> >> LXD requires TLS 1.2, it looks like perhaps the build of ssl your >> python-requests is linked against doesn't provide it. So far from what I have been able to find and read this makes LDX Rest APi a show stopper for some people running Apple OS X machines connecting to LDX servers. So far I've not found a way to install OpenSSL 1.02 that shipped in Jan 2015 on my Mac without possible messing with core Apple OS issues. If anyone has any ideas or has done it please share how you did it or share a link that talks about ways to do it. For now I am going back to writing my SSH Python based CLI client to LDX…. seems like SSH after all is looking like the simpler solution today. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
In my case both Python 2.7 and 3.4 are using OpenSSL 0.9.8y 5 Feb 2013.
I'll need into seeing if and how I can change that without creating some new
OSX problem.
On May 19, 2015, at 5:28 PM, Tycho Andersen
wrote:
> Hi Kevin,
>
> On Tue, May 19, 2015 at 04:04:11PM -0700, Kevin LaTona wrote:
>>
>> Here is the last bits of test….. best I know from requests docs this should
>> work to get some kind of a response.
>>
>> So far no matter how I try to connect to my LDX rest server I can't get past
>> a ping… so at least it's running at some level is a start.
>>
>>
>> Any thoughts or ideas much appreciated from anyone.
>>
>>
>> import requests
>>
>> # r = requests.get('https://192.168.0.50:8443/')
>> # requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:1407742E:SSL
>> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
>>
>> # r = requests.get('https://192.168.0.50:8443/1.0/', verify=True)
>> # requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:1407742E:SSL
>> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
>>
>>
>> # r = requests.get('https://192.168.0.50:8443/1.0/',verify=False)
>> # requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:1407742E:SSL
>> routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
>
> LXD requires TLS 1.2, it looks like perhaps the build of ssl your
> python-requests is linked against doesn't provide it.
I actually found buried on a docker bug report an issue along these lines where
Python 2.7 and Python3 where using two different OpenSSL on same user's machine.
But so far no post I've seen has tied any of the SSL realted calls issues to a
certain version of SSL maybe that is what has been going on most of the times.
Is there no way for LXD to test client connection and tell user it's not at
same SSL version allowed?
Thanks
-Kevin
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Getting the LXD rest api to play nice?
On May 19, 2015, at 3:07 PM, Tycho Andersen
wrote:
> On Tue, May 19, 2015 at 01:05:08PM -0700, Kevin LaTona wrote:
>>
>> Better yet any one on the list is doing this using the Python Requsts module?
>>
>> Hate to waste time drilling down into requests, if it's a LXD api issue so
>> early in the release cycle.
>
> There is http://github.com/zulcss/pylxd and the in tree
The link to their docs is down, and no time to read their source code to do a
quick test on the LXD rest api.
> /scripts/lxd-images, although neither use the requests module.
This is using domain sockets…….so not much help here right now.
I was in the process of building out a Python based SSH command line library.
And it hit me that the LXD Rest api should be doing all of this.
So why reinvent the wheel and spend all the time parsing out stdout if a JSON
doc is available.
>
> If you can paste your code and error, perhaps we can provide some
> insight.
I've not really used Requests much … but thought it might be the quickest way
to see how using the LDX's rest api works out vs doing it from command line
calls.
tried about 6 or 7 ways to get Python, SSL, Web and LDX rest to play nice….
none worked so far.
Here is the last bits of test….. best I know from requests docs this should
work to get some kind of a response.
So far no matter how I try to connect to my LDX rest server I can't get past a
ping… so at least it's running at some level is a start.
Any thoughts or ideas much appreciated from anyone.
import requests
# r = requests.get('https://192.168.0.50:8443/')
# requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:1407742E:SSL
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
# r = requests.get('https://192.168.0.50:8443/1.0/', verify=True)
# requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:1407742E:SSL
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
# r = requests.get('https://192.168.0.50:8443/1.0/',verify=False)
# requests.exceptions.SSLError: [Errno 1] _ssl.c:503: error:1407742E:SSL
routines:SSL23_GET_SERVER_HELLO:tlsv1 alert protocol version
print(r.text)
Thanks
-Kevin
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Getting the LXD rest api to play nice?
Right now when I am try sending in a test request call to the LXD rest api using the Python Requests library and it blows up. At this point no idea if what is going on is a Request library error or the LXD api webserver is choking here. Any one on this list using the LXD rest API yet? If so, any chance you might share how you have working? Better yet any one on the list is doing this using the Python Requsts module? Hate to waste time drilling down into requests, if it's a LXD api issue so early in the release cycle. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD can ping from container out, but not in from outside network
Earler today I did have the lxbr0 running on the 192.168.x.x and I was unable to get iptables to play nice. So I went back to the default LXD install of 10.0.3.0 network thinking there must be a simple iptables line that would solve all this in a easier way. Last time I looked at the legacy LXC about a year ago and tested them out. I recall jumping and dancing thru all kind of crazy hoops to make it work as back then I wanted to have all static ip's. Some where along the path I recall Serge saying something about just allowing the DHCP to assign static ip's. This time around I got that side of all it going okay. It's working out how to get the LXC containers to play nice under LXD with public access that is spinning me right now. I keep thinking it all comes down to iptables. But so far all the example code I've seen has not translated over to get it working for me. I just figured out that right now that all these containers can do is ping DNS servers. Which is why I am thinking it all comes down to taming iptables. To make this work simpler with these LXD containers now. Not sure why there is not more info about how to make a container accessible from both the local and outside network. Maybe I've looked at this to long now . -Kevin On May 16, 2015, at 9:00 PM, Mark Constable wrote: > On Sat, 16 May 2015 08:03:26 PM Kevin LaTona wrote: >> With a LXD based LXC container what iptables magic does one need to >> be able to access these 10.0.3.x containers from outside that local >> network? >> >> So far I got it so I log into a 10.0.3.x based container and ping the >> outside world. > > The last couple of emails I sent were all about addressing this problem. > > The default 10.0.3.x based container networking uses NAT, the same as > your 192.168.x.x network is to the outside world via your router. The > easiest solution I am aware of is to change the default lxcbr0 to use > the same 192.168.x.x network segment as your host and then any other > host on your 192.168.x.x network can see any of the containers. Then > you can also make a container visible to the outside world using normal > port forwarding on your main router. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD can ping from container out, but not in from outside network
With a LXD based LXC container what iptables magic does one need to be able to access these 10.0.3.x containers from outside that local network? So far I got it so I log into a 10.0.3.x based container and ping the outside world. But right now I am not able to go the other way. Spent a fair amount of time looking around Google for ideas how to solve this. But it seems most solutions to this problem get overly complex. Right now the server sits at a 192.168.x.x ip The containers are running the stock LXD dnsmasq 10.0.3.x If anyone has any ideas I would appreciate it. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD assigning static IP's at start tp containers
Mark, Thanks for all your ideas and lending a hand. I figured it out. I managed to have a small typo in my config file where I missed a 0 in of the addresses. All working now. -Kevin On May 16, 2015, at 10:24 AM, Mark Constable wrote: > On Sat, 16 May 2015 09:56:04 AM Kevin LaTona wrote: >> I was thinking that by just updating the /etc/default/lxc-net config file >> from the 10.x.x.x to a 192.168.x.x that was going to do it for me. > edit /etc/default/lxc-net to something like below... > > USE_LXC_BRIDGE="true" > LXC_BRIDGE="lxcbr0" > LXC_ADDR="192.168.0.2" > LXC_NETMASK="255.255.255.0" > LXC_NETWORK="192.168.0.0/24" > LXC_DHCP_RANGE="192.168.0.2,192.168.0.54" > LXC_DHCP_MAX="53" > LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD assigning static IP's at start tp containers
Hi Mark,
I was thinking that by just updating the /etc/default/lxc-net config file from
the 10.x.x.x to a 192.168.x.x that was going to do it for me.
It's not.
Some where else I am missing a spot that must be saying that the 10.0.x.x is
the dnsmasq address.
As of right now at boot up the lxcbr0 is not loading in a base ubuntu 15.04
server install.
So I am still looking for that config setting to do that for me now rather than
trying other methods.
Maybe someone else will adding in here to say where to find this blocking point.
Have to say a big thanks for showing how you used grep to grab the config file
kv pairs.
Pretty cool use of grep….. I like how simple it is and it just works in this
case.
Grep for me is another one of those never ending tools that one never fully
recalls all the ways it can be used to grab some text.
-Kevin
On May 16, 2015, at 12:30 AM, Mark Constable wrote:
> On Fri, 15 May 2015 10:54:08 PM Kevin LaTona wrote:
>> I was reading about ways in legacy LXC of being able to have the DHCP server
>> assign static IP's to containers at startup based upon container name.
>> If one is using Ubuntu 15.04, systemd and LXD is that still possible?
>
> Hey Kevin, I just set something like this up and although this may not
> be "the right way" to do it works for my situation which sounds somewhat
> similar to what you are after. Best I should show my relevant config
> files and some of this may help you or provide some ideas...
>
> My main gateway/wireless/dhcp router is 192.168.0.1
>
> ~ grep -Ev "^(#|$)" /etc/default/lxc-net
> USE_LXC_BRIDGE="true"
> LXC_BRIDGE="lxcbr0"
> LXC_ADDR="192.168.0.2"
> LXC_NETMASK="255.255.255.0"
> LXC_NETWORK="192.168.0.0/24"
> LXC_DHCP_RANGE="192.168.0.2,192.168.0.54"
> LXC_DHCP_MAX="53"
> LXC_DHCP_CONFILE=/etc/lxc/dnsmasq.conf
> LXC_DOMAIN="example.org"
>
> And the magic to fill in the gaps above...
>
> ~ cat /etc/rc.local
> sleep 5 && {
> brctl addif lxcbr0 eth0
> sleep 1
> route add default gw 192.168.0.1
> echo "nameserver 8.8.8.8" > /etc/resolv.conf
> }
> exit 0
>
> ~ cat /etc/lxc/dnsmasq.conf
> dhcp-host=sysadm,192.168.0.3
> dhcp-host=markc,192.168.0.4
>
>
> I also remove ifupdown and resolvconf and set all my NetworkManager
> interfaces not to "autoconnect=false" so if I need to switch to wifi
> when moving my laptop away from an eth cable I can ifconfig down lxcbr0
> select a wifi connection.
>
> ___
> lxc-users mailing list
> lxc-users@lists.linuxcontainers.org
> http://lists.linuxcontainers.org/listinfo/lxc-users
___
lxc-users mailing list
lxc-users@lists.linuxcontainers.org
http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD assigning static IP's at start tp containers
Well I just found this link http://askubuntu.com/questions/446831/how-to-let-built-in-dhcp-assign-a-static-ip-to-lxc-container-based-on-name-not and much of what is talked about here appears to still applies to LXD. Last thing that is hanging me up nowis how to change the dnsmasq config located at /etc/dnsmasq.d/lxc from the 10.0.3.x default ip to some other ip like a 192.168.1.1. When I tried doing this in the config file the lxcbr0 bridge did not boot up. So some where I am missing some other setting that allows one to change this. Any thoughts or ideas… would be much appreciated. -Kevin On May 15, 2015, at 10:54 PM, Kevin LaTona wrote: > > I was reading about ways in legacy LXC of being able to have the DHCP server > assign static IP's to containers at startup based upon container name. > > If one is using Ubuntu 15.04, systemd and LXD is that still possible? > > If so, can any one point towards any docs that might show how to do this? > > Or if you are doing this can you sharing how you are doing this now with LXD > based LXC containers? > > > Thanks > -Kevin > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD assigning static IP's at start tp containers
I was reading about ways in legacy LXC of being able to have the DHCP server assign static IP's to containers at startup based upon container name. If one is using Ubuntu 15.04, systemd and LXD is that still possible? If so, can any one point towards any docs that might show how to do this? Or if you are doing this can you sharing how you are doing this now with LXD based LXC containers? Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD + Snappy Core
On May 14, 2015, at 3:35 PM, Stéphane Graber wrote: > On Thu, May 14, 2015 at 09:24:40AM -0600, Tycho Andersen wrote: >> On Wed, May 13, 2015 at 11:25:00PM -0700, Kevin LaTona wrote: >>> >>> I'm assuming LXD at some point will be running Snappy Core. >>> >>> Not trying to be pushy here, rather more curious if anyone has heard what >>> the timeline of when a snappy core build might show up for LXD. >>> >>> Or if it's still too far out to worry about yet. >> >> It is on the roadmap for this cycle, so sometime before 15.10. > > To clarify, the item for this cycle is to make LXD installable on a > Snappy system. Running Snappy inside a LXD container is out of scope for > now and not expected until at least 16.04. Time to pull out the flame thrower to motvate you along with. LXD + Snappy just feels like it's going to be a killer combo. When it's all working and humming along. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD + Snappy Core
I'm assuming LXD at some point will be running Snappy Core. Not trying to be pushy here, rather more curious if anyone has heard what the timeline of when a snappy core build might show up for LXD. Or if it's still too far out to worry about yet. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] LXD filepath of image tar ball stored on local server
On May 13, 2015, at 6:19 AM, Tycho Andersen wrote: > On Tue, May 12, 2015 at 03:45:27PM -0700, Kevin LaTona wrote: >> >> >> Can anyone tell me what the ubuntu image tar ball filepath is on a local >> server after being downloaded ? > > /var/lib/lxd/images > Thanks some how I missed that one when poking around looking for it. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] LXD filepath of image tar ball stored on local server
Can anyone tell me what the ubuntu image tar ball filepath is on a local server after being downloaded ? Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] At startup LXD unix socket is not starting
Maybe this is not the right place to ask this question but here goes. With a fresh install of ubuntu 15.04 server it appears to me that systemd is run by default at boot up time now. I would have assumed that as systemd is run, that the LXD and LXC scripts would auto run at boot time as well Right now LXD's systemd script is not run at boot up on this server. Anyone have an idea why this might be? And or how to start making it run at boot time? Not sure if it is a LXD or Ubuntu issue. LXD will run manually from service lxd start just fine. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Do you have LXD working with Ubuntu 15.04 server?
What is unclear to me is when LXD is installed on a new server. Does it create the necessary upstart script to run on the next boot? Or does LXD need to be ( or prefered to be ) manually run after a server boot? Or is it up to the user to decide on and create the upstart script to start during boot process etc. -Kevin On May 9, 2015, at 8:24 AM, Tycho Andersen wrote: > On Sat, May 09, 2015 at 12:23:50AM +, Serge Hallyn wrote: >> Quoting Tycho Andersen (tycho.ander...@canonical.com): >>> On Fri, May 08, 2015 at 12:35:54PM -0700, Kevin LaTona wrote: >>>> >>>> So far LXD is not working for me, is it working for you? >>>> >>>> In a nutshell I downloaded new Ubuntu 15.04 server. >>>> >>>> Installed this on fresh clean server, nothing else is on this machine. >>>> >>>> I followed Stephane's blog post here line by line >>>> >>>> https://www.stgraber.org/2015/04/21/lxd-getting-started/ >>>> >>>> After several days of attempts I get nothing but errors. >>>> >>>> >>>> This is an example of the last attempt. >>>> >>>> lxc launch images:ubuntu/trusty/i386 ubuntu-32 >>>> Creating container...error: Get http://unix.socket/1.0: dial unix >>>> /var/lib/lxd/unix.socket: connection refused >>> >>> Looks like LXD isn't running. What if you start it and try again? >> >> Disagree, it would say "no such file or directory". It looks to >> me like he's not in the lxd group. > > It depends on what state you're in. Connection refused means the > socket exists but nothing is listening on the other end (likely lxd > crashed or wasn't shut down properly). If the socket doesn't exist, > you'll get an ENOENT. > > Tycho > >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Do you have LXD working with Ubuntu 15.04 server?
me key call some and then it choked no idea for sure right now. But in these Wild, West early days that's darn easy to do and soild good docs to follow when the guys are cranking on getting the code out at the same time is tough. -Kevin On May 8, 2015, at 5:06 PM, Tycho Andersen wrote: > On Fri, May 08, 2015 at 12:35:54PM -0700, Kevin LaTona wrote: >> >> So far LXD is not working for me, is it working for you? >> >> In a nutshell I downloaded new Ubuntu 15.04 server. >> >> Installed this on fresh clean server, nothing else is on this machine. >> >> I followed Stephane's blog post here line by line >> >> https://www.stgraber.org/2015/04/21/lxd-getting-started/ >> >> After several days of attempts I get nothing but errors. >> >> >> This is an example of the last attempt. >> >> lxc launch images:ubuntu/trusty/i386 ubuntu-32 >> Creating container...error: Get http://unix.socket/1.0: dial unix >> /var/lib/lxd/unix.socket: connection refused > > Looks like LXD isn't running. What if you start it and try again? > > sudo service lxd start > > Tycho > >> >> >> So my question is not that I am looking for direct answers to the problem. >> >> Rather what I am looking for what now is. >> >> Has anyone else taken a clean server and installed 15.04 and LDX on it using >> the current apt-get calls. >> >> >> If you are getting it to work under this kind of install, can you point me >> to any web based docs that shows how you did that? >> >> >> Thanks >> -Kevin >> >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Do you have LXD working with Ubuntu 15.04 server?
So far LXD is not working for me, is it working for you? In a nutshell I downloaded new Ubuntu 15.04 server. Installed this on fresh clean server, nothing else is on this machine. I followed Stephane's blog post here line by line https://www.stgraber.org/2015/04/21/lxd-getting-started/ After several days of attempts I get nothing but errors. This is an example of the last attempt. lxc launch images:ubuntu/trusty/i386 ubuntu-32 Creating container...error: Get http://unix.socket/1.0: dial unix /var/lib/lxd/unix.socket: connection refused So my question is not that I am looking for direct answers to the problem. Rather what I am looking for what now is. Has anyone else taken a clean server and installed 15.04 and LDX on it using the current apt-get calls. If you are getting it to work under this kind of install, can you point me to any web based docs that shows how you did that? Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Thrilled to announce the the launch of Flockport.com to this list
On Sep 9, 2014, at 12:49 PM, Tobby Banerjee wrote: > Hi LXC users, > > I am extremely excited to announce the launch of Flockport.com to this list, > its home so to speak. Sure looks like a great idea, that has appeared at the right moment in LXC's timeline. Have to think that it will get more people using containers by giving them another option to choose from. All without having to deal with LXC's previous learning curve hurdles. Best of luck and thanks for making it happen. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Good current blog post about LXC
Here is one I forgot that I also liked. It's a few years old but does a good job of keeping notes throught out the process and much of it is still valid. It's orginally in French so I've also included a google translation link as well. http://delloye.org/linux/lxc.html https://translate.google.com/translate?sl=fr&tl=en&js=y&prev=_t&hl=en&ie=UTF-8&u=http%3A%2F%2Fdelloye.org%2Flinux%2Flxc.html&edit-text=&act=url On Aug 28, 2014, at 5:59 PM, Kevin LaTona wrote: > > A few other blog links I wish I had found when I was first looking at LXC's > that are not listed on https://linuxcontainers.org > > http://www.stefan-seelmann.de/wiki/lxc#todos > > http://www.stefan-seelmann.de/wiki/bridged-network > > http://brentingitup.com/?q=node/22 > > https://help.ubuntu.com/12.04/serverguide/lxc.html > > https://help.ubuntu.com/14.04/serverguide/lxc.html > > http://containerops.org/2013/11/19/lxc-networking/ > > > Maybe if others on the list have a few links they could share them as well. > > Given how many of the Google search results about LXC are so very dated now. > > > -Kevin > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Config settings and Python LXC Api calls
Yes… of course… I was verfying I did not miss it ……… as I was walking thru the Plugin code looking around. I tend to read and parse what is in a file vs looping thru 50 Key name options to figure what is in a file vs not. Guess it's not a big deal….. just another way to get at what is in there. Some days one just has to ask to verify. Nice work on this Python plugin by the way…. hard to believe more folks are not using it. -Kevin On Aug 28, 2014, at 6:10 PM, Stéphane Graber wrote: > On Thu, Aug 28, 2014 at 05:56:29PM -0700, Kevin LaTona wrote: >> >> On Aug 27, 2014, at 7:20 PM, Stéphane Graber wrote: >>> On Wed, Aug 27, 2014 at 06:36:20PM -0700, Kevin LaTona wrote: >>>> Question 2……Python LXC Api calls >>>> Does any one know if the Python API has a call that parse's all the key >>>> names from a container's config file? >>>> I see a getter and setter for them, but that means I need to know ahead of >>>> time what config settings are in a file. >>>> VS >>>> Wanting to be able to read a config file's Keys on the fly and reacting >>>> based on that? >>> load_config >> >> So far not what I am looking for as this returns a boolean saying if a >> config file is loaded or not. >> I was looking to see if there was an exisiting API call that would return >> just the Key names from an existing user's container file. >> Not sounding like there is anything like that in the Python API yet… time to >> do a little loop. > > Ah right, there's get_keys() which will get you the full list but that's > not limited to what you currently have in your config, so you indeed > need to iterate through those afterwards. ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Good current blog post about LXC
A few other blog links I wish I had found when I was first looking at LXC's that are not listed on https://linuxcontainers.org http://www.stefan-seelmann.de/wiki/lxc#todos http://www.stefan-seelmann.de/wiki/bridged-network http://brentingitup.com/?q=node/22 https://help.ubuntu.com/12.04/serverguide/lxc.html https://help.ubuntu.com/14.04/serverguide/lxc.html http://containerops.org/2013/11/19/lxc-networking/ Maybe if others on the list have a few links they could share them as well. Given how many of the Google search results about LXC are so very dated now. -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Config settings and Python LXC Api calls
On Aug 27, 2014, at 7:20 PM, Stéphane Graber wrote: > On Wed, Aug 27, 2014 at 06:36:20PM -0700, Kevin LaTona wrote: > >> >> Question 2……Python LXC Api calls >> >> Does any one know if the Python API has a call that parse's all the key >> names from a container's config file? >> >> I see a getter and setter for them, but that means I need to know ahead of >> time what config settings are in a file. >> >> VS >> >> Wanting to be able to read a config file's Keys on the fly and reacting >> based on that? > > load_config So far not what I am looking for as this returns a boolean saying if a config file is loaded or not. I was looking to see if there was an exisiting API call that would return just the Key names from an existing user's container file. Not sounding like there is anything like that in the Python API yet… time to do a little loop. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Config settings and Python LXC Api calls
Question 1…...Config settings Can any one point me towards a spot that shows all the possible config settings for a container's config file? I've can see some in the examples, but still have not found docs that show all the possible config setting one can consider. Question 2……Python LXC Api calls Does any one know if the Python API has a call that parse's all the key names from a container's config file? I see a getter and setter for them, but that means I need to know ahead of time what config settings are in a file. VS Wanting to be able to read a config file's Keys on the fly and reacting based on that? Oh and for any Python geeks on the list, if you are not using the Python APi calls… do check them out… they are worth the time learning. Even if you are not a Python geek, might be worth the time to learn a little Python vs making subprocess shell calls and all that bundle of fun. Thanks -Kevin___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] API docs for LXC Python calls
I was looking for docs on the Python LXC API calls…... but it appears the link is not currently working. https://qa.linuxcontainers.org/master/current/doc/api/ https://linuxcontainers.org Any one know of any other links to other current Python API docs ? I've been reading and working through source, but know I must be missing parts along the way. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Unable to ping between containers
On Aug 16, 2014, at 2:56 PM, Kevin LaTona wrote: > I can not ping between containers. I figured it out my script for setting up the container's config file was not creating a correct unique ethernet hardware address. Fixed that and all is good. Other than right now though when I login via the console to do the ping test. It gives me this response and sits there a good long while before the login prompt shows up > Connected to tty 1 > Type to exit the console, to enter Ctrl+a itself I don't recall this happening while I was testing other LXC creation idea styles. Anyone have any ideas what might be going on? -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Unable to ping between containers
I've been testing LXC's with Ubuntu 14.4 setting the containers up with static ip's connected via a bridge called br0. These all run on my local LAN using a 192.168.x.x address behind a DSL router. So far the container comes up fine. Once I go inside, I can ping out to the internet. I can not ping between containers. But I can ping to the host machine. Any idea's what I missed in the configs that is causing this? Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Setting up LXC on Ubuntu 14.04
This method does look like a much cleaner and simpler way to go. Thanks I really appreciate everyone's input from the list with this matter. -Kevin On Aug 11, 2014, at 8:47 PM, Serge Hallyn wrote: > Ok, earlier you had said that you want a single ip address from > which you port forward to your containers. I do that on my server > in a much simpler way. My eth0 on the host is unmodified, a simple > nic using dhcp. My lxcbr0 is the stock lxcbr0 provided by the lxc > package in ubuntu. Then i use /etc/lxc/dnsmasq.conf to have dnsmasq > provide static ips to my containers, i.e. > > dhcp-host=h1,10.0.3.50 > dhcp-host=h2,10.0.3.51 > > (see https://help.ubuntu.com/14.04/serverguide/lxc.html) > > Then I forward the ports from eth0 to the containers, using an upstart > job like: > > description "serge's firewall" > author "Serge Hallyn " > > start on started lxc-net > stop on stopping lxc-net > > #manual > task > > script >iptables -t nat -L -n | grep -q "to:10.0.3.100:22" && exit 0 ># mail.hallyn.com >iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 25 -j DNAT > --to-destination 10.0.3.50:25 >iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 465 -j DNAT > --to-destination 10.0.3.50:465 >iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 993 -j DNAT > --to-destination 10.0.3.50:993 >iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 587 -j DNAT > --to-destination 10.0.3.50:587 >iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9900 -j DNAT > --to-destination 10.0.3.50:22 >iptables -t nat -A PREROUTING -p tcp -i eth0 --dport 9980 -j DNAT > --to-destination 10.0.3.51:80 > end script > > to forward port 9900 on the host to ssh on the mail container; the standard > imap/smtp ports to the mail container; and port 9980 to the web port on > the web container. > > Quoting Kevin LaTona (li...@studiosola.com): >> >> On Aug 11, 2014, at 3:33 AM, Fajar A. Nugraha wrote: >> >>> On Mon, Aug 11, 2014 at 5:12 PM, Kevin LaTona wrote: >>> >>> If you use a new bridge you don't need lxcbr0. >>> >>>> >>>> If I create a config some thing like this on the Host. >>>> >>>> >>>> auto lo >>>> iface lo inet loopback >>>> >>>> auto eth0 >>>> iface eth0 inet manual >>>> >>>> >>>> iface lxcbr0 inet static >>> >>> don't do that >> >> >> I found this setup along my google travels. >> >> >> >>> >>>> address 192.168.0.50 >>>> netmask 255.255.255.0 >>>> broadcast 192.168.0.255 >>>> network 192.168.0.0 >>>> gateway 192.168.0.1 >>>> dns-nameservers 8.8.8.8 8.8.4.4 >>>> bridge_ports eth0 >>>> bridge_fd 9 >>>> bridge_hello 2 >>>> bridge_maxage 12 >>>> bridge_stp off >>>> >>>> >>>> As soon as I bring it up I no longer am able to SSH in the host machine. >>> >>> Duh. You have no IP configured on eth0. >> >> >> Can any one fill in why not do it this way. >> >> And or how you might do it otherwise? >> >> I thought on a bridge set up like this that you assign the ip to the bridge >> iface? >> >> >> >> I've since added post up and pre-down rules and things are starting to come >> together now >> >> host /etc/network/interfaces- >> auto lo >> iface lo inet loopback >> >> >> auto eth0 >> iface eth0 inet manual >> >> >> auto lxcbr0 >> iface lxcbr0 inet static >>address 192.168.0.50 >>netmask 255.255.255.0 >>gateway 192.168.0.1 >>network 192.168.0.0 >>broadcast 192.168.0.255 >> >>dns-nameservers 8.8.8.8 >> bridge_ports eth0 >> bridge_stp off >> bridge_fd 0 >> >> post-up echo 1 > /proc/sys/net/ipv4/ip_forward >> post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE >> >> pre-down echo 0 > /proc/sys/net/ipv4/ip_forward >> pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE >> >> >> >> >> >> Then inside a container I assign a static ip address and for now it starting >> to work as I thought it might. >> >> container --- var/lib/lxc/k2/rootfs/etc/network/interfaces >> >> >> auto eth0 >> iface eth0 inet static >>address 192.168.0.102 >>netmask 255.255.255.0 >>network 192.168.0.0 >>broadcast 192.168.0.255 >>gateway 192.168.0.1 >>dns-nameservers 8.8.8.8 8.8.4.4 >> >> >> >> >> >> -Kevin >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> >> ___ >> lxc-users mailing list >> lxc-users@lists.linuxcontainers.org >> http://lists.linuxcontainers.org/listinfo/lxc-users > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Setting up LXC on Ubuntu 14.04
On Aug 11, 2014, at 3:33 AM, Fajar A. Nugraha wrote: > On Mon, Aug 11, 2014 at 5:12 PM, Kevin LaTona wrote: > > If you use a new bridge you don't need lxcbr0. > >> >> If I create a config some thing like this on the Host. >> >> >> auto lo >> iface lo inet loopback >> >> auto eth0 >> iface eth0 inet manual >> >> >> iface lxcbr0 inet static > > don't do that I found this setup along my google travels. > >> address 192.168.0.50 >> netmask 255.255.255.0 >> broadcast 192.168.0.255 >> network 192.168.0.0 >> gateway 192.168.0.1 >> dns-nameservers 8.8.8.8 8.8.4.4 >> bridge_ports eth0 >> bridge_fd 9 >> bridge_hello 2 >> bridge_maxage 12 >> bridge_stp off >> >> >> As soon as I bring it up I no longer am able to SSH in the host machine. > > Duh. You have no IP configured on eth0. Can any one fill in why not do it this way. And or how you might do it otherwise? I thought on a bridge set up like this that you assign the ip to the bridge iface? I've since added post up and pre-down rules and things are starting to come together now host /etc/network/interfaces- auto lo iface lo inet loopback auto eth0 iface eth0 inet manual auto lxcbr0 iface lxcbr0 inet static address 192.168.0.50 netmask 255.255.255.0 gateway 192.168.0.1 network 192.168.0.0 broadcast 192.168.0.255 dns-nameservers 8.8.8.8 bridge_ports eth0 bridge_stp off bridge_fd 0 post-up echo 1 > /proc/sys/net/ipv4/ip_forward post-up iptables -t nat -A POSTROUTING -o eth0 -j MASQUERADE pre-down echo 0 > /proc/sys/net/ipv4/ip_forward pre-down iptables -t nat -D POSTROUTING -o eth0 -j MASQUERADE Then inside a container I assign a static ip address and for now it starting to work as I thought it might. container --- var/lib/lxc/k2/rootfs/etc/network/interfaces auto eth0 iface eth0 inet static address 192.168.0.102 netmask 255.255.255.0 network 192.168.0.0 broadcast 192.168.0.255 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4 -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Setting up LXC on Ubuntu 14.04
I've narrowed down the problem and it's more about how to setup the LXC network than LXC's themselves. What is not fully clear to me is how best to define the /etc/network/interfaces file for the way I want to run the host machine. lxcbr0 creates a 10.x.x.x for it's internal network usage needs while using the ubuntu template. I prefer to run a 192.168.x.x for my networking purposes. Utlimately for now at least, I want to have a single public address that I would use iptables to route the incoming requests to the correct LXC. As this to me seems to be the simplest way to do it. Where I am getting stuck right now is. What address to give the host machine on eth0 so I can still SSH into the host machine while any of the LXC's are also running. Not sure if it's simpler to just have two NIC cards in this case. Or create a virtual NIC. Or to create a new bridge and call it br0 and then tie br0 and lxcbr0 together. If I create a config some thing like this on the Host. auto lo iface lo inet loopback auto eth0 iface eth0 inet manual iface lxcbr0 inet static address 192.168.0.50 netmask 255.255.255.0 broadcast 192.168.0.255 network 192.168.0.0 gateway 192.168.0.1 dns-nameservers 8.8.8.8 8.8.4.4 bridge_ports eth0 bridge_fd 9 bridge_hello 2 bridge_maxage 12 bridge_stp off As soon as I bring it up I no longer am able to SSH in the host machine. I recall the last time I was testing LXC 0.6 + 12.04 it was here where I felt the big kludge came about that I did to get it all working back then. Given how I would like to run LXC's under any one have a suggestion of how best to approach this issue? Based on all the web blogs , wiki pages and other such documents that I've looked at while working through re-setting up this LXC test. It's the whole issue about setting up the network side of things that becomes a huge mess given the many ways to solve it. So many blog pages etc., get to deep into the under laying concepts about containers while that is great. But given there are so many possible moving parts in this much larger puzzle. I have to guess many folks just flat out get hung up on setting up and dealing with network issues. Get fed up and move on to something like Docker or maybe Proxmox or some other solution. So in the past year or so LXC has matured a lot. But with so many old web pages to trip folks up with outdated information, it's just not helping current LXC usage to move forward. Well this is how I am looking at it, based on the many hours lately traversing through lots of old outdated pages to trip new comer to LXC up with. Any thoughts about how you would or are setting up the /etc/network/interfaces doc? Thanks -Kevin On Aug 10, 2014, at 9:38 AM, Fajar A. Nugraha wrote: > On Sun, Aug 10, 2014 at 10:15 PM, Kevin LaTona wrote: >> >> >> Ranjib, >> >> >> Thanks for your ideas and yes I think it would be great if at some point >> there was "trusted" source of the latest info on LXC to help folks out. > > Since you use ubuntu, the trusted source would be > https://help.ubuntu.com/lts/serverguide/lxc.html > > If it says an apt-get is enough, then an apt-get is enough. > >> >> I've looked at Stephan's blog post and like so many other blog post there is >> tons of really good information in it. > > Yet the other blogs were not written by an lxc dev who also maintains > lxc package at ubuntu. > >> >> But there lays the rub for me. >> >> In that there are so many subtle different ways to tweak the setup, that it >> gets to be a huge jigsaw puzzle and really easy to get stuck without knowing >> 100% why. > > The usual will help at this point: man pages, official documentation, > mailing list. > > -- > Fajar ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
Re: [lxc-users] Setting up LXC on Ubuntu 14.04
Ranjib, Thanks for your ideas and yes I think it would be great if at some point there was "trusted" source of the latest info on LXC to help folks out. I've looked at Stephan's blog post and like so many other blog post there is tons of really good information in it. But there lays the rub for me. In that there are so many subtle different ways to tweak the setup, that it gets to be a huge jigsaw puzzle and really easy to get stuck without knowing 100% why. -Kevin On Aug 9, 2014, at 10:49 PM, Ranjib Dey wrote: > hi kevin, > lxc on ubuntu 14.04 works awesome straight out of the box. Only for > unprivileged container you have to add a single config file in > ~/.config/lxc/default.conf, and rest everything works awesome. I am running > it for various use cases now, i generally use it along side chef (to control > the host machine), and can point you to those if need be. > Stephan Graber has a neat series of blog post on 1.0 > (https://linuxcontainers.org/ enlists this at the end). Rami Rossen has > another more thorough presentation on lxc (in depth, which explains cgroups, > namespaces etc as well). > > so, in short this will work as it is , skip the build part, just do raw > apt-get install lxc.ld > > https://www.stgraber.org/2013/12/20/lxc-1-0-your-first-ubuntu-container/ > > if there are specific docs, tutorials you think will be helpful, we should > work on getting those inside some wiki or linuxcontainer.org site > @stephan would you be interested on patches for the website regarding docs? > We can also enlist all the presentations, users of lxc there, it will be very > helpful i think. Given there are lot more folks now use lxc , > > regards > ranjib > > > > On Sat, Aug 9, 2014 at 7:06 PM, Kevin LaTona wrote: > > Does anyone know of a good blog post or other such document that steps some > one through the entire set up process for LXC 1.0 and Ubuntu 14.04? > > Over a year ago I did some test with 12.04 and LXC 0.6 and while it worked > for those test, it was the best kludge, I think I ever did. > > I wiped that test box and did a new fresh install with 14.04. > > And after many days of messing around it still is not coming together. > > Seems like so much of the info on LXC is either very dated. > > Or flat out is not so good. > > Or just way more info than I need. > > I am hoping maybe some did a blog post that shows how they did their entire > install start to end with these more recent versions. > > Thanks > -Kevin > > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users > > ___ > lxc-users mailing list > lxc-users@lists.linuxcontainers.org > http://lists.linuxcontainers.org/listinfo/lxc-users ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
[lxc-users] Setting up LXC on Ubuntu 14.04
Does anyone know of a good blog post or other such document that steps some one through the entire set up process for LXC 1.0 and Ubuntu 14.04? Over a year ago I did some test with 12.04 and LXC 0.6 and while it worked for those test, it was the best kludge, I think I ever did. I wiped that test box and did a new fresh install with 14.04. And after many days of messing around it still is not coming together. Seems like so much of the info on LXC is either very dated. Or flat out is not so good. Or just way more info than I need. I am hoping maybe some did a blog post that shows how they did their entire install start to end with these more recent versions. Thanks -Kevin ___ lxc-users mailing list lxc-users@lists.linuxcontainers.org http://lists.linuxcontainers.org/listinfo/lxc-users
