跟进自另一个问题我已经让 LXD 守护进程运行并工作:
$ curl --insecure https://127.0.0.1:8443
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":["/1.0"]}
然而,当尝试使用 LXD 提供程序启动 Vagrant 容器时,它不喜欢该证书:
$ vagrant up
The provider could not authenticate to the LXD daemon at https://127.0.0.1:8443.
You may need configure LXD to allow requests from this machine. The
easiest way to do this is to add your LXC client certificate to LXD's
list of trusted certificates. This can typically be done with the
following command:
$ lxc config trust add /home/username/.config/lxc/client.crt
You can find more information about configuring LXD at:
https://linuxcontainers.org/lxd/getting-started-cli/#initial-configuration
我的系统上没有 client.crt。lsof -p [PID of the program serving at port 8443]没有列出任何证书。sudo locate .crt | grep lxd只找到了/var/lib/lxd/server.crt,但lxc config trust add /var/lib/lxd/server.crt没有帮助。这配置文档没有提到必须信任证书。我怀疑我应该使用 Unix 套接字而不是 HTTPS 与守护进程进行通信。我该如何前进?
根据记录,我可以使用例如启动容器lxc launch ubuntu:18.10 test并使用 获得外壳lxc exec test -- /bin/bash,因此 LXC 工作正常。
答案1
我搞错了方向。好像创建一个新证书并信任该证书作品:
openssl req -x509 -newkey rsa:2048 -keyout ~/.config/lxc/client.key -nodes -out ~/.config/lxc/client.crt -subj "/CN=lxd.local"
lxc config trust add ~/.config/lxc/client.crt
答案2
用于获取 client.crt
你跑
openssl s_client -connect 127.0.0.1:8443
并复制并粘贴它在之间和排除之间提供的第一个证书
-----BEGIN CERTIFICATE-----
和
-----END CERTIFICATE-----
线。