Required information
- Distribution: ubuntu
- Distribution version: 16.04
- The output of "lxc info" (local):
config:
core.https_address: '[::]:8443'
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- container_nic_routed_host_table
- container_nic_ipvlan_host_table
- container_nic_ipvlan_mode
- resources_system
- images_push_relay
- network_dns_search
- container_nic_routed_limits
- instance_nic_bridged_vlan
- network_state_bond_bridge
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses:
- 192.168.10.107:8443
- 192.168.122.1:8443
- 10.126.158.1:8443
- 10.0.3.1:8443
- 10.224.62.1:8443
- '[fd42:ab1:40db:d5aa::1]:8443'
- 162.132.242.1:8443
- 162.132.242.252:8443
- 172.17.0.1:8443
- 172.18.0.1:8443
- 172.19.0.1:8443
- 10.113.161.118:8443
architectures:
- x86_64
- i686
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
certificate_fingerprint: 07e02b9e349d037ba57f2365675fe9ce173cf9590003af9f45e6545368b79918
driver: lxc
driver_version: 4.0.2
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "false"
seccomp_listener: "false"
seccomp_listener_continue: "false"
shiftfs: "false"
uevent_injection: "false"
unpriv_fscaps: "true"
kernel_version: 4.15.0-106-generic
lxc_features:
cgroup2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_notify: "true"
os_name: Ubuntu
os_version: "18.04"
project: default
server: lxd
server_clustered: false
server_name: troulwn0103
server_pid: 28510
server_version: "4.2"
storage: dir
storage_version: "1"
- The output of "lxc info" (remote) say
https://lxdhub.invalid:
config:
core.https_address: '[::]:8443'
core.trust_password: true
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- container_nic_routed_host_table
- container_nic_ipvlan_host_table
- container_nic_ipvlan_mode
- resources_system
- images_push_relay
- network_dns_search
- container_nic_routed_limits
- instance_nic_bridged_vlan
- network_state_bond_bridge
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses:
- 192.168.1.38:8443
- 10.69.91.1:8443
architectures:
- x86_64
- i686
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
certificate_fingerprint: a3f32526f0e1c5692ac3d522ad8c95804d14761ddf7fd20f6f5cd283b4644f0a
driver: lxc
driver_version: 4.0.2
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "false"
seccomp_listener: "false"
seccomp_listener_continue: "false"
shiftfs: "false"
uevent_injection: "false"
unpriv_fscaps: "true"
kernel_version: 4.15.0-20-generic
lxc_features:
cgroup2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_notify: "true"
os_name: Ubuntu
os_version: "18.04"
project: default
server: lxd
server_clustered: false
server_name: lxdhub-dev-0
server_pid: 1479
server_version: "4.2"
storage: dir
storage_version: "1"
Issue description
When adding the above given remote:
lxc remote add remote https://lxdhub.invalid:8443 --accept-certificate --public
````
I can query all public images:
```sh
$ lxc query remote/1.0/images
[
"/1.0/images/12932120efc160c3dffcf903956ae0ad266dedfb146e2e3ae5622962d74552b1",
"/1.0/images/2d7eddf1f4e8115e332512d66367d1e13b32de53c248aac34590f265a63e09ed",
"/1.0/images/352b60d42c1bc81b91aaa7fb6c70848285b1818fbc7f1e0754e2eca0671ff270",
"/1.0/images/3fddda7e68f96ee1422371ab15043d2f0fe2758602f4079fe4955ef3be18121e",
"/1.0/images/f86ae8351f565e70b6fcc7e105bb0b8a0efc4345cd09b3094e0dbcca547e3ea4",
"/1.0/images/fbe10319394e090d1351903b800a957fc18f9f842757822c7d95a793ab52e947"
]
But lxc image ls remote: does not show any images
$ lxc image ls remote:
+-------+-------------+--------+-------------+--------------+------+------+-------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+-------+-------------+--------+-------------+--------------+------+------+-------------+
Steps to reproduce
sudo snap install lxdon remote (add some images, make them public)sudo snap install lxdlocally- Add remote locally, run
lxc image ls remote:
Bug
randombenj
All 20 comments
Can you show 'lxc query remote/1.0/images?recursion=1'
stgraber
on 18 Jun 2020
stgraber@castiana:~/data/code/lxc/lxc (stgraber/master)$ lxc remote add test https://10.166.11.23:8443 --public
Certificate fingerprint: c974d10ce6f4c1c148eacfe1275616fb1045407a3c7a5810d0b2d150a45227f9
ok (y/n)? y
stgraber@castiana:~/data/code/lxc/lxc (stgraber/master)$ lxc image list test:
+--------+--------------+--------+------------------------------------+--------------+-----------+--------+------------------------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+--------+--------------+--------+------------------------------------+--------------+-----------+--------+------------------------------+
| alpine | 01fbab8a11e3 | yes | Alpine edge amd64 (20200618_13:00) | x86_64 | CONTAINER | 4.12MB | Jun 18, 2020 at 2:42pm (UTC) |
+--------+--------------+--------+------------------------------------+--------------+-----------+--------+------------------------------+
stgraber@castiana:~/data/code/lxc/lxc (stgraber/master)$
Thought it might be version related so tried against a 4.0, 3.0 and 2.0 server, same result on all, works fine.
stgraber
on 18 Jun 2020
Thank you for the fast answer!
$ lxc query 'remote/1.0/images?recursion=1'
[
{
"aliases": [],
"architecture": "i686",
"auto_update": false,
"cached": true,
"created_at": "2020-06-10T12:52:30+02:00",
"expires_at": "1970-01-01T01:00:00+01:00",
"filename": "rlx_0.0.7-buster_+local_rlx-i386-lxd.tar.gz",
"fingerprint": "12932120efc160c3dffcf903956ae0ad266dedfb146e2e3ae5622962d74552b1",
"last_used_at": "2020-06-10T14:00:35.86261982+02:00",
"profiles": [
"default"
],
"properties": {
"description": "rlx +local buster",
"os": "debian",
"release": "stable"
},
"public": false,
"size": 85545436,
"type": "container",
"uploaded_at": "2020-06-10T14:00:35.794665885+02:00"
},
{
"aliases": [],
"architecture": "i686",
"auto_update": false,
"cached": false,
"created_at": "2020-04-05T21:40:01+02:00",
"expires_at": "1970-01-01T01:00:00+01:00",
"filename": "",
"fingerprint": "2d7eddf1f4e8115e332512d66367d1e13b32de53c248aac34590f265a63e09ed",
"last_used_at": "2020-05-01T08:44:30.033245511+02:00",
"profiles": [
"default"
],
"properties": {
"description": "rlx +local stretch",
"os": "debian",
"release": "stable"
},
"public": true,
"size": 97230765,
"type": "container",
"uploaded_at": "2020-05-01T08:44:29.817007173+02:00"
},
{
"aliases": [
{
"description": "",
"name": "rlx-iccore/unstable"
}
],
"architecture": "i686",
"auto_update": false,
"cached": false,
"created_at": "2020-03-16T12:59:10+01:00",
"expires_at": "1970-01-01T01:00:00+01:00",
"filename": "rlx_0.0.5-stretch_+local_rlx-iccore-i386-lxd.tar.gz",
"fingerprint": "352b60d42c1bc81b91aaa7fb6c70848285b1818fbc7f1e0754e2eca0671ff270",
"last_used_at": "2020-03-18T13:05:56.676616+01:00",
"profiles": [
"default"
],
"properties": {
"description": "rlx +local stretch",
"os": "debian",
"release": "stable"
},
"public": false,
"size": 96279124,
"type": "container",
"uploaded_at": "2020-03-17T09:26:06.078013414+01:00"
},
{
"aliases": [],
"architecture": "x86_64",
"auto_update": true,
"cached": false,
"created_at": "2020-06-10T02:00:00+02:00",
"expires_at": "2023-04-26T02:00:00+02:00",
"filename": "ubuntu-18.04-server-cloudimg-amd64-lxd.tar.xz",
"fingerprint": "3fddda7e68f96ee1422371ab15043d2f0fe2758602f4079fe4955ef3be18121e",
"last_used_at": "0001-01-01T00:36:12+00:34",
"profiles": [
"default"
],
"properties": {
"architecture": "amd64",
"description": "ubuntu 18.04 LTS amd64 (release) (20200610.1)",
"label": "release",
"os": "ubuntu",
"release": "bionic",
"serial": "20200610.1",
"type": "squashfs",
"version": "18.04"
},
"public": false,
"size": 187986728,
"type": "container",
"update_source": {
"alias": "18.04",
"certificate": "",
"image_type": "",
"protocol": "simplestreams",
"server": "https://cloud-images.ubuntu.com/releases"
},
"uploaded_at": "2020-06-14T21:02:22.512722894+02:00"
},
{
"aliases": [],
"architecture": "i686",
"auto_update": true,
"cached": true,
"created_at": "2020-06-10T14:35:17+02:00",
"expires_at": "1970-01-01T01:00:00+01:00",
"filename": "rlx_0.0.8-buster_+local_rlx-iccore-i386-lxd.tar.gz",
"fingerprint": "f86ae8351f565e70b6fcc7e105bb0b8a0efc4345cd09b3094e0dbcca547e3ea4",
"last_used_at": "2020-06-17T13:49:21.634468284+02:00",
"profiles": [
"default"
],
"properties": {
"description": "rlx +local buster",
"os": "debian",
"release": "stable"
},
"public": false,
"size": 104414759,
"type": "container",
"update_source": {
"alias": "rlx-iccore/i386/0.0.8-buster-unstable",
"certificate": "-----BEGIN CERTIFICATE-----\...-----END CERTIFICATE-----\n",
"image_type": "",
"protocol": "lxd",
"server": "https://lxdhub.invalid:8443"
},
"uploaded_at": "2020-06-17T09:07:04.746116125+02:00"
},
{
"aliases": [
{
"description": "",
"name": "lxdhub/latest"
}
],
"architecture": "x86_64",
"auto_update": false,
"cached": false,
"created_at": "2020-01-07T18:31:44+01:00",
"expires_at": "1970-01-01T01:00:00+01:00",
"filename": "lxdhub-img.tar.gz",
"fingerprint": "fbe10319394e090d1351903b800a957fc18f9f842757822c7d95a793ab52e947",
"last_used_at": "2020-03-18T15:13:13.565364641+01:00",
"profiles": [
"default"
],
"properties": {
"description": "lxdhub v1.10.5 (2020-01-22 12:19)"
},
"public": false,
"size": 499515547,
"type": "container",
"uploaded_at": "2020-03-16T11:00:55.832692651+01:00"
}
]
Oh, as it turns out you're never actually testing against your image server, lxc query would be lxc query remote:/1.0/images?recursion=1 which would fail as lxc query isn't supported against public-only servers.
stgraber
on 18 Jun 2020
😄1
I'll send a fix for lxc query so it properly errors out in such cases.
stgraber
on 18 Jun 2020
Can you show lxc image list remote: --debug? Though I'm pretty sure that particular API call will indeed show no results, consistently with what you've seen in lxc image list.
stgraber
on 18 Jun 2020
$ lxc image ls remote: --debug
DBUG[06-22|08:42:24] Connecting to a remote public LXD over HTTPs
DBUG[06-22|08:42:24] Sending request to LXD method=GET url=https://lxdhub.invalid:8443/1.0 etag=
DBUG[06-22|08:42:24] Got response struct from LXD
DBUG[06-22|08:42:24]
{
"config": null,
"api_extensions": [
"storage_zfs_remove_snapshots",
"container_host_shutdown_timeout",
"container_stop_priority",
"container_syscall_filtering",
"auth_pki",
"container_last_used_at",
"etag",
"patch",
"usb_devices",
"https_allowed_credentials",
"image_compression_algorithm",
"directory_manipulation",
"container_cpu_time",
"storage_zfs_use_refquota",
"storage_lvm_mount_options",
"network",
"profile_usedby",
"container_push",
"container_exec_recording",
"certificate_update",
"container_exec_signal_handling",
"gpu_devices",
"container_image_properties",
"migration_progress",
"id_map",
"network_firewall_filtering",
"network_routes",
"storage",
"file_delete",
"file_append",
"network_dhcp_expiry",
"storage_lvm_vg_rename",
"storage_lvm_thinpool_rename",
"network_vlan",
"image_create_aliases",
"container_stateless_copy",
"container_only_migration",
"storage_zfs_clone_copy",
"unix_device_rename",
"storage_lvm_use_thinpool",
"storage_rsync_bwlimit",
"network_vxlan_interface",
"storage_btrfs_mount_options",
"entity_description",
"image_force_refresh",
"storage_lvm_lv_resizing",
"id_map_base",
"file_symlinks",
"container_push_target",
"network_vlan_physical",
"storage_images_delete",
"container_edit_metadata",
"container_snapshot_stateful_migration",
"storage_driver_ceph",
"storage_ceph_user_name",
"resource_limits",
"storage_volatile_initial_source",
"storage_ceph_force_osd_reuse",
"storage_block_filesystem_btrfs",
"resources",
"kernel_limits",
"storage_api_volume_rename",
"macaroon_authentication",
"network_sriov",
"console",
"restrict_devlxd",
"migration_pre_copy",
"infiniband",
"maas_network",
"devlxd_events",
"proxy",
"network_dhcp_gateway",
"file_get_symlink",
"network_leases",
"unix_device_hotplug",
"storage_api_local_volume_handling",
"operation_description",
"clustering",
"event_lifecycle",
"storage_api_remote_volume_handling",
"nvidia_runtime",
"container_mount_propagation",
"container_backup",
"devlxd_images",
"container_local_cross_pool_handling",
"proxy_unix",
"proxy_udp",
"clustering_join",
"proxy_tcp_udp_multi_port_handling",
"network_state",
"proxy_unix_dac_properties",
"container_protection_delete",
"unix_priv_drop",
"pprof_http",
"proxy_haproxy_protocol",
"network_hwaddr",
"proxy_nat",
"network_nat_order",
"container_full",
"candid_authentication",
"backup_compression",
"candid_config",
"nvidia_runtime_config",
"storage_api_volume_snapshots",
"storage_unmapped",
"projects",
"candid_config_key",
"network_vxlan_ttl",
"container_incremental_copy",
"usb_optional_vendorid",
"snapshot_scheduling",
"container_copy_project",
"clustering_server_address",
"clustering_image_replication",
"container_protection_shift",
"snapshot_expiry",
"container_backup_override_pool",
"snapshot_expiry_creation",
"network_leases_location",
"resources_cpu_socket",
"resources_gpu",
"resources_numa",
"kernel_features",
"id_map_current",
"event_location",
"storage_api_remote_volume_snapshots",
"network_nat_address",
"container_nic_routes",
"rbac",
"cluster_internal_copy",
"seccomp_notify",
"lxc_features",
"container_nic_ipvlan",
"network_vlan_sriov",
"storage_cephfs",
"container_nic_ipfilter",
"resources_v2",
"container_exec_user_group_cwd",
"container_syscall_intercept",
"container_disk_shift",
"storage_shifted",
"resources_infiniband",
"daemon_storage",
"instances",
"image_types",
"resources_disk_sata",
"clustering_roles",
"images_expiry",
"resources_network_firmware",
"backup_compression_algorithm",
"ceph_data_pool_name",
"container_syscall_intercept_mount",
"compression_squashfs",
"container_raw_mount",
"container_nic_routed",
"container_syscall_intercept_mount_fuse",
"container_disk_ceph",
"virtual-machines",
"image_profiles",
"clustering_architecture",
"resources_disk_id",
"storage_lvm_stripes",
"vm_boot_priority",
"unix_hotplug_devices",
"api_filtering",
"instance_nic_network",
"clustering_sizing",
"firewall_driver",
"projects_limits",
"container_syscall_intercept_hugetlbfs",
"limits_hugepages",
"container_nic_routed_gateway",
"projects_restrictions",
"custom_volume_snapshot_expiry",
"volume_snapshot_scheduling",
"trust_ca_certificates",
"snapshot_disk_usage",
"clustering_edit_roles",
"container_nic_routed_host_address",
"container_nic_ipvlan_gateway",
"resources_usb_pci",
"resources_cpu_threads_numa",
"resources_cpu_core_die",
"api_os",
"container_nic_routed_host_table",
"container_nic_ipvlan_host_table",
"container_nic_ipvlan_mode",
"resources_system",
"images_push_relay",
"network_dns_search",
"container_nic_routed_limits",
"instance_nic_bridged_vlan",
"network_state_bond_bridge"
],
"api_status": "stable",
"api_version": "1.0",
"auth": "untrusted",
"public": false,
"auth_methods": [
"tls"
],
"environment": {
"addresses": null,
"architectures": null,
"certificate": "",
"certificate_fingerprint": "",
"driver": "",
"driver_version": "",
"firewall": "",
"kernel": "",
"kernel_architecture": "",
"kernel_features": null,
"kernel_version": "",
"lxc_features": null,
"os_name": "",
"os_version": "",
"project": "",
"server": "",
"server_clustered": false,
"server_name": "",
"server_pid": 0,
"server_version": "",
"storage": "",
"storage_version": ""
}
}
DBUG[06-22|08:42:24] Sending request to LXD method=GET url="https://lxdhub.invalid:8443/1.0/images?recursion=1" etag=
DBUG[06-22|08:42:25] Got response struct from LXD
DBUG[06-22|08:42:25]
[]
+-------+-------------+--------+-------------+--------------+------+------+-------------+
| ALIAS | FINGERPRINT | PUBLIC | DESCRIPTION | ARCHITECTURE | TYPE | SIZE | UPLOAD DATE |
+-------+-------------+--------+-------------+--------------+------+------+-------------+
And here is a raw curl to the remote api which definitly lists the available images:
$ curl -k https://lxdhub.invalid:8443/1.0/images | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 423 100 423 0 0 816 0 --:--:-- --:--:-- --:--:-- 816
{
"type": "sync",
"status": "Success",
"status_code": 200,
"operation": "",
"error_code": 0,
"error": "",
"metadata": [
"/1.0/images/cdec3b23ebeea6a192a6e1c125b8e29a67c27b87d065aca83ef253fa7bb03e61",
"/1.0/images/ce03565c60ee195b0a6fbbfcbc95c8903b13b9cbcc2796854c2e95046445f519",
"/1.0/images/12932120efc160c3dffcf903956ae0ad266dedfb146e2e3ae5622962d74552b1",
"/1.0/images/f86ae8351f565e70b6fcc7e105bb0b8a0efc4345cd09b3094e0dbcca547e3ea4"
]
}
@brauner why did you close this issue as the lxc query was not actually the problem :wink:
randombenj
on 22 Jun 2020
Just saw that the actual request:
curl -k "https://lxdhub.invalid:8443/1.0/images?recursion=1" | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 108 100 108 0 0 199 0 --:--:-- --:--:-- --:--:-- 199
{
"type": "sync",
"status": "Success",
"status_code": 200,
"operation": "",
"error_code": 0,
"error": "",
"metadata": []
}
What does the recursion mean?
randombenj
on 22 Jun 2020
Right so it's a server side bug.
I'm guessing that server isn't actual LXD but something trying to implement its REST API.
?recursion=1 is supported by all LXD REST collections and is a way to get all objects in the collection without having to do individual GET requests on them.
stgraber
on 22 Jun 2020
It is an lxd instance here is it's lxc info:
config:
core.https_address: '[::]:8443'
core.trust_password: true
api_extensions:
- storage_zfs_remove_snapshots
- container_host_shutdown_timeout
- container_stop_priority
- container_syscall_filtering
- auth_pki
- container_last_used_at
- etag
- patch
- usb_devices
- https_allowed_credentials
- image_compression_algorithm
- directory_manipulation
- container_cpu_time
- storage_zfs_use_refquota
- storage_lvm_mount_options
- network
- profile_usedby
- container_push
- container_exec_recording
- certificate_update
- container_exec_signal_handling
- gpu_devices
- container_image_properties
- migration_progress
- id_map
- network_firewall_filtering
- network_routes
- storage
- file_delete
- file_append
- network_dhcp_expiry
- storage_lvm_vg_rename
- storage_lvm_thinpool_rename
- network_vlan
- image_create_aliases
- container_stateless_copy
- container_only_migration
- storage_zfs_clone_copy
- unix_device_rename
- storage_lvm_use_thinpool
- storage_rsync_bwlimit
- network_vxlan_interface
- storage_btrfs_mount_options
- entity_description
- image_force_refresh
- storage_lvm_lv_resizing
- id_map_base
- file_symlinks
- container_push_target
- network_vlan_physical
- storage_images_delete
- container_edit_metadata
- container_snapshot_stateful_migration
- storage_driver_ceph
- storage_ceph_user_name
- resource_limits
- storage_volatile_initial_source
- storage_ceph_force_osd_reuse
- storage_block_filesystem_btrfs
- resources
- kernel_limits
- storage_api_volume_rename
- macaroon_authentication
- network_sriov
- console
- restrict_devlxd
- migration_pre_copy
- infiniband
- maas_network
- devlxd_events
- proxy
- network_dhcp_gateway
- file_get_symlink
- network_leases
- unix_device_hotplug
- storage_api_local_volume_handling
- operation_description
- clustering
- event_lifecycle
- storage_api_remote_volume_handling
- nvidia_runtime
- container_mount_propagation
- container_backup
- devlxd_images
- container_local_cross_pool_handling
- proxy_unix
- proxy_udp
- clustering_join
- proxy_tcp_udp_multi_port_handling
- network_state
- proxy_unix_dac_properties
- container_protection_delete
- unix_priv_drop
- pprof_http
- proxy_haproxy_protocol
- network_hwaddr
- proxy_nat
- network_nat_order
- container_full
- candid_authentication
- backup_compression
- candid_config
- nvidia_runtime_config
- storage_api_volume_snapshots
- storage_unmapped
- projects
- candid_config_key
- network_vxlan_ttl
- container_incremental_copy
- usb_optional_vendorid
- snapshot_scheduling
- container_copy_project
- clustering_server_address
- clustering_image_replication
- container_protection_shift
- snapshot_expiry
- container_backup_override_pool
- snapshot_expiry_creation
- network_leases_location
- resources_cpu_socket
- resources_gpu
- resources_numa
- kernel_features
- id_map_current
- event_location
- storage_api_remote_volume_snapshots
- network_nat_address
- container_nic_routes
- rbac
- cluster_internal_copy
- seccomp_notify
- lxc_features
- container_nic_ipvlan
- network_vlan_sriov
- storage_cephfs
- container_nic_ipfilter
- resources_v2
- container_exec_user_group_cwd
- container_syscall_intercept
- container_disk_shift
- storage_shifted
- resources_infiniband
- daemon_storage
- instances
- image_types
- resources_disk_sata
- clustering_roles
- images_expiry
- resources_network_firmware
- backup_compression_algorithm
- ceph_data_pool_name
- container_syscall_intercept_mount
- compression_squashfs
- container_raw_mount
- container_nic_routed
- container_syscall_intercept_mount_fuse
- container_disk_ceph
- virtual-machines
- image_profiles
- clustering_architecture
- resources_disk_id
- storage_lvm_stripes
- vm_boot_priority
- unix_hotplug_devices
- api_filtering
- instance_nic_network
- clustering_sizing
- firewall_driver
- projects_limits
- container_syscall_intercept_hugetlbfs
- limits_hugepages
- container_nic_routed_gateway
- projects_restrictions
- custom_volume_snapshot_expiry
- volume_snapshot_scheduling
- trust_ca_certificates
- snapshot_disk_usage
- clustering_edit_roles
- container_nic_routed_host_address
- container_nic_ipvlan_gateway
- resources_usb_pci
- resources_cpu_threads_numa
- resources_cpu_core_die
- api_os
- container_nic_routed_host_table
- container_nic_ipvlan_host_table
- container_nic_ipvlan_mode
- resources_system
- images_push_relay
- network_dns_search
- container_nic_routed_limits
- instance_nic_bridged_vlan
- network_state_bond_bridge
api_status: stable
api_version: "1.0"
auth: trusted
public: false
auth_methods:
- tls
environment:
addresses:
- 192.168.1.38:8443
- 10.69.91.1:8443
architectures:
- x86_64
- i686
certificate: |
-----BEGIN CERTIFICATE-----
...
-----END CERTIFICATE-----
certificate_fingerprint: a3f32526f0e1c5692ac3d522ad8c95804d14761ddf7fd20f6f5cd283b4644f0a
driver: lxc
driver_version: 4.0.2
firewall: xtables
kernel: Linux
kernel_architecture: x86_64
kernel_features:
netnsid_getifaddrs: "false"
seccomp_listener: "false"
seccomp_listener_continue: "false"
shiftfs: "false"
uevent_injection: "false"
unpriv_fscaps: "true"
kernel_version: 4.15.0-20-generic
lxc_features:
cgroup2: "true"
mount_injection_file: "true"
network_gateway_device_route: "true"
network_ipvlan: "true"
network_l2proxy: "true"
network_phys_macvlan_mtu: "true"
network_veth_router: "true"
pidfd: "true"
seccomp_notify: "true"
os_name: Ubuntu
os_version: "18.04"
project: default
server: lxd
server_clustered: false
server_name: lxdhub-dev-0
server_pid: 1479
server_version: "4.2"
storage: dir
storage_version: "1"
When I run this on the server side system:
$ curl -k https://localhost:8443/1.0/images?recursion=1 | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 108 100 108 0 0 3600 0 --:--:-- --:--:-- --:--:-- 3724
{
"type": "sync",
"status": "Success",
"status_code": 200,
"operation": "",
"error_code": 0,
"error": "",
"metadata": []
}
And
$ curl -k https://localhost:8443/1.0/images | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 423 100 423 0 0 15107 0 --:--:-- --:--:-- --:--:-- 15107
{
"type": "sync",
"status": "Success",
"status_code": 200,
"operation": "",
"error_code": 0,
"error": "",
"metadata": [
"/1.0/images/cdec3b23ebeea6a192a6e1c125b8e29a67c27b87d065aca83ef253fa7bb03e61",
"/1.0/images/ce03565c60ee195b0a6fbbfcbc95c8903b13b9cbcc2796854c2e95046445f519",
"/1.0/images/12932120efc160c3dffcf903956ae0ad266dedfb146e2e3ae5622962d74552b1",
"/1.0/images/f86ae8351f565e70b6fcc7e105bb0b8a0efc4345cd09b3094e0dbcca547e3ea4"
]
}
This behaviour also happened on my local system.
randombenj
on 22 Jun 2020
If I however run the request against the unix socket I get a different result (I have some public images locally as well):
$ curl --unix-socket /var/snap/lxd/common/lxd/unix.socket http://unix.socket/1.0/images\?recursion\=1 | jq
% Total % Received % Xferd Average Speed Time Time Time Current
Dload Upload Total Spent Left Speed
100 8996 0 8996 0 0 675k 0 --:--:-- --:--:-- --:--:-- 627k
{
"type": "sync",
"status": "Success",
"status_code": 200,
"operation": "",
"error_code": 0,
"error": "",
"metadata": [
// lots of images here ...
]
}
I would suspect that this call does not return objects for some reason: https://github.com/lxc/lxd/blob/master/lxd/images.go#L1005
randombenj
on 22 Jun 2020
Hmm, could be one of the security checks hitting when it shouldn't... Will take a look.
stgraber
on 22 Jun 2020
👍1
Seems to be working fine here.
stgraber@castiana:~/data/code/lxc/lxd (lxc/master)$ lxc launch ubuntu:20.04 f1 -c security.nesting=true
Creating f1
Starting f1
stgraber@castiana:~/data/code/lxc/lxd (lxc/master)$ lxc exec f1 bash
root@f1:~# snap refresh
2020-06-22T13:17:37Z INFO Waiting for automatic snapd restart...
snapd 2.45.1 from Canonical✓ refreshed
lxd 4.2 from Canonical✓ refreshed
root@f1:~# snap list
Name Version Rev Tracking Publisher Notes
core18 20200427 1754 latest/stable canonical✓ base
lxd 4.2 15564 latest/stable/… canonical✓ -
snapd 2.45.1 8140 latest/stable canonical✓ snapd
root@f1:~# lxc config set core.https_address :8443
If this is your first time running LXD on this machine, you should also run: lxd init
To start your first instance, try: lxc launch ubuntu:18.04
root@f1:~# curl -k https://localhost:8443/1.0/images
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":[]}
root@f1:~# lxc image copy images:alpine/edge local: --public
Image copied successfully!
root@f1:~# curl -k https://localhost:8443/1.0/images
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":["/1.0/images/a07b6c615e4f568d99e8174f6745fab6e3edd6e73a3c6f60e646c30290bd610f"]}
root@f1:~# curl -k https://localhost:8443/1.0/images?recursion=1
{"type":"sync","status":"Success","status_code":200,"operation":"","error_code":0,"error":"","metadata":[{"auto_update":false,"properties":{"architecture":"amd64","description":"Alpine edge amd64 (20200622_13:00)","os":"Alpine","release":"edge","serial":"20200622_13:00","type":"squashfs"},"public":true,"expires_at":"1970-01-01T00:00:00Z","profiles":["default"],"aliases":[],"architecture":"x86_64","cached":false,"filename":"","fingerprint":"a07b6c615e4f568d99e8174f6745fab6e3edd6e73a3c6f60e646c30290bd610f","size":4326264,"update_source":{"alias":"alpine/edge","certificate":"","protocol":"simplestreams","server":"https://images.linuxcontainers.org","image_type":""},"type":"container","created_at":"2020-06-22T00:00:00Z","last_used_at":"0001-01-01T00:00:00Z","uploaded_at":"2020-06-22T13:18:26.225308109Z"}]}
root@f1:~#
Yes your example works for me as well, strange ...
randombenj
on 22 Jun 2020
Now I can reproduce it. Run:
lxc image import file.tar.gz remote: --alias whatever
ssh lxdhub.invalid
lxc image edit whatever # change public from false to true
After this the images are not visible anymore, currently rebuilding lxd from source to get some more logs in GetImage
randombenj
on 22 Jun 2020
More than one image matches
Error from: https://github.com/lxc/lxd/blob/86d1735addd7fc393bcdeae0c5630b133c4151a9/lxd/db/images.go#L509
randombenj
on 22 Jun 2020
This check is wrong: https://github.com/lxc/lxd/blob/86d1735addd7fc393bcdeae0c5630b133c4151a9/lxd/db/images.mapper.go#L78
It will always return all public images if public is true even if the fingerprint is also given, so if there is more than one public image it will fail.
randombenj
on 22 Jun 2020
Was this page helpful?
0 / 5 - 0 ratings
Related issues
jsnjack
·
3Comments
sforteva
·
3Comments
shaun-ba
·
3Comments
iteco
·
3Comments
AndreiPashkin
·
5Comments