Debugging¶
For information on debugging instance issues, see How to troubleshoot failing instances.
Debugging lxc and lxd¶
Here are different ways to help troubleshooting lxc and lxd code.
lxc --debug¶
Adding --debug flag to any client command will give extra information
about internals. If there is no useful info, it can be added with the
logging call:
logger.Debugf("Hello: %s", "Debug")
lxc monitor¶
This command will monitor messages as they appear on remote server.
REST API through local socket¶
On server side the most easy way is to communicate with LXD through
local socket. This command accesses GET /1.0 and formats JSON into
human readable form using jq
utility:
curl --unix-socket /var/lib/lxd/unix.socket lxd/1.0 | jq .
or for snap users:
curl --unix-socket /var/snap/lxd/common/lxd/unix.socket lxd/1.0 | jq .
See the RESTful API for available API.
REST API through HTTPS¶
HTTPS connection to LXD requires valid
client certificate that is generated on first lxc remote add. This
certificate should be passed to connection tools for authentication
and encryption.
If desired, openssl can be used to examine the certificate (~/.config/lxc/client.crt
or ~/snap/lxd/common/config/client.crt for snap users):
openssl x509 -text -noout -in client.crt
Among the lines you should see:
Certificate purposes:
SSL client : Yes
With command line tools¶
wget --no-check-certificate --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -qO - https://127.0.0.1:8443/1.0
# or for snap users
wget --no-check-certificate --certificate=$HOME/snap/lxd/common/config/client.crt --private-key=$HOME/snap/lxd/common/config/client.key -qO - https://127.0.0.1:8443/1.0
With browser¶
Some browser plugins provide convenient interface to create, modify
and replay web requests. To authenticate against LXD server, convert
lxc client certificate into importable format and import it into
browser.
For example this produces client.pfx in Windows-compatible format:
openssl pkcs12 -clcerts -inkey client.key -in client.crt -export -out client.pfx
After that, opening https://127.0.0.1:8443/1.0 should work as expected.