Debugging

For information on debugging instance issues, see Frequently Asked Questions

Debugging lxc and lxd

Here are different ways to help troubleshooting lxc and lxd code.

lxc –debug

Adding --debug flag to any client command will give extra information about internals. If there is no useful info, it can be added with the logging call:

logger.Debugf("Hello: %s", "Debug")

lxc monitor

This command will monitor messages as they appear on remote server.

lxd –debug

Shutting down lxd server and running it in foreground with --debug flag will bring a lot of (hopefully) useful info:

systemctl stop lxd lxd.socket
lxd --debug --group lxd

--group lxd is needed to grant access to unprivileged users in this group.

REST API through local socket

On server side the most easy way is to communicate with LXD through local socket. This command accesses GET /1.0 and formats JSON into human readable form using jq utility:

curl --unix-socket /var/lib/lxd/unix.socket lxd/1.0 | jq .

or for snap users:

curl --unix-socket /var/snap/lxd/common/lxd/unix.socket lxd/1.0 | jq .

See the RESTful API for available API.

REST API through HTTPS

HTTPS connection to LXD requires valid client certificate, generated in ~/.config/lxc/client.crt on first lxc remote add. This certificate should be passed to connection tools for authentication and encryption.

Examining certificate. In case you are curious:

openssl x509 -in client.crt -purpose

Among the lines you should see:

Certificate purposes:
SSL client : Yes

with command line tools

wget --no-check-certificate https://127.0.0.1:8443/1.0 --certificate=$HOME/.config/lxc/client.crt --private-key=$HOME/.config/lxc/client.key -O - -q

with browser

Some browser plugins provide convenient interface to create, modify and replay web requests. To authenticate againsg LXD server, convert lxc client certificate into importable format and import it into browser.

For example this produces client.pfx in Windows-compatible format:

openssl pkcs12 -clcerts -inkey client.key -in client.crt -export -out client.pfx

After that, opening https://127.0.0.1:8443/1.0 should work as expected.