LXD pod authorization with cert

Hi all .

I trying, on MAAS version: 2.8.0 (8559-g.a96969555) version, create LXD “pod” see next image

LXD api listen on and authorization to LXD API endpoint is with trusted client cert (it is functional - tested via curl)

The question is where put this certs (rack controllers? and where? ) and how setup maas to accepted this cert an key, in communication with LXD?

Thank for any suggestion.

MAAS uses a self signed certificate to communicate with LXD. MAAS will automatically add the certificate to LXD when you connect with a password.

If you do not want to authenticate with a password you can manually add the certificate for each rack controller to your LXD Pod. The certificates are stored in /etc/maas/certificates/ or /var/snap/maas/common/certificates. MAAS will automatically renew the certificates before they expire, if password authentication is disabled you’ll have to manually readd the certificates again.

We are looking into improving this process.

Hi Lee,
thank you very much.