From the top of my head, this can’t be achieved easily. In the deployed machines it’s easy, but for ephemeral images (meaning the commissioning and the image that is loaded to install the target OS) it’s more tricky.
When the ephemeral image boots it get a cloud-init preseed with the apt configuration like
#cloud-config
apt:
preserve_sources_list: false
proxy: whatever
sources_list: 'deb http://archive.ubuntu.com/ubuntu $RELEASE universe main restricted
multiverse
# deb-src http://archive.ubuntu.com/ubuntu $RELEASE universe main restricted multiverse
deb http://archive.ubuntu.com/ubuntu $RELEASE-updates universe main restricted
multiverse
# deb-src http://archive.ubuntu.com/ubuntu $RELEASE-updates universe main restricted
multiverse
deb http://archive.ubuntu.com/ubuntu $RELEASE-security universe main restricted
multiverse
# deb-src http://archive.ubuntu.com/ubuntu $RELEASE-security universe main restricted
multiverse
deb http://archive.ubuntu.com/ubuntu $RELEASE-backports universe main restricted
multiverse
# deb-src http://archive.ubuntu.com/ubuntu $RELEASE-backports universe main restricted
multiverse
but MAAS doesn’t let you to customize it with all the options supported by cloud-init. However, up to my knowledge cloud-init does not have an option to ignore the certificates. It’s possible to set a custom ca certificate, but not to ignore it
Where do i set the custom ca certificate? I see a key option under Repo Packages but I think this is for GPG signature for individual packages, not for ca certificate.
Cloud init has an apt conf parameter(shown below) that can be passed to ignore cert verification but like you said, customization is not supported by MAAS so i’m not sure of this route.