I am trying to configure TLS on maas and I am unclear where I should put the certs. I get various permission denied messages on difrent files in the command when ever I run the config-tls. I also get apparmor errors.
edit: The files are owned and readable by root. should it be another user maybe?
commmand I am running.
maas config-tls enable --cacert /tmp/ldap.example.net.pem -p 443 /tmp/maas.example.net.key /tmp/maas.example.net.pem
maas config-tls enable --cacert /etc/ssl/certs/ldap.example.net.pem -p 443 /etc/ssl/private/maas.example.net.key /etc/ssl/certs/maas.example.net.pem
I have also tried my home dir with the above cmd.
command line error. The specific file denied changes with location.
argument key: can't open '/etc/ssl/private/maas.example.net.key': [Errno 13] Permission denied: '/etc/ssl/private/maas.example.net.key'
apparmor error.
Apr 9 14:40:04 maas systemd[1]: Started snap.maas.maas.15bd76f6-3c49-4083-a6bb-a2a548fc93c4.scope.
Apr 9 14:40:06 maas kernel: [80193.070884] audit: type=1400 audit(1681051206.823:10760): apparmor="DENIED" operation="open" profile="snap.maas.maas" name="/etc/ssl/private/maas.example.net.key" pid=80199 comm="python3" requested_mask="r" denied_mask="r" fsuid=0 ouid=0
Apr 9 14:40:07 maas systemd[1]: snap.maas.maas.15bd76f6-3c49-4083-a6bb-a2a548fc93c4.scope: Succeeded.
maas version installed from snap. Installed on fresh Ubuntu 20.04.6 LTS
instance.
Name Version Rev Tracking Publisher Notes
maas 3.3.1-13169-g.94920eb1e 26658 3.3/stable canonicalâś“ -