Hello folks,
I have an lxd server I’ve created, and I was able to auth a client to the server and copy a couple of images there. Now, on a second client, I am trying to add the remote so I can pull down images. However, each time I try to add the remote I get
Error: Get "https://10.1.1.1": Forbidden
immediately upon executing.
The network is a flat 10.1.1.0/24, with client-1 on 10.1.1.2 and client-2 on 10.1.1.3
From client-2, nc -v 10.1.1.1 8443
succeeds, and I can see 8443 listening on the server when I run ss -plant
. Neither host has the firewall running, ufw status
shows Inactive
(plus nc is connecting, so I’ve ruled out a network issue).
My current server config is
config:
core.https_address: 0.0.0.0
core.trust_password: true
However I have also tried 10.1.1.1
, 8443
and :8443
for the core.https_address
, making sure I run systemctl reload snap.lxd.daemon.service
after each config change.
lxc config trust show
shows client-1 in the list, so I know the server was (still is?) working. In fact, I’m able to list images on the remote with lxc image list server:ubuntu
as well as lxc copy
images across to there.
Client-2, however, gets the “Forbidden” error in each instance. I’ve tried-
lxc remote add https://10.1.1.1
lxc remote add https://10.1.1.1:8443
lxc remote add https://10.1.1.1 --protocol=simplestreams
(3 failed withError: Failed parsing streams: Get "https://10.1.1.1/streams/v1/index.json": Service Unavailable"
- From the server side-
lxc config trust add
withubuntu@client-2
for the client name. Then from the client-2 side, I ranlxc remote add server <token-from-server>
, which fails with the errorAll server addresses are unavailable, Please provide an alternate server address (empty to abort):
- I’ve triedhttps://10.1.1.1
andhttps://10.1.1.1:8443
for this but neither has worked so far.
My understanding of the core.trust_password
option was that this would prompt the client for a password configured on the server, and when the password was give the client could input a password and have their client certificate added to the trust store, but at the moment none of my clients are getting even the prompt for a password- aside from client-2 I have client-3 and client-4 that have the same “Forbidden” issue. Is there something I’ve configured incorrectly?