How does one get the correct certificates?

l33tname · May 11, 2021, 2:11pm

Are there any best practices to manage certificates needed for LXD?
To get an image from https://images.linuxcontainers.org/ i need a certificate.
So I have code like this:

cert = ssl.get_server_certificate((config.lxd_server, config.lxd_port))
container_spec = {
    "name": testbed,
    "source": {
        "type": "image",
        "mode": "pull",
        "server": f"https://{config.lxd_server}:{config.lxd_port}",
        "protocol": "lxd",
        "certificate": cert,
        "alias": testbed,
    },
    "devices": {
        "mount-results": {
            "path": "results",
            "type": "disk",
            "source": result_location,
        }
    },
}

container = client.instances.create(container_spec, wait=True)

So what is the best practice to get these certs? Just ship them with the app? But then how to update them?

stgraber · May 11, 2021, 3:51pm

You do not need to pass in the certificate for any server which has a valid CA signed certificate as is the case for our image servers.

You only need to pass it if it’s another LXD server and it’s therefore using a self signed certificate.