Hello! I originally set up MAAS in a VM, but now I have LXD I can move it to a Linux Container. If I do this and turn off my old MAAS server, I can’t do anything state-changing in LXD. If I try to manually update the MAAS server details in “lxc config edit” then I get an “Config parsing error: ETag doesn’t match” error and I can’t save the change.
Any suggestions?
After some further probing it seems to be related to the certificate of the MAAS server.
If I change the IP of the MAAS server to its FQDN:5443, I don’t get the ETag error but I do get “x509: certificate signed by unknown authority” even though the cert is signed by ZeroSSL and Firefox is happy with it.
Is there a tidier way to tell LXD to forget the old MAAS server and start anew with a new one? And would that even fix this x509 cert error?
Well I’ve had to remove the SSL configuration in the MAAS container to go back to non-SSL. I suppose I could have added ZeroSSL’s cert to he machine but it seems weird that it doesn’t recognise it as part of the ca root certs, so I wasn’t keen to mess with something I didn’t understand the implications of.
Then I had to try a lot of different things to get the default MAAS server changed.
In the end, what I think worked was re-registering the LXD host in MAAS using the process for a deployed machine, then changing the maas.api.url and maas.api.token though lxc config.
I think part of the problem is that these free SSL certs only apply to a FQDN and not to an IP, so if you’ve defined the MAAS server by IP anywhere and then try to connect using HTTPS something throws an error.
… and it’s broken again. I can’t launch a container now because the MAAS server isn’t available.
I’ve not changed any configs, so I don’t know what’s gone wrong. I also had :
missing profile snap-update-ns.maas.
Please make sure that the snapd.apparmor service is enabled and started
snap-update-ns failed with code 1
on the MAAS LXC which I had to fix with :
apparmor_parser -r /var/lib/snapd/apparmor/profiles/*
and
root@maas:~# systemctl enable apparmor.service
Synchronizing state of apparmor.service with SysV service script with /lib/systemd/systemd-sysv-install.
Executing: /lib/systemd/systemd-sysv-install enable apparmor
root@maas:~# systemctl enable snapd.apparmor.service
root@maas:~# reboot now
… which is pretty annoying. Is MAAS really this delicate?
Most importantly, how do I fix LXD’s connection to MAAS?