How to use preesed to join to existing cluster?

StraigenDaigen · October 28, 2020, 4:08pm

Hi!, I’m begineer using LXD, so I have been trying to provide from external file using shell a file to create a cluster and then join to it from another 2 virtual machines. I’m using vagrant to create 3 virtual machines, and the target is to create load balancer for 2 web sites that are storage inside lxd containers. So the first thing that I did was to provide the configuration for the first lxd cluster in the VM1 as follows:

cat <<EOF | lxd init --preseed

config:
  core.https_address: 192.168.100.8:8443
  core.trust_password: admin
networks:
- config:
    bridge.mode: fan
    fan.underlay_subnet: 192.168.100.0/24
  description: ""
  name: lxdfan0
  type: ""
  project: default
storage_pools:
- config: {}
  description: ""
  name: local
  driver: dir
profiles:
- config: {}
  description: ""
  devices:
    eth0:
      name: eth0
      network: lxdfan0
      type: nic
    root:
      path: /
      pool: local
      type: disk
  name: default
cluster:
  server_name: server1
  enabled: true
  member_config: []
  cluster_address: ""
  cluster_certificate: ""
  server_address: ""
  cluster_password: ""

EOF

Above means that I created a Cluster with that ip address, network name and password. After that I need to create new node, and join it to the server1. The problem is I don’t know how to gives the cluster certificate that has been created in the node1.

cat <<EOF | lxd init --preseed

config: {}

networks: []

storage_pools: []

profiles: []

cluster:

  server_name: server2

  enabled: true

  member_config:

  - entity: storage-pool

    name: local

    key: source

    value: ""

    description: '"source" property for storage pool "local"'

  cluster_address: 192.168.100.8:8443

  cluster_certificate: ""

  server_address: 192.168.100.9:8443

  cluster_password: admin

EOF

cluster_certificate is empty, what should I need to insert in this place?

I reviewed the following documentation about preseed:

https://lxd.readthedocs.io/en/latest/clustering/

But it is not clear for me, If someone can help me, I’ll very grateful.

freeekanayaka · October 28, 2020, 4:41pm

In the documentation you have linked there is an explicit paragraph about what to put in the preseed file to join a new node, and in particular how to fill the certificate field:

Now create a bootstrap file for another node. You only need to fill in the cluster section with data and config values that are specific to the joining node.

Be sure to include the address and certificate of the target bootstrap node. To create a YAML-compatible entry for the cluster_certificate key you can use a command like sed ':a;N;$!ba;s/\n/\n\n/g' /var/lib/lxd/server.crt , which you have to run on the bootstrap node.
For example:

cluster:
  enabled: true
  server_name: node2
  server_address: 10.55.60.155:8443
  cluster_address: 10.55.60.171:8443
  cluster_certificate: "-----BEGIN CERTIFICATE-----

opyQ1VRpAg2sV2C4W8irbNqeUsTeZZxhLqp4vNOXXBBrSqUCdPu1JXADV0kavg1l

2sXYoMobyV3K+RaJgsr1OiHjacGiGCQT3YyNGGY/n5zgT/8xI0Dquvja0bNkaf6f

...

-----END CERTIFICATE-----
"
  cluster_password: sekret
  member_config:
  - entity: storage-pool
    name: default
    key: source
    value: ""

stgraber · October 28, 2020, 4:51pm

An easy way to see what you should have passed as preseed is to run lxd init interactively on a second system, answer all the questions and then at the end, answer yes to showing you the preseed file.

StraigenDaigen · October 29, 2020, 9:11pm

I solved it. The problem was the indentation of the certificate string. The string need specific spaces to be read.

![preseed|456x499](upload://gS2vJQxW0wQfX8nPDmhcGvSAUdF.png)

StraigenDaigen · October 29, 2020, 9:14pm

My solution was to storage the certificate string inside a variable and after that pull it from my another Virtual Machine as follows
certification=$(</vagrant/servidor.crt)

echo "$certification"

cat <<TEST> /home/vagrant/clusterconf.yaml

config: {}

networks: []

storage_pools: []

profiles: []

cluster:

  server_name: v2Web2

  enabled: true

  member_config:

  - entity: storage-pool

    name: local

    key: source

    value: ""

    description: '"source" property for storage pool "local"'

  cluster_address: 192.168.100.8:8443

  cluster_certificate:  |

$certification

  server_address: 192.168.100.9:8443

  cluster_password: miniproyecto1

TEST

cat /home/vagrant/clusterconf.yaml

sleep 10

echo "agregando certificado al preseed"

cat /home/vagrant/clusterconf.yaml | lxd init --preseed

dontlaugh · April 3, 2021, 9:27pm

Is the certificate stored somewhere else? The sed command doesn’t work (using ubuntu 20.10, also in vagrant)

coleman@ubuntu2010:~$ sed ':a;N;$!ba;s/\n/\n\n/g' /var/lib/lxd/server.crt
sed: can't read /var/lib/lxd/server.crt: No such file or directory

My bootstrap node was created with this preseed template (puppet epp syntax, but you should get the idea. It was adapted from the docs page you mentioned).

<%- |
  String $trust_password = "demo",
  String $server_name = "alpha",
  String $server_addr = "172.100.10.2:8443",
| -%>
config:
  core.trust_password: <%= $trust_password %>
  core.https_address: <%= $server_addr %>
  images.auto_update_interval: 15
storage_pools:
  - name: default
    driver: dir
networks:
  - name: lxdbr0
    type: bridge
    config:
      ipv4.address: 192.168.100.14/24
      ipv6.address: none
profiles:
  - name: default
    devices:
      root:
        path: /
        pool: default
        type: disk
      eth0:
        name: eth0
        nictype: bridged
        parent: lxdbr0
        type: nic
cluster:
  server_name: <%= $server_name %>
  enabled: true

tomp · April 6, 2021, 8:15am

Try using /var/snap/lxd/common/lxd/server.crt if you’re using the snap package.