How can I force the creation of a new key/cert for versions of LXD newer than 2.0 without having to first install LXD 2.0 and launch a test container?
Example output from a 2.0 installation:
[redhat@centos7-test lxd]$ lxc init images:centos/6/amd64 testing Generating a client certificate. This may take a minute... Creating testing
If I go with a fresh installation of LXD newer than 2.0 client cert/key files do not appear to be automatically created.
If I understand this post to the dev list correctly, this change in behavior is intentional.
I’m still fairly new to LXD and am primarily using LXD 2.0 and 3.0 for testing Ansible playbooks.
I’ve been able to use Ansible + lxd_container and lxd_profile to manage LXD profiles and containers without issue on Ubuntu 16.04 and newer using APT-based and snap-based installations. For UNIX sockets it was mostly straightforward once I figured out the difference in location (
I had a lot of trouble getting REST API connectivity working via
https://127.0.0.1:8443 until I found some Ansible GitHub issues noting that the client cert and key were still required even when providing the trust password. For whatever reason my test Ubuntu 16.04 systems already had the key pair, likely as a result of installing LXD 2.0 before going back and enabling the backports repo to gain access to 3.0.3 LTS packages.
For CentOS 7 I struggled similarly, until I went through these steps which resulted in the desired key/cert files and a fully updated LXD installation:
sudo snap install lxd --channel=2.0/stable
sudo /var/lib/snapd/snap/bin/lxd init
lxc init images:centos/6/amd64 testing
sudo snap refresh lxd --channel=stable
I then had to follow the steps provided on this thread to apply the required namespace changes:
grubby --args="user_namespace.enable=1" --update-kernel="$(grubby --default-kernel)" grubby --args="namespace.unpriv_enable=1" --update-kernel="$(grubby --default-kernel)" echo "user.max_user_namespaces=3883" > /etc/sysctl.d/99-userns.conf reboot
That specific set of steps results in me being able to manage LXD profiles and containers from Ansible.
Thanks in advance for reading this and for any tips/tricks that you may have.