New cluster certificates

JeToJedno · April 13, 2021, 6:21pm

A brief question: I want to switch the LXD cluster from its self generated certificates to centrally managed ones. I can (obviously) reinstall LXD on all the hosts to do this, or can just update the config for the controller, add trust relationships and add the certificates to the workers.

Has anyone tried the reconfig with certificates or should I just go for a reinstall?

Thanks
David

stgraber · April 13, 2021, 6:31pm

Replacing cluster.crt and cluster.key on all nodes and then doing systemctl reload snap.lxd.daemon should do what you want.

We’ve got some planned work over the next 6 months to add an API that allows you to do that, making it easier for folks to script with letsencrypt and the like.