I’m trying to specify a certificate using incus.json in seed.tar as follows:
{
“version”: “1.0.0”,
“apply_defaults”: true,
“preseed”: {
“certificates”: {
“name”: “incusserver”,
“type”: “client”,
“certificate”: “-----BEGIN CERTIFICATE-----\nremoved\n-----END CERTIFICATE-----”
}
}
}
at installation it reports fields “certificates” unknown, Do i miss something to get this working?
(I also have applications.json in the tar)
Syntax looks incorrect, certificates should be a list of certificates.
Thanks for pointing that out, however…
fixing it does result in the same error.
{
“version”: “1.0.0”,
“apply_defaults”: true,
“preseed”: {
“certificates”: [
{
“name”: “incusserver”,
“type”: “client”,
“certificate”: “-----BEGIN CERTIFICATE-----\nremoved\n-----END CERTIFICATE-----”
}
]
}
}
[in earlier tests I also had config and network in there and that gave similar error]
Can you maybe try as YAML instead?
We once had a report of similar issues with JSON, I wonder if that’s what’s going on here.
So something like this (incus.yaml):
version: "1"
apply_defaults: true
preseed:
certificates:
- name: admin
type: client
certificate: |-
-----BEGIN CERTIFICATE-----
MIIB3zCCAWWgAwIBAgIRAPsjgzinxRb4F+RCLlIoW/0wCgYIKoZIzj0EAwMwNzEZ
MBcGA1UEChMQTGludXggQ29udGFpbmVyczEaMBgGA1UEAwwRc3RncmFiZXJAY2Fz
dGlhbmEwHhcNMjUwMjI3MDI0OTU2WhcNMzUwMjI1MDI0OTU2WjA3MRkwFwYDVQQK
ExBMaW51eCBDb250YWluZXJzMRowGAYDVQQDDBFzdGdyYWJlckBjYXN0aWFuYTB2
MBAGByqGSM49AgEGBSuBBAAiA2IABP6VcSHfwgANWsreilDqjedH0H+I4z4Uf03D
NnxMWTVPMZ1CooZslQDKnBJMt33a3zo+KSIBW/7ZECpo5v/krR6Vk6rqDO6GlOme
WTke/d4Vc8GVSfeyWcOLUlAYBwSHqKM1MDMwDgYDVR0PAQH/BAQDAgWgMBMGA1Ud
JQQMMAoGCCsGAQUFBwMCMAwGA1UdEwEB/wQCMAAwCgYIKoZIzj0EAwMDaAAwZQIw
YA0kKIm2/SaVaBSDg2GBPFvDIRtHtcGNN7k5+ybvwScXB4KAJl7whR/cfOelGCJg
AjEA5+FUu4+kpojEvuSt/3JfqJxcOz43bz9e3P4GLHsRX4FFllQLpFTu0N7ipaF6
QeGq
-----END CERTIFICATE-----
description: Initial admin client
Hi
Yes indeed,
using yaml there are no errors (and the certificate works).
Thanks.
@gibmat can you take a look at the JSON handling for why we may have a problem with this one?
Just reporting I ran into this same issue today - the json file complained about certificates, but the yaml file did not. Here was the script I was using for reproduction:
#!/usr/bin/env -S uv run
# /// script
# dependencies = ["pyyaml"]
# ///
import argparse
import tarfile
import io
from pathlib import Path
import json
import yaml
def main() -> None:
p = argparse.ArgumentParser()
p.add_argument("cert", type=Path)
p.add_argument(
"--format",
choices=["json", "yaml"],
default="yaml",
help="Output format for the tar contents",
)
args = p.parse_args()
if not args.cert.is_file():
p.error("certificate must be an existing file")
cert = args.cert.read_text().strip()
if "BEGIN CERTIFICATE" not in cert:
p.error("not a valid PEM certificate")
doc = {
"apply_defaults": True,
"preseed": {
"certificates": [
{
"name": "metasyn",
"type": "client",
"certificate": cert,
}
]
},
}
if args.format == "json":
ext = "json"
data = json.dumps(doc, indent=2).encode()
else:
ext = "yaml"
data = yaml.safe_dump(doc, sort_keys=False).encode()
with tarfile.open("seed.tar", "w") as tar:
# Main config file
info = tarfile.TarInfo(f"incus.{ext}")
info.size = len(data)
tar.addfile(info, io.BytesIO(data))
# Install file (empty)
info = tarfile.TarInfo(f"install.{ext}")
info.size = 0
tar.addfile(info, io.BytesIO(b""))
print(f"Created seed.tar with {args.format.upper()} files!")
if __name__ == "__main__":
main()
I believe this should have been fixed with Fix preseed struct by stgraber · Pull Request #2968 · lxc/incus · GitHub, which is part of last week’s Incus 6.22 release. The latest stable IncusOS release also includes the fix.