I have no choice but to live behind an SSL/TLS interception/inspection solution at work. I have the certificate that they issue me, and the machine I’m running juju on trusts the ca. I am confident the machine itself works fine, I can run apt, etc… but I cannot get juju to use the cert to trust the ca to then trust the streams.cannonical.com server. Whenever I try to bootstrap I get the following error:
I believe this thread may provide you some useful information about importing the additional CA into the bootstrap process with cloudinit-userdata model-config for your controller:
Well, that didn’t work as planned. The command ‘juju model-config cloudinit-userdata.yaml’ assumes you’re already bootstrapped. I’m trying to bootstrap.
I’m going to look for a similar command for the bootstrap.
I did a little digging on this subject as well, and it appears that the controller-config does not support cloudinit-metadata (which makes sense, since the cloud provider is the one that does the configuration of cloudinit for the machines the controller is deployed to.)
If you are using MAAS, you will need to setup a custom snippet to deploy the CA on the machines. If using an openstack cloud provider, you may be able to configure ca-credentials to include additional CA certs in the bundle, or add cloud-wide vendor-metadata that includes the CA on every openstack instance deployed.
Okay, I will do that, but I just want to make sure you’re understanding that this is failing at the bootstrap command. I cannot get bootstrapped, because the juju bootstrap command is failing on the cert issue.
