feat: add script to use my sshca tool to generate host_key/host_cert

The create-host-id script runs my sshca tool generate a vars file to set the host_key and host_cert Ansible variables. Sponsored-by: author
author: Lars Wirzenius <liw@liw.fi> 2022-09-17 16:02:52 +0300
committer: Lars Wirzenius <liw@liw.fi> 2022-09-17 16:02:52 +0300
commit: 2e994ab9d9349e73f680b7499c991bd95e12f286 (patch)
tree: 9a9905b0d2bfebc1ecbef9db4af0790479b19836
parent: 9ce78c6f1dc931644bd890527a1ade89c940b8dd (diff)
download: v-i-2e994ab9d9349e73f680b7499c991bd95e12f286.tar.gz
1 files changed, 33 insertions, 0 deletions
diff --git a/create-host-id b/create-host-id
new file mode 100755
index 0000000..2c5748b
--- /dev/null
+++ b/create-host-id
@@ -0,0 +1,33 @@
+#!/usr/bin/python3
+
+import argparse
+import yaml
+import subprocess
+import sys
+
+
+def public_key(hostname):
+    p = subprocess.run(
+        ["sshca", "host", "public-key", hostname], check=True, capture_output=True
+    )
+    return p.stdout.decode().strip()
+
+
+def cert(ca, hostname):
+    p = subprocess.run(
+        ["sshca", "host", "certify", ca, hostname], check=True, capture_output=True
+    )
+    return p.stdout.decode().strip()
+
+
+p = argparse.ArgumentParser()
+p.add_argument("--host", required=True)
+p.add_argument("--ca", required=True)
+args = p.parse_args()
+
+host_id = {
+    "host_key": public_key(args.host),
+    "host_cert": cert(args.ca, args.host),
+}
+
+yaml.dump(host_id, sys.stdout)
author	Lars Wirzenius <liw@liw.fi>	2022-09-17 16:02:52 +0300
committer	Lars Wirzenius <liw@liw.fi>	2022-09-17 16:02:52 +0300
commit	2e994ab9d9349e73f680b7499c991bd95e12f286 (patch)
tree	9a9905b0d2bfebc1ecbef9db4af0790479b19836
parent	9ce78c6f1dc931644bd890527a1ade89c940b8dd (diff)
download	v-i-2e994ab9d9349e73f680b7499c991bd95e12f286.tar.gz