diff options
author | Lars Wirzenius <liw@liw.fi> | 2022-09-17 16:02:52 +0300 |
---|---|---|
committer | Lars Wirzenius <liw@liw.fi> | 2022-09-17 16:02:52 +0300 |
commit | 2e994ab9d9349e73f680b7499c991bd95e12f286 (patch) | |
tree | 9a9905b0d2bfebc1ecbef9db4af0790479b19836 | |
parent | 9ce78c6f1dc931644bd890527a1ade89c940b8dd (diff) | |
download | v-i-2e994ab9d9349e73f680b7499c991bd95e12f286.tar.gz |
feat: add script to use my sshca tool to generate host_key/host_cert
The create-host-id script runs my sshca tool generate a vars file to
set the host_key and host_cert Ansible variables.
Sponsored-by: author
-rwxr-xr-x | create-host-id | 33 |
1 files changed, 33 insertions, 0 deletions
diff --git a/create-host-id b/create-host-id new file mode 100755 index 0000000..2c5748b --- /dev/null +++ b/create-host-id @@ -0,0 +1,33 @@ +#!/usr/bin/python3 + +import argparse +import yaml +import subprocess +import sys + + +def public_key(hostname): + p = subprocess.run( + ["sshca", "host", "public-key", hostname], check=True, capture_output=True + ) + return p.stdout.decode().strip() + + +def cert(ca, hostname): + p = subprocess.run( + ["sshca", "host", "certify", ca, hostname], check=True, capture_output=True + ) + return p.stdout.decode().strip() + + +p = argparse.ArgumentParser() +p.add_argument("--host", required=True) +p.add_argument("--ca", required=True) +args = p.parse_args() + +host_id = { + "host_key": public_key(args.host), + "host_cert": cert(args.ca, args.host), +} + +yaml.dump(host_id, sys.stdout) |