drn05r
commented
4 years ago This has now been reimplemented in Python3 in certs repo. It has its own module that generates the certificate and key based on being provided the appropriate information. It also has a command line script that can do the following:
- Create outstanding empty certificates
- Renew the certificate for a node and SSH in to update it where possible
- Generate a tarball with certificate, key and CA for a particular node.
At some point we may want to extend this or functionalise bits of the command line script so it can be used by web-based framework's like Django.
Currently the scripts for generating and renewing certficates for nodes and servers are a bit of a mess. A single file script that provides a menu of options should be able to do the job maybe with an options to specify a settings file to use. This would save having duplicated code that I suspect may have already become inconsistent between the multiple scripts that currently exist.