From 34f2f6e359e63b6cf8040b6db5a4f212e9e60b15 Mon Sep 17 00:00:00 2001
From: Jarrod Johnson <jjohnson2@lenovo.com>
Date: Fri, 6 Mar 2020 13:43:54 -0500
Subject: [PATCH] Add a sample for doing SSH CA

This will explore the concept for the
backend of the get certificate api.
---
 misc/sshca.py | 23 +++++++++++++++++++++++
 1 file changed, 23 insertions(+)
 create mode 100644 misc/sshca.py

diff --git a/misc/sshca.py b/misc/sshca.py
new file mode 100644
index 00000000..eefc54f6
--- /dev/null
+++ b/misc/sshca.py
@@ -0,0 +1,23 @@
+#!/usr/bin/python
+
+import confluent.collective.manager as collective
+import eventlet.green.subprocess as subprocess
+import os
+
+def initialize_ca():
+    try:
+        os.makedirs('/etc/confluent/ssh', mode=0o600)
+    except OSError as e:
+        if e.errno != 17:
+            raise
+    caname = '{0} SSH CA'.format(collective.get_myname())
+    subprocess.check_call(['ssh-keygen', '-C', caname, '-t', 'ecdsa', '-f', '/etc/confluent/ssh/ca', '-N', ''])
+
+
+def ca_exists():
+    return os.path.exists('/etc/confluent/ssh/ca')
+
+
+if __name__ == '__main__':
+    if not ca_exists():
+        initialize_ca()
\ No newline at end of file