containerlab
containerlab copied to clipboard
delay certificates creation
Right now, we generate certificates before the containers deployments, This means the mgmt IP addresses, cannot be part of the cert SAN.
What about delaying the certificates generation till after the deployment and use SRL's json-rpc to set the certificates and enable the gnmi-server ? This also solves the issue of overwriting certificates on disk even if they are present in config.
For other nodes, we can check how certificates can be set other than at boot
since now we provision additional config for srlinux after the node has been started, it is possible to get its IP address and create the certs for IP as well
Since #1273 is merged we can now delay the cert creation until post-deploy and include the Mgmt-IP in the SANs.
done in #1345