This will generate the private keys and certificates required by the RainMaker nodes to connect to your deployment. It will also set other information like the node ids, mqtt endpoint, etc.
Notes:
- This will also create the CA key and certificate that would be used for signing the device certificates. If you already have your own CA key and certificate, you can provide it explicitly.
- If you want the Provisioning QR codes to be generated as well, please use the --prov option, and pass appropriate transport. Generally, the default is "ble" for all chips that support BLE (ESP32, ESP32-C3) and "softap" for the ones that do not (ESP32-S2). However, this primarily depends on what you have used in your firmware.
Usage:
python rainmaker_admin_cli.py certs devicecert generate [-h] [--outdir <outdir>] [--count <count>]
[--cacertfile <cacertfile>] [--cakeyfile <cakeyfile>]
[--prov <prov_type>] [--fileid <fileid>]
[--local <local>] [--inputfile <inputfile>]
optional arguments:
-h, --help show this help message and exit
--outdir <outdir> Path to output directory. Files generated will be saved in <outdir>
If directory does not exist, it will be created
Default: current directory
--count <count> Number of Node Ids for generating certificates
Default: 0
--cacertfile <cacertfile>
Path to file containing CA Certificate
--cakeyfile <cakeyfile>
Path to file containing CA Private Key
--prov <prov_type> Provisioning type to generate QR code
(softap/ble)
--fileid <fileid> File identifier
Used to identify file for each node uniquely (used as filename suffix)
Default: <node_id> (The node id's generated)
If provided, eg. `mac_addr`(MAC address),
must be part of ADDITIONAL_VALUES file (provided in config)
and must have <count> values in the file (for each node)
--local <local> This is to determine whether or not to generate node ids locally.
Default: false
--inputfile <csvfile> This is the node_ids.csv file containing pre-generated node ids.
For generating the node Ids locally without the rainmaker login:
python rainmaker_admin_cli.py certs devicecert generate --count 5 --prov ble --outdir test --local true
For generating the node certificates by providing pre-generated node ids csv file:
python rainmaker_admin_cli.py certs devicecert generate --count 5 --prov ble --outdir test --local true --inputfile <node_ids.csv>
{{< hint type=note >}} In this command, count and local argument will be ignored and inputfile will get the precendence. {{< /hint >}}
For simplest use case, the usage is as given below. If you want to add some custom data or customise some other parameters, please refer the subsequent sections.
{{< hint type=note >}} It is better to first create a small set of certificates, say 5, so that you get an idea about how the tool works. {{< /hint >}}
Example:
python rainmaker_admin_cli.py certs devicecert generate --count 5 --prov ble --outdir test --local true --inputfile <node_ids.csv>
Sample result for 2 nodes is as below :
test
└── 2020-11-29
└── Mfg-00001
├── bin
│ ├── node-00001-T2uNDXPMS9nj9vpKjs2QG8.bin
│ └── node-00002-dRagJ6GBim2HE5ENQ5nbYG.bin
├── common
│ ├── ca.crt
│ ├── ca.key
│ ├── config.csv
│ ├── endpoint.txt
│ ├── node_certs.csv
│ ├── node_ids.csv
│ └── values.csv
├── node_details
│ ├── node-00001-T2uNDXPMS9nj9vpKjs2QG8
│ │ ├── node.crt
│ │ ├── node.key
│ │ ├── node_info.csv
│ │ ├── qrcode.txt
│ │ └── random.txt
│ └── node-00002-dRagJ6GBim2HE5ENQ5nbYG
│ ├── node.crt
│ ├── node.key
│ ├── node_info.csv
│ ├── qrcode.txt
│ └── random.txt
└── qrcode
├── node-00001-T2uNDXPMS9nj9vpKjs2QG8.png
└── node-00002-dRagJ6GBim2HE5ENQ5nbYG.png
The output directory will have the following sub-directory structure:
<outdir>/<current_date>/Mfg-<no>- Sub-directory with the current date is created.
- A
Mfg-<no>sub-directory will be created where<no>is the batch number (which increments on each CLI run).
- A
- Sub-directory with the current date is created.
The output directory contains the following files:
bin/: For each device certificate, the corresponding NVS partition binaries are generated in this directory, which can be used to flash onto the device. File format:node-<index>-<node_id>.bincommon/: This has some common files that are generated during the processca.crt: CA Certificate.ca.key: CA Key.endpoint.txt: MQTT Endpoint for this deployment.node_certs.csv: CSV for all the Node Certificates in this batch to be registered to the cloud.node_ids.csv: CSV for all node ids generated in this batch.config.csv: The NVS configuration file as per the format defined here for the IDF Manufacturing Utility.values.csv: Master file with all the values for all the nodes as per the format defined here for the IDF Manufacturing Utility.
node_details/: All node details are stored in this directory.
Following details for each node are stored innode_details/node-<index>-<node_id>directory:node.crt: Device Certificates.node.key: Private key for each device certificate.node_info.csv: The csv file used as configuration to generate the binary.qrcode.txt: The QR code payload (used during provisioning, available only if --prov is given).random.txt: The random bytes information (used to generate device name and PoP, available only if --prov is given).node_encr_key.bin: Encryption key (if encryption is enabled in config).
qrcode/: QR code images for all nodes are stored in this directory (used during provisioning, available only if --prov is given). File format:node-<index>-<node_id>.png