Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3810 Commits
8 Branches
43 Tags
27 MiB
Tree: 083ae9b67a
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '083ae9b67a'
${ noResults }
acme.sh/deploy/xcp-ng.sh

95 lines
3.1 KiB
Raw Normal View History

Add support for XCP-ng
4 years ago
  1. #!/usr/bin/bash
  2. # Deploys a certificate to the XAPI service of the XCP-ng hypervisor.
  3. # Further documentation: https://xcp-ng.org/docs/guides.html#tls-certificate-for-xcp-ng
  5. XAPI_SSL_PATH="/etc/xensource/xapi-ssl.pem"
  6. XCP_NG_BACKUP_DIR="/tmp/$(uuidgen)"
  8. # xcp-ng_deploy deploys the new certificate to XCP-ng.
  9. xcp-ng_deploy() {
  10. _cdomain="$1"
  11. _ckey="$2"
  12. _ccert="$3"
  13. _cca="$4"
  14. _cfullchain="$5"
  16. _debug _cdomain "$_cdomain"
  17. _debug _ckey "$_ckey"
  18. _debug _ccert "$_ccert"
  19. _debug _cca "$_cca"
  20. _debug _cfullchain "$_cfullchain"
  22. if [[ $(_xcp-ng_backup_certificate) -ne 0 ]]; then
  23. return 1
  24. fi
  25. _debug "Deploying certificate with 'xe host-server-certificate-install'"
  27. if [[ $(sudo xe host-server-certificate-install certificate="${_ccert}" private-key="${_ckey}" certificate-chain="${_cca}") -ne 0 ]]; then
  28. if [[ $(_xcp-ng_backup_restore) -eq 0 ]]; then
  29. xcp-ng_backup_delete 2>&1
  30. fi
  31. return 1
  32. fi
  33. _info "Certificate was deployed successfully."
  34. _xcp-ng_backup_delete 2>&1
  35. return 0
  36. }
  38. # _xcp-ng_backup_certificate saves the current certificate to a temporary folder.
  39. # The folder can be read/ written by the current user only (chmod 600).
  40. _xcp-ng_backup_certificate() {
  41. if [[ $(whoami) != "root" ]]; then
  42. _debug "Running as non-root user. Certificate backup not supported."
  43. exit 0
  44. fi
  45. _debug "Setting up temporary directory for backing up current certificate in '${XCP_NG_BACKUP_DIR}'"
  46. if [[ $(mkdir -m 600 "${XCP_NG_BACKUP_DIR}") -ne 0 ]]; then
  47. _err "Could not create temporary directory to backup the current key."
  48. return 1
  49. fi
  50. _debug "Moving current certificate to backup directory."
  51. if [[ $(mv ${XAPI_SSL_PATH} "${XCP_NG_BACKUP_DIR}") -ne 0 ]]; then
  52. _err "Could not move current certificate to backup directory."
  53. return 1
  54. fi
  55. return 0
  56. }
  58. # _xcp-ng_backup_restore restores the backup made by _xcp-ng_backup_certificate.
  59. # It is called when something went wrong deploying the certificate.
  60. _xcp-ng_backup_restore() {
  61. if [[ $(mv "${XCP_NG_BACKUP_DIR}/xapi-ssl.pem" "${XAPI_SSL_PATH}") -eq 0 ]]; then
  62. _info "Certificate restoration successful."
  63. return 0
  64. else
  65. _err "Certificate restoration from '${XCP-NG_BACKUP_DIR}' not possible."
  66. return 1
  67. fi
  68. }
  70. # _xcp-ng_backup_delete deletes the backup folder.
  71. _xcp-ng_backup_delete() {
  72. if [[ $(rm -rf "${XCP_NG_BACKUP_DIR}") -eq 0 ]]; then
  73. _debug "Certificate backup deleted."
  74. else
  75. _err "Could not delete Backup in '${XCP_NG_BACKUP_DIR}'. Please remove it manually."
  76. fi
  77. }
  79. # _xcp-ng_xapi_restart restarts the XAPI service the certificate was deployed to.
  80. # This is only neeeded when the old certificate had to be restored.
  81. _xcp-ng_xapi_restart() {
  82. if [[ $(systemctl restart xapi) -ne 0 ]]; then
  83. _err "XAPI did not restart properly after deployment. Restoring old certificate for now."
  84. if [[ $(_xcp-ng_backup_restore) -ne 0 ]]; then
  85. _err "Could not restore the old certificate!!!"
  86. fi
  87. if [[ $(systemctl restart xapi) -ne 0 ]]; then
  88. _err "XAPI did not start after restoring the old certifiate!!!"
  89. fi
  90. return 1
  91. else
  92. _debug "XAPI was restarted successfully."
  93. return 0
  94. fi
  95. }