98 lines
3.1 KiB

  1. #!/usr/bin/env sh
  2. # Here is a script to deploy cert to hashicorp consul using curl
  3. # (https://www.consul.io/)
  4. #
  5. # it requires following environment variables:
  6. #
  7. # CONSUL_PREFIX - this contains the prefix path in consul
  8. # CONSUL_HTTP_ADDR - consul requires this to find your consul server
  9. #
  10. # additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
  11. # to access the consul server
  12. #returns 0 means success, otherwise error.
  13. ######## Public functions #####################
  14. #domain keyfile certfile cafile fullchain
  15. consul_deploy() {
  16. _cdomain="$1"
  17. _ckey="$2"
  18. _ccert="$3"
  19. _cca="$4"
  20. _cfullchain="$5"
  21. _debug _cdomain "$_cdomain"
  22. _debug _ckey "$_ckey"
  23. _debug _ccert "$_ccert"
  24. _debug _cca "$_cca"
  25. _debug _cfullchain "$_cfullchain"
  26. # validate required env vars
  27. _getdeployconf CONSUL_PREFIX
  28. if [ -z "$CONSUL_PREFIX" ]; then
  29. _err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
  30. return 1
  31. fi
  32. _savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX"
  33. _getdeployconf CONSUL_HTTP_ADDR
  34. if [ -z "$CONSUL_HTTP_ADDR" ]; then
  35. _err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
  36. return 1
  37. fi
  38. _savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR"
  39. CONSUL_CMD=$(command -v consul)
  40. # force CLI, but the binary does not exist => error
  41. if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
  42. _err "Cannot find the consul binary!"
  43. return 1
  44. fi
  45. # use the CLI first
  46. if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then
  47. _info "Found consul binary, deploying with CLI"
  48. consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX"
  49. else
  50. _info "Did not find consul binary, deploying with API"
  51. consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
  52. fi
  53. }
  54. consul_deploy_api() {
  55. CONSUL_HTTP_ADDR="$1"
  56. CONSUL_PREFIX="$2"
  57. CONSUL_HTTP_TOKEN="$3"
  58. URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
  59. export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN"
  60. if [ -n "$FABIO" ]; then
  61. _post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1
  62. _post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1
  63. else
  64. _post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1
  65. _post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1
  66. _post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1
  67. _post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1
  68. fi
  69. }
  70. consul_deploy_cli() {
  71. CONSUL_CMD="$1"
  72. CONSUL_PREFIX="$2"
  73. if [ -n "$FABIO" ]; then
  74. $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1
  75. $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1
  76. else
  77. $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
  78. $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
  79. $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
  80. $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
  81. fi
  82. }