You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

132 lines
4.7 KiB

2 years ago
  1. #!/usr/bin/env sh
  2. # Deploy certificates to a proxmox virtual environment node using the API.
  3. #
  4. # Environment variables that can be set are:
  5. # `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to
  6. # _cdomain.
  7. # `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.
  8. # Defaults to 8006.
  9. # `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.
  10. # Defaults to the host portion of the server
  11. # domain name.
  12. # `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.
  13. # `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates
  14. # with. Defaults to pam.
  15. # `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the
  16. # user account. Defaults to acme.
  17. # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.
  18. proxmoxve_deploy() {
  19. _cdomain="$1"
  20. _ckey="$2"
  21. _ccert="$3"
  22. _cca="$4"
  23. _cfullchain="$5"
  24. _debug _cdomain "$_cdomain"
  25. _debug2 _ckey "$_ckey"
  26. _debug _ccert "$_ccert"
  27. _debug _cca "$_cca"
  28. _debug _cfullchain "$_cfullchain"
  29. # "Sane" defaults.
  30. _getdeployconf DEPLOY_PROXMOXVE_SERVER
  31. if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then
  32. _target_hostname="$_cdomain"
  33. else
  34. _target_hostname="$DEPLOY_PROXMOXVE_SERVER"
  35. _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER"
  36. fi
  37. _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"
  38. _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT
  39. if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then
  40. _target_port="8006"
  41. else
  42. _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT"
  43. _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT"
  44. fi
  45. _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"
  46. _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME
  47. if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then
  48. _node_name=$(echo "$_target_hostname" | cut -d. -f1)
  49. else
  50. _node_name="$DEPLOY_PROXMOXVE_NODE_NAME"
  51. _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME"
  52. fi
  53. _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"
  54. # Complete URL.
  55. _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom"
  56. _debug TARGET_URL "$_target_url"
  57. # More "sane" defaults.
  58. _getdeployconf DEPLOY_PROXMOXVE_USER
  59. if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then
  60. _proxmoxve_user="root"
  61. else
  62. _proxmoxve_user="$DEPLOY_PROXMOXVE_USER"
  63. _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER"
  64. fi
  65. _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user"
  66. _getdeployconf DEPLOY_PROXMOXVE_USER_REALM
  67. if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then
  68. _proxmoxve_user_realm="pam"
  69. else
  70. _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM"
  71. _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM"
  72. fi
  73. _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"
  74. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME
  75. if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then
  76. _proxmoxve_api_token_name="acme"
  77. else
  78. _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
  79. _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
  80. fi
  81. _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"
  82. # This is required.
  83. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY
  84. if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then
  85. _err "API key not provided."
  86. return 1
  87. else
  88. _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
  89. _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
  90. fi
  91. _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
  92. # PVE API Token header value. Used in "Authorization: PVEAPIToken".
  93. _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
  94. _debug2 "Auth Header" _proxmoxve_header_api_token
  95. # Ugly. I hate putting heredocs inside functions because heredocs don't
  96. # account for whitespace correctly but it _does_ work and is several times
  97. # cleaner than anything else I had here.
  98. #
  99. # This dumps the json payload to a variable that should be passable to the
  100. # _psot function.
  101. _json_payload=$(
  102. cat <<HEREDOC
  103. {
  104. "certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')",
  105. "key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')",
  106. "node":"$_node_name",
  107. "restart":"1",
  108. "force":"1"
  109. }
  110. HEREDOC
  111. )
  112. _debug2 Payload "$_json_payload"
  113. # Push certificates to server.
  114. export _HTTPS_INSECURE=1
  115. export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
  116. _post "$_json_payload" "$_target_url" "" POST "application/json"
  117. }