You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
|
|
#!/usr/bin/env sh
# Deploy certificates to a proxmox virtual environment node using the API.## Environment variables that can be set are:# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to# _cdomain.# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.# Defaults to 8006.# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.# Defaults to the host portion of the server# domain name.# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates# with. Defaults to pam.# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the# user account. Defaults to acme.# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.
proxmoxve_deploy(){ _cdomain="$1" _ckey="$2" _ccert="$3" _cca="$4" _cfullchain="$5"
_debug _cdomain "$_cdomain" _debug2 _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain"
# "Sane" defaults. _getdeployconf DEPLOY_PROXMOXVE_SERVER if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then _target_hostname="$_cdomain" else _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"
_getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then _target_port="8006" else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"
_getdeployconf DEPLOY_PROXMOXVE_NODE_NAME if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then _node_name=$(echo "$_target_hostname"|cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" fi _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"
# Complete URL. _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" _debug TARGET_URL "$_target_url"
# More "sane" defaults. _getdeployconf DEPLOY_PROXMOXVE_USER if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then _proxmoxve_user="root" else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user"
_getdeployconf DEPLOY_PROXMOXVE_USER_REALM if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"
_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then _proxmoxve_api_token_name="acme" else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"
# This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then _err "API key not provided." return 1 else _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
# PVE API Token header value. Used in "Authorization: PVEAPIToken". _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" _debug2 "Auth Header" _proxmoxve_header_api_token
# Ugly. I hate putting heredocs inside functions because heredocs don't # account for whitespace correctly but it _does_ work and is several times # cleaner than anything else I had here. # # This dumps the json payload to a variable that should be passable to the # _psot function. _json_payload=$(cat << HEREDOC{ "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1"}HEREDOC) _debug2 Payload "$_json_payload" # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" _post "$_json_payload" "$_target_url" "" POST "application/json"
}
|
