Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1944 Commits
9 Branches
44 Tags
15 MiB
Tree: ab1752e269
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ab1752e269'
${ noResults }
acme.sh/deploy/rancher.sh

109 lines
3.5 KiB
Raw Normal View History

Add Rancher server cert deploy hook
7 years ago
  1. #!/usr/bin/env sh
  3. # Deploy certificates to rancher environmentsx
  5. # here are the defaults, overridable via env vars
  6. #
  7. #export RANCHER_CONFIG=${HOME}/.rancher/cli.json
  8. #export RANCHER_ENV=
  10. # usage:
  11. # - download rancher-cli from your rancher server and use it to create cli.json
  12. # the format of the file is quite simple, so you can just create your own
  13. # ! also run chmod 600 ~/.rancher/cli.json, since rancher-cli doesn't
  14. # - for multiple servers override RANCHER_CONFIG
  15. # - for multiple environments on a server set RANCHER_ENV appropriately
  16. # otherwise the one selected within cli.json is used
  18. # example
  19. # acme.sh --deploy -d my.website.com --deploy-hook rancher --debug
  20. # RANCHER_ENV=1a6 acme.sh --deploy -d my.website.com --deploy-hook rancher --debug
  22. ######## Public functions #####################
  24. #domain keyfile certfile cafile fullchain
  25. rancher_deploy() {
  26. _cdomain="$1"
  27. _ckey="$2"
  28. _ccert="$3"
  29. _cca="$4"
  30. _cfullchain="$5"
  32. _debug _cdomain "$_cdomain"
  33. _debug _ckey "$_ckey"
  34. _debug _ccert "$_ccert"
  35. _debug _cca "$_cca"
  36. _debug _cfullchain "$_cfullchain"
  38. if ! _exists jq; then
  39. _err "The command jq is not found."
  40. return 1
  41. fi
  44. _defaultRancherConfig=${HOME}/.rancher/cli.json
  45. _rancherConfig=${RANCHER_CONFIG:-${_defaultRancherConfig}}
  46. _info "Using rancher configuration $_rancherConfig"
  47. if [ ! -r "${_rancherConfig}" ] ; then
  48. _err "cannot read rancher configuration"
  49. return 1
  50. fi
  51. eval $(jq --monochrome-output < "${_rancherConfig}" \
  52. '@sh "_rancherUrl=\(.url)","_accessKey=\(.accessKey)","_secretKey=\(.secretKey)","_envId=\(.environment)"' | xargs)
  53. _debug _rancherUrl "$_rancherUrl"
  54. _debug _accessKey "$_accessKey"
  55. _secure_debug _secretKey "$_secretKey"
  56. _debug _envId "$_envId"
  58. if [ -n "${RANCHER_ENV}" ] ; then
  59. _envId="${RANCHER_ENV}"
  60. fi
  62. # when set by rancher-cli rancerUrl has an unwanted trailing "/schemas"
  63. _rancherUrl=${_rancherUrl%/schemas}
  65. _info "Deploying certificate $_cdomain into rancher environment $_envId at $_rancherUrl"
  66. _do_rancher_deploy_cert
  67. _success=$?
  68. if (( ! $_success )) ; then
  69. _info "Certificate successfully deployed"
  70. return 0
  71. else
  72. _err "Deployment failed: $_curlResult"
  73. return 1
  74. fi
  76. }
  78. function _do_rancher_deploy_cert () {
  79. _cert=$(<"$_ccert")
  80. _chain=$(<"$_cca")
  81. _privkey=$(<"$_ckey")
  83. _curlUrl="$_rancherUrl/projects/$_envId/certificates"
  84. _curlMethod="POST"
  85. _curlAuth="$_accessKey:$_secretKey"
  86. _certJson=$(jq --null-input --compact-output \
  87. --arg cert "$_cert" \
  88. --arg chain "$_chain" \
  89. --arg privkey "$_privkey" \
  90. --arg name "$_cdomain" \
  91. '{type:"certificate",cert:$cert,certChain:$chain,key:$privkey,name:$name}')
  93. _debug _curlUrl "$_curlUrl"
  94. _debug _curlMethod "$_curlMethod"
  95. _secure_debug _curlAuth "$_curlAuth"
  96. _secure_debug _certJson "$_certJson"
  98. _curlResult=$(curl -s \
  99. -u "${_curlAuth}" \
  100. -X "${_curlMethod}" \
  101. -H 'Content-Type: application/json' \
  102. -H 'Accept: application/json' \
  103. -d "${_certJson}" \
  104. "${_curlUrl}" |
  105. jq -r 'if (.type == "error") then "error: status="+(.status|tostring)+", code="+(.code|tostring)+", detail="+(.detail|tostring) else "success" end')
  106. _debug _curlResult "$_curlResult"
  108. [ "$_curlResult" == "success" ] && return 0 || return 1
  109. }