You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

131 lines
4.5 KiB

  1. #!/usr/bin/env bash
  2. # Deploy certificates to a proxmox virtual environment node using the API.
  3. #
  4. # Environment variables that can be set are:
  5. # `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to
  6. # _cdomain.
  7. # `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.
  8. # Defaults to 8006.
  9. # `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.
  10. # Defaults to the host portion of the server
  11. # domain name.
  12. # `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.
  13. # `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates
  14. # with. Defaults to pam.
  15. # `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the
  16. # user account. Defaults to acme.
  17. # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.
  18. proxmoxve_deploy(){
  19. _cdomain="$1"
  20. _ckey="$2"
  21. _ccert="$3"
  22. _cca="$4"
  23. _cfullchain="$5"
  24. _debug _cdomain "$_cdomain"
  25. _debug _ckey "$_ckey"
  26. _debug _ccert "$_ccert"
  27. _debug _cca "$_cca"
  28. _debug _cfullchain "$_cfullchain"
  29. # "Sane" defaults.
  30. _getdeployconf DEPLOY_PROXMOXVE_SERVER
  31. if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then
  32. _target_hostname="$DEPLOY_PROXMOXVE_SERVER"
  33. else
  34. _target_hostname="$_cdomain"
  35. fi
  36. _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"
  37. _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT
  38. if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then
  39. _target_port="8006"
  40. else
  41. _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT"
  42. fi
  43. _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"
  44. _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME
  45. if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then
  46. _node_name=$(echo "$_target_hostname"|cut -d. -f1)
  47. else
  48. _node_name="$DEPLOY_PROXMOXVE_NODE_NAME"
  49. fi
  50. _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"
  51. # Complete URL.
  52. _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom"
  53. _debug TARGET_URL "$_target_url"
  54. # More "sane" defaults.
  55. _getdeployconf DEPLOY_PROXMOXVE_USER
  56. if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then
  57. _proxmoxve_user="root"
  58. else
  59. _proxmoxve_user="$DEPLOY_PROXMOXVE_USER"
  60. fi
  61. _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user"
  62. _getdeployconf DEPLOY_PROXMOXVE_USER_REALM
  63. if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then
  64. _proxmoxve_user_realm="pam"
  65. else
  66. _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM"
  67. fi
  68. _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"
  69. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME
  70. if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then
  71. _proxmoxve_api_token_name="acme"
  72. else
  73. _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
  74. fi
  75. _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"
  76. # This is required.
  77. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY
  78. if [ -z "$_proxmoxve_api_token_key" ];then
  79. _err "API key not provided."
  80. return 1
  81. else
  82. _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
  83. fi
  84. _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
  85. # PVE API Token header value. Used in "Authorization: PVEAPIToken".
  86. _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
  87. _debug2 "Auth Header" _proxmoxve_header_api_token
  88. # Generate the data file curl will pass as the data.
  89. _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain"
  90. _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json"
  91. # We delete this directory at the end of the script to avoid any conflicts.
  92. if [ ! -d "$_proxmoxve_temp_data" ];then
  93. mkdir -p "$_proxmoxve_temp_data"
  94. # Set to 700 since this file will contain the private key contents.
  95. chmod 700 "$_proxmoxve_temp_data"
  96. fi
  97. # Ugly. I hate putting heredocs inside functions because heredocs don't
  98. # account for whitespace correctly but it _does_ work and is several times
  99. # cleaner than anything else I had here.
  100. #
  101. # This dumps the json payload to a variable that should be passable to the
  102. # _psot function.
  103. _json_payload=$(cat << HEREDOC
  104. {
  105. "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')",
  106. "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')",
  107. "node":"$_node_name",
  108. "restart":"1",
  109. "force":"1"
  110. }
  111. HEREDOC
  112. )
  113. # Push certificates to server.
  114. export _HTTPS_INSECURE=1
  115. export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
  116. _post "$_json_payload" "$_target_url"
  117. }