|
|
|
@ -11,30 +11,27 @@ |
|
|
|
|
|
|
|
#domain keyfile certfile cafile fullchain |
|
|
|
kemplm_deploy() { |
|
|
|
_cdomain="$1" |
|
|
|
_ckey="$2" |
|
|
|
_ccert="$3" |
|
|
|
_cca="$4" |
|
|
|
_cfullchain="$5" |
|
|
|
|
|
|
|
_debug _cdomain "$_cdomain" |
|
|
|
_debug _ckey "$_ckey" |
|
|
|
_debug _ccert "$_ccert" |
|
|
|
_debug _cca "$_cca" |
|
|
|
_debug _cfullchain "$_cfullchain" |
|
|
|
_domain="$1" |
|
|
|
_key_file="$2" |
|
|
|
_cert_file="$3" |
|
|
|
_ca_file="$4" |
|
|
|
_fullchain_file="$5" |
|
|
|
|
|
|
|
_debug _domain "$_domain" |
|
|
|
_debug _key_file "$_key_file" |
|
|
|
_debug _cert_file "$_cert_file" |
|
|
|
_debug _ca_file "$_ca_file" |
|
|
|
_debug _fullchain_file "$_fullchain_file" |
|
|
|
|
|
|
|
if ! _exists jq; then |
|
|
|
_err "jq not found" |
|
|
|
return 1 |
|
|
|
fi |
|
|
|
|
|
|
|
# Rename wildcard certs, kemp accepts only alphanumeric names |
|
|
|
_kemp_domain=$(echo "${_cdomain}" | sed 's/\*/wildcard/') |
|
|
|
# Rename wildcard certs, kemp accepts only alphanumeric names so we delete '*.' from filename |
|
|
|
_kemp_domain=$(echo "${_domain}" | sed 's/\*\.//') |
|
|
|
_debug _kemp_domain "$_kemp_domain" |
|
|
|
|
|
|
|
# Clear traces of incorrectly stored values |
|
|
|
_clearaccountconf DEPLOY_KEMP_TOKEN |
|
|
|
_clearaccountconf DEPLOY_KEMP_URL |
|
|
|
|
|
|
|
# Read config from saved values or env |
|
|
|
_getdeployconf DEPLOY_KEMP_TOKEN |
|
|
|
_getdeployconf DEPLOY_KEMP_URL |
|
|
|
@ -47,7 +44,7 @@ kemplm_deploy() { |
|
|
|
return 1 |
|
|
|
fi |
|
|
|
if [ -z "$DEPLOY_KEMP_URL" ]; then |
|
|
|
_err "Kemp Loadmaster url is not found, please define DEPLOY_KEMP_URL." |
|
|
|
_err "Kemp Loadmaster URL is not found, please define DEPLOY_KEMP_URL." |
|
|
|
return 1 |
|
|
|
fi |
|
|
|
|
|
|
|
@ -55,14 +52,11 @@ kemplm_deploy() { |
|
|
|
_savedeployconf DEPLOY_KEMP_TOKEN "$DEPLOY_KEMP_TOKEN" |
|
|
|
_savedeployconf DEPLOY_KEMP_URL "$DEPLOY_KEMP_URL" |
|
|
|
|
|
|
|
# Do not check for a valid SSL certificate |
|
|
|
export HTTPS_INSECURE=1 |
|
|
|
|
|
|
|
# Check if certificate is already installed |
|
|
|
_info "Check if certificate is already present" |
|
|
|
_post_request="{\"cmd\": \"listcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\"}" |
|
|
|
_debug3 _post_request "${_post_request}" |
|
|
|
_kemp_cert_count=$(_post "${_post_request}" "${DEPLOY_KEMP_URL}/accessv2" | jq -r '.cert[] | .name' | grep -c "${_kemp_domain}") |
|
|
|
_list_request="{\"cmd\": \"listcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\"}" |
|
|
|
_debug3 _list_request "${_list_request}" |
|
|
|
_kemp_cert_count=$(HTTPS_INSECURE=1 _post "${_list_request}" "${DEPLOY_KEMP_URL}/accessv2" | jq -r '.cert[] | .name' | grep -c "${_kemp_domain}") |
|
|
|
_debug2 _kemp_cert_count "${_kemp_cert_count}" |
|
|
|
|
|
|
|
_kemp_replace_cert=1 |
|
|
|
@ -76,13 +70,13 @@ kemplm_deploy() { |
|
|
|
|
|
|
|
# Upload new certificate to Kemp Loadmaster |
|
|
|
_kemp_upload_cert=$(_mktemp) |
|
|
|
cat "${_cfullchain}" "${_ckey}" | base64 -w 0 >"${_kemp_upload_cert}" |
|
|
|
cat "${_fullchain_file}" "${_key_file}" | base64 | tr -d '\n' >"${_kemp_upload_cert}" |
|
|
|
|
|
|
|
_info "Uploading certificate to Kemp Loadmaster" |
|
|
|
_post_data=$(cat "${_kemp_upload_cert}") |
|
|
|
_post_request="{\"cmd\": \"addcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\", \"replace\": ${_kemp_replace_cert}, \"cert\": \"${_kemp_domain}\", \"data\": \"${_post_data}\"}" |
|
|
|
_debug3 _post_request "${_post_request}" |
|
|
|
_kemp_post_result=$(_post "${_post_request}" "${DEPLOY_KEMP_URL}/accessv2") |
|
|
|
_add_data=$(cat "${_kemp_upload_cert}") |
|
|
|
_add_request="{\"cmd\": \"addcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\", \"replace\": ${_kemp_replace_cert}, \"cert\": \"${_kemp_domain}\", \"data\": \"${_add_data}\"}" |
|
|
|
_debug3 _add_request "${_add_request}" |
|
|
|
_kemp_post_result=$(HTTPS_INSECURE=1 _post "${_add_request}" "${DEPLOY_KEMP_URL}/accessv2") |
|
|
|
_retval=$? |
|
|
|
_debug2 _kemp_post_result "${_kemp_post_result}" |
|
|
|
if [ "${_retval}" -eq 0 ]; then |
|
|
|
|
emueller
4 weeks ago