Browse Source

Fix ShellCheck errors

pull/3650/head
melkypie 3 years ago
parent
commit
61560476ee
  1. 39
      deploy/f5_bigip.sh

39
deploy/f5_bigip.sh

@ -81,31 +81,32 @@ f5_bigip_tmsh() {
_next_chain="${_domain}-chain-${_now}" _next_chain="${_domain}-chain-${_now}"
if [ "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_DISABLE}" = "no" ]; then if [ "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_DISABLE}" = "no" ]; then
_current_cert=$(tmsh list ltm profile client-ssl ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} cert 2>/dev/null | grep cert | awk '{print $2}')
_current_key=$(tmsh list ltm profile client-ssl ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} key 2>/dev/null | grep key | awk '{print $2}')
_current_chain=$(tmsh list ltm profile client-ssl ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} chain 2>/dev/null | grep chain | awk '{print $2}')
_current_cert=$(tmsh list ltm profile client-ssl "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE}" cert 2>/dev/null | grep cert | awk '{print $2}')
_current_key=$(tmsh list ltm profile client-ssl "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE}" key 2>/dev/null | grep key | awk '{print $2}')
_current_chain=$(tmsh list ltm profile client-ssl "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE}" chain 2>/dev/null | grep chain | awk '{print $2}')
fi fi
_info "Installing new cert/key/chain into store" _info "Installing new cert/key/chain into store"
${TMSH_CMD} install sys crypto cert ${_next_cert} from-local-file "${_ccert}"
${TMSH_CMD} install sys crypto key ${_next_key} from-local-file "${_ckey}"
${TMSH_CMD} install sys crypto cert ${_next_chain} from-local-file "${_cfullchain}"
${TMSH_CMD} install sys crypto cert "${_next_cert}" from-local-file "${_ccert}"
${TMSH_CMD} install sys crypto key "${_next_key}" from-local-file "${_ckey}"
${TMSH_CMD} install sys crypto cert "${_next_chain}" from-local-file "${_cfullchain}"
if [ "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_DISABLE}" = "no" ]; then if [ "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_DISABLE}" = "no" ]; then
_info "Cleaning up old cert/key/chain from the store" _info "Cleaning up old cert/key/chain from the store"
f5_bigip_cleanup "cert" "cert" ${_current_cert}
f5_bigip_cleanup "key" "key" ${_current_key}
f5_bigip_cleanup "cert" "chain" ${_current_chain}
f5_bigip_cleanup "cert" "cert" "${_current_cert}"
f5_bigip_cleanup "key" "key" "${_current_key}"
f5_bigip_cleanup "cert" "chain" "${_current_chain}"
if [ -z "$(${TMSH_CMD} list ltm profile client-ssl ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} 2>/dev/null)" ]; then
if [ -z "$(${TMSH_CMD} list ltm profile client-ssl "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE}" 2>/dev/null)" ]; then
_info "Creating new ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} ClientSSL profile" _info "Creating new ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} ClientSSL profile"
${TMSH_CMD} create ltm profile client-ssl ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} \
cert-key-chain add { ACME { cert ${_next_cert} key ${_next_key} chain ${_next_chain} } } \
# shellcheck disable=SC2029 - this has to be disabled because of ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_SETTINGS}, otherwise it will throw an unknown property error
${TMSH_CMD} create ltm profile client-ssl "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE}" \
cert-key-chain add "{" ACME "{" cert "${_next_cert}" key "${_next_key}" chain "${_next_chain}" "}" "}" \
${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_SETTINGS} ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE_SETTINGS}
else else
_info "Updating ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} ClientSSL profile with new cert/key/chain" _info "Updating ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} ClientSSL profile with new cert/key/chain"
${TMSH_CMD} modify ltm profile client-ssl ${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE} \
cert-key-chain replace-all-with { ACME { cert ${_next_cert} key ${_next_key} chain ${_next_chain} } }
${TMSH_CMD} modify ltm profile client-ssl "${DEPLOY_F5_BIGIP_CLIENT_SSL_PROFILE}" \
cert-key-chain replace-all-with "{" ACME "{" cert "${_next_cert}" key "${_next_key}" chain "${_next_chain}" "}" "}"
fi fi
fi fi
${TMSH_CMD} save sys config ${TMSH_CMD} save sys config
@ -119,18 +120,18 @@ f5_bigip_cleanup() {
if [ -n "$_current" ]; then if [ -n "$_current" ]; then
if [ "$DEPLOY_F5_BIGIP_BACKUP" = "yes" ]; then if [ "$DEPLOY_F5_BIGIP_BACKUP" = "yes" ]; then
# Backup enabled leave 1 previous type as backup and delete everything older than it # Backup enabled leave 1 previous type as backup and delete everything older than it
_old_date_list=$(${TMSH_CMD} list sys crypto ${_cert_mgmt_type} | grep ${_domain}-${_cert_type} | awk '{print $4}' | awk -F'-' '{print $(NF-2) "-" $(NF-1) "-" $NF}' | sort -r | tail -n +3)
_old_date_list=$(${TMSH_CMD} list sys crypto "${_cert_mgmt_type}" | grep "${_domain}"-"${_cert_type}" | awk '{print $4}' | awk -F'-' '{print $(NF-2) "-" $(NF-1) "-" $NF}' | sort -r | tail -n +3)
if [ -n "${_old_date_list}" ]; then if [ -n "${_old_date_list}" ]; then
while IFS= read -r _old_date; do
echo "${_old_date_list}" | while IFS= read -r _old_date; do
_old_name="${_domain}-${_cert_type}-${_old_date}" _old_name="${_domain}-${_cert_type}-${_old_date}"
_debug "Deleting ${_cert_mgmt_type} ${_old_name}" _debug "Deleting ${_cert_mgmt_type} ${_old_name}"
${TMSH_CMD} delete sys crypto ${_cert_mgmt_type} ${_old_name}
done <<< "${_old_date_list}"
${TMSH_CMD} delete sys crypto "${_cert_mgmt_type}" "${_old_name}"
done
fi fi
else else
# Backup disabled, remove current type # Backup disabled, remove current type
_debug "Deleting ${_cert_mgmt_type} ${_current}" _debug "Deleting ${_cert_mgmt_type} ${_current}"
${TMSH_CMD} delete sys crypto ${_cert_mgmt_type} ${_current}
${TMSH_CMD} delete sys crypto "${_cert_mgmt_type}" "${_current}"
fi fi
fi fi
} }
Loading…
Cancel
Save