Browse Source
Merge pull request #6191 from HTDemony/master
Merge pull request #6191 from HTDemony/master
Create script for deploy certificate on Proxmox Backup Serverpull/6198/head
neil
2 weeks ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 120 additions and 0 deletions
@ -0,0 +1,120 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
# Deploy certificates to a proxmox backup server using the API. |
|||
# |
|||
# Environment variables that can be set are: |
|||
# `DEPLOY_PROXMOXBS_SERVER`: The hostname of the proxmox backup server. Defaults to |
|||
# _cdomain. |
|||
# `DEPLOY_PROXMOXBS_SERVER_PORT`: The port number the management interface is on. |
|||
# Defaults to 8007. |
|||
# `DEPLOY_PROXMOXBS_USER`: The user we'll connect as. Defaults to root. |
|||
# `DEPLOY_PROXMOXBS_USER_REALM`: The authentication realm the user authenticates |
|||
# with. Defaults to pam. |
|||
# `DEPLOY_PROXMOXBS_API_TOKEN_NAME`: The name of the API token created for the |
|||
# user account. Defaults to acme. |
|||
# `DEPLOY_PROXMOXBS_API_TOKEN_KEY`: The API token. Required. |
|||
|
|||
proxmoxbs_deploy() { |
|||
_cdomain="$1" |
|||
_ckey="$2" |
|||
_ccert="$3" |
|||
_cca="$4" |
|||
_cfullchain="$5" |
|||
|
|||
_debug _cdomain "$_cdomain" |
|||
_debug2 _ckey "$_ckey" |
|||
_debug _ccert "$_ccert" |
|||
_debug _cca "$_cca" |
|||
_debug _cfullchain "$_cfullchain" |
|||
|
|||
# "Sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXBS_SERVER |
|||
if [ -z "$DEPLOY_PROXMOXBS_SERVER" ]; then |
|||
_target_hostname="$_cdomain" |
|||
else |
|||
_target_hostname="$DEPLOY_PROXMOXBS_SERVER" |
|||
_savedeployconf DEPLOY_PROXMOXBS_SERVER "$DEPLOY_PROXMOXBS_SERVER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXBS_SERVER "$_target_hostname" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXBS_SERVER_PORT |
|||
if [ -z "$DEPLOY_PROXMOXBS_SERVER_PORT" ]; then |
|||
_target_port="8007" |
|||
else |
|||
_target_port="$DEPLOY_PROXMOXBS_SERVER_PORT" |
|||
_savedeployconf DEPLOY_PROXMOXBS_SERVER_PORT "$DEPLOY_PROXMOXBS_SERVER_PORT" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXBS_SERVER_PORT "$_target_port" |
|||
|
|||
# Complete URL. |
|||
_target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/localhost/certificates/custom" |
|||
_debug TARGET_URL "$_target_url" |
|||
|
|||
# More "sane" defaults. |
|||
_getdeployconf DEPLOY_PROXMOXBS_USER |
|||
if [ -z "$DEPLOY_PROXMOXBS_USER" ]; then |
|||
_proxmoxbs_user="root" |
|||
else |
|||
_proxmoxbs_user="$DEPLOY_PROXMOXBS_USER" |
|||
_savedeployconf DEPLOY_PROXMOXBS_USER "$DEPLOY_PROXMOXBS_USER" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXBS_USER "$_proxmoxbs_user" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXBS_USER_REALM |
|||
if [ -z "$DEPLOY_PROXMOXBS_USER_REALM" ]; then |
|||
_proxmoxbs_user_realm="pam" |
|||
else |
|||
_proxmoxbs_user_realm="$DEPLOY_PROXMOXBS_USER_REALM" |
|||
_savedeployconf DEPLOY_PROXMOXBS_USER_REALM "$DEPLOY_PROXMOXBS_USER_REALM" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXBS_USER_REALM "$_proxmoxbs_user_realm" |
|||
|
|||
_getdeployconf DEPLOY_PROXMOXBS_API_TOKEN_NAME |
|||
if [ -z "$DEPLOY_PROXMOXBS_API_TOKEN_NAME" ]; then |
|||
_proxmoxbs_api_token_name="acme" |
|||
else |
|||
_proxmoxbs_api_token_name="$DEPLOY_PROXMOXBS_API_TOKEN_NAME" |
|||
_savedeployconf DEPLOY_PROXMOXBS_API_TOKEN_NAME "$DEPLOY_PROXMOXBS_API_TOKEN_NAME" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXBS_API_TOKEN_NAME "$_proxmoxbs_api_token_name" |
|||
|
|||
# This is required. |
|||
_getdeployconf DEPLOY_PROXMOXBS_API_TOKEN_KEY |
|||
if [ -z "$DEPLOY_PROXMOXBS_API_TOKEN_KEY" ]; then |
|||
_err "API key not provided." |
|||
return 1 |
|||
else |
|||
_proxmoxbs_api_token_key="$DEPLOY_PROXMOXBS_API_TOKEN_KEY" |
|||
_savedeployconf DEPLOY_PROXMOXBS_API_TOKEN_KEY "$DEPLOY_PROXMOXBS_API_TOKEN_KEY" |
|||
fi |
|||
_debug2 DEPLOY_PROXMOXBS_API_TOKEN_KEY "$_proxmoxbs_api_token_key" |
|||
|
|||
# PBS API Token header value. Used in "Authorization: PBSAPIToken". |
|||
_proxmoxbs_header_api_token="${_proxmoxbs_user}@${_proxmoxbs_user_realm}!${_proxmoxbs_api_token_name}:${_proxmoxbs_api_token_key}" |
|||
_debug2 "Auth Header" "$_proxmoxbs_header_api_token" |
|||
|
|||
# Ugly. I hate putting heredocs inside functions because heredocs don't |
|||
# account for whitespace correctly but it _does_ work and is several times |
|||
# cleaner than anything else I had here. |
|||
# |
|||
# This dumps the json payload to a variable that should be passable to the |
|||
# _psot function. |
|||
_json_payload=$( |
|||
cat <<HEREDOC |
|||
{ |
|||
"certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')", |
|||
"key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')", |
|||
"node":"localhost", |
|||
"restart":true, |
|||
"force":true |
|||
} |
|||
HEREDOC |
|||
) |
|||
_debug2 Payload "$_json_payload" |
|||
|
|||
_info "Push certificates to server" |
|||
export HTTPS_INSECURE=1 |
|||
export _H1="Authorization: PBSAPIToken=${_proxmoxbs_header_api_token}" |
|||
_post "$_json_payload" "$_target_url" "" POST "application/json" |
|||
|
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue