Browse Source
Merge pull request #6352 from ecm75/kemploadmaster
Merge pull request #6352 from ecm75/kemploadmaster
Add deploy script for Kemp Loadmasterpull/6386/head
neil
5 months ago
committed by
GitHub
GitHub
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
1 changed files with 98 additions and 0 deletions
@ -0,0 +1,98 @@ |
|||
#!/usr/bin/env sh |
|||
|
|||
#Here is a script to deploy cert to a Kemp Loadmaster. |
|||
|
|||
#returns 0 means success, otherwise error. |
|||
|
|||
#DEPLOY_KEMP_TOKEN="token" |
|||
#DEPLOY_KEMP_URL="https://kemplm.example.com" |
|||
|
|||
######## Public functions ##################### |
|||
|
|||
#domain keyfile certfile cafile fullchain |
|||
kemplm_deploy() { |
|||
_domain="$1" |
|||
_key_file="$2" |
|||
_cert_file="$3" |
|||
_ca_file="$4" |
|||
_fullchain_file="$5" |
|||
|
|||
_debug _domain "$_domain" |
|||
_debug _key_file "$_key_file" |
|||
_debug _cert_file "$_cert_file" |
|||
_debug _ca_file "$_ca_file" |
|||
_debug _fullchain_file "$_fullchain_file" |
|||
|
|||
if ! _exists jq; then |
|||
_err "jq not found" |
|||
return 1 |
|||
fi |
|||
|
|||
# Rename wildcard certs, kemp accepts only alphanumeric names so we delete '*.' from filename |
|||
_kemp_domain=$(echo "${_domain}" | sed 's/\*\.//') |
|||
_debug _kemp_domain "$_kemp_domain" |
|||
|
|||
# Read config from saved values or env |
|||
_getdeployconf DEPLOY_KEMP_TOKEN |
|||
_getdeployconf DEPLOY_KEMP_URL |
|||
|
|||
_debug DEPLOY_KEMP_URL "$DEPLOY_KEMP_URL" |
|||
_secure_debug DEPLOY_KEMP_TOKEN "$DEPLOY_KEMP_TOKEN" |
|||
|
|||
if [ -z "$DEPLOY_KEMP_TOKEN" ]; then |
|||
_err "Kemp Loadmaster token is not found, please define DEPLOY_KEMP_TOKEN." |
|||
return 1 |
|||
fi |
|||
if [ -z "$DEPLOY_KEMP_URL" ]; then |
|||
_err "Kemp Loadmaster URL is not found, please define DEPLOY_KEMP_URL." |
|||
return 1 |
|||
fi |
|||
|
|||
# Save current values |
|||
_savedeployconf DEPLOY_KEMP_TOKEN "$DEPLOY_KEMP_TOKEN" |
|||
_savedeployconf DEPLOY_KEMP_URL "$DEPLOY_KEMP_URL" |
|||
|
|||
# Check if certificate is already installed |
|||
_info "Check if certificate is already present" |
|||
_list_request="{\"cmd\": \"listcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\"}" |
|||
_debug3 _list_request "${_list_request}" |
|||
_kemp_cert_count=$(HTTPS_INSECURE=1 _post "${_list_request}" "${DEPLOY_KEMP_URL}/accessv2" | jq -r '.cert[] | .name' | grep -c "${_kemp_domain}") |
|||
_debug2 _kemp_cert_count "${_kemp_cert_count}" |
|||
|
|||
_kemp_replace_cert=1 |
|||
if [ "${_kemp_cert_count}" -eq 0 ]; then |
|||
_kemp_replace_cert=0 |
|||
_info "Certificate does not exist on Kemp Loadmaster" |
|||
else |
|||
_info "Certificate already exists on Kemp Loadmaster" |
|||
fi |
|||
_debug _kemp_replace_cert "${_kemp_replace_cert}" |
|||
|
|||
# Upload new certificate to Kemp Loadmaster |
|||
_kemp_upload_cert=$(_mktemp) |
|||
cat "${_fullchain_file}" "${_key_file}" | base64 | tr -d '\n' >"${_kemp_upload_cert}" |
|||
|
|||
_info "Uploading certificate to Kemp Loadmaster" |
|||
_add_data=$(cat "${_kemp_upload_cert}") |
|||
_add_request="{\"cmd\": \"addcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\", \"replace\": ${_kemp_replace_cert}, \"cert\": \"${_kemp_domain}\", \"data\": \"${_add_data}\"}" |
|||
_debug3 _add_request "${_add_request}" |
|||
_kemp_post_result=$(HTTPS_INSECURE=1 _post "${_add_request}" "${DEPLOY_KEMP_URL}/accessv2") |
|||
_retval=$? |
|||
_debug2 _kemp_post_result "${_kemp_post_result}" |
|||
if [ "${_retval}" -eq 0 ]; then |
|||
_kemp_post_status=$(echo "${_kemp_post_result}" | jq -r '.status') |
|||
_kemp_post_message=$(echo "${_kemp_post_result}" | jq -r '.message') |
|||
if [ "${_kemp_post_status}" = "ok" ]; then |
|||
_info "Upload successful" |
|||
else |
|||
_err "Upload failed: ${_kemp_post_message}" |
|||
fi |
|||
else |
|||
_err "Upload failed" |
|||
_retval=1 |
|||
fi |
|||
|
|||
rm "${_kemp_upload_cert}" |
|||
|
|||
return $_retval |
|||
} |
|||
Write
Preview
Loading…
Cancel
Save
Reference in new issue