Mirror
/
acme.sh
mirror of https://github.com/acmesh-official/acme.sh.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Add Rancher server cert deploy hook

pull/1348/head
Ciprian Ciubotariu 7 years ago
parent
432037d20d
commit
ab1752e269
1 changed files with 109 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 109
      deploy/rancher.sh

109
deploy/rancher.sh
View File

@ -0,0 +1,109 @@
#!/usr/bin/env sh
# Deploy certificates to rancher environmentsx
# here are the defaults, overridable via env vars
#
#export RANCHER_CONFIG=${HOME}/.rancher/cli.json
#export RANCHER_ENV=
# usage:
# - download rancher-cli from your rancher server and use it to create cli.json
# the format of the file is quite simple, so you can just create your own
# ! also run chmod 600 ~/.rancher/cli.json, since rancher-cli doesn't
# - for multiple servers override RANCHER_CONFIG
# - for multiple environments on a server set RANCHER_ENV appropriately
# otherwise the one selected within cli.json is used
# example
# acme.sh --deploy -d my.website.com --deploy-hook rancher --debug
# RANCHER_ENV=1a6 acme.sh --deploy -d my.website.com --deploy-hook rancher --debug
######## Public functions #####################
#domain keyfile certfile cafile fullchain
rancher_deploy() {
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
_debug _cdomain "$_cdomain"
_debug _ckey "$_ckey"
_debug _ccert "$_ccert"
_debug _cca "$_cca"
_debug _cfullchain "$_cfullchain"
if ! _exists jq; then
_err "The command jq is not found."
return 1
fi
_defaultRancherConfig=${HOME}/.rancher/cli.json
_rancherConfig=${RANCHER_CONFIG:-${_defaultRancherConfig}}
_info "Using rancher configuration $_rancherConfig"
if [ ! -r "${_rancherConfig}" ] ; then
_err "cannot read rancher configuration"
return 1
fi
eval $(jq --monochrome-output < "${_rancherConfig}" \
'@sh "_rancherUrl=\(.url)","_accessKey=\(.accessKey)","_secretKey=\(.secretKey)","_envId=\(.environment)"' | xargs)
_debug _rancherUrl "$_rancherUrl"
_debug _accessKey "$_accessKey"
_secure_debug _secretKey "$_secretKey"
_debug _envId "$_envId"
if [ -n "${RANCHER_ENV}" ] ; then
_envId="${RANCHER_ENV}"
fi
# when set by rancher-cli rancerUrl has an unwanted trailing "/schemas"
_rancherUrl=${_rancherUrl%/schemas}
_info "Deploying certificate $_cdomain into rancher environment $_envId at $_rancherUrl"
_do_rancher_deploy_cert
_success=$?
if (( ! $_success )) ; then
_info "Certificate successfully deployed"
return 0
else
_err "Deployment failed: $_curlResult"
return 1
fi
}
function _do_rancher_deploy_cert () {
_cert=$(<"$_ccert")
_chain=$(<"$_cca")
_privkey=$(<"$_ckey")
_curlUrl="$_rancherUrl/projects/$_envId/certificates"
_curlMethod="POST"
_curlAuth="$_accessKey:$_secretKey"
_certJson=$(jq --null-input --compact-output \
--arg cert "$_cert" \
--arg chain "$_chain" \
--arg privkey "$_privkey" \
--arg name "$_cdomain" \
'{type:"certificate",cert:$cert,certChain:$chain,key:$privkey,name:$name}')
_debug _curlUrl "$_curlUrl"
_debug _curlMethod "$_curlMethod"
_secure_debug _curlAuth "$_curlAuth"
_secure_debug _certJson "$_certJson"
_curlResult=$(curl -s \
-u "${_curlAuth}" \
-X "${_curlMethod}" \
-H 'Content-Type: application/json' \
-H 'Accept: application/json' \
-d "${_certJson}" \
"${_curlUrl}" |
jq -r 'if (.type == "error") then "error: status="+(.status|tostring)+", code="+(.code|tostring)+", detail="+(.detail|tostring) else "success" end')
_debug _curlResult "$_curlResult"
[ "$_curlResult" == "success" ] && return 0 || return 1
}
Write Preview
Loading…
Cancel
Save