@ -27,34 +27,117 @@ _getconfigvar() {
esac
}
######## Public functions #####################
#domain keyfile certfile cafile fullchain
rancher_deploy( ) {
_cdomain = " $1 "
# Further $(sed 's/$/\\n/' "$1" | tr -d '\n')
# Made for iclude cert in var in one line with \n
_ckey = $( sed 's/$/\\n/' " $2 " | tr -d '\n' )
_ccert = $( sed 's/$/\\n/' " $3 " | tr -d '\n' )
_cca = $( sed 's/$/\\n/' " $4 " | tr -d '\n' )
_cfullchain = $( sed 's/$/\\n/' " $5 " | tr -d '\n' )
_debug _cdomain " $_cdomain "
_debug _ckey " $_ckey "
_debug _ccert " $_ccert "
_debug _cca " $_cca "
_debug _cfullchain " $_cfullchain "
_deploynewcert( ) {
_info "Adding new cert to rancher"
response = $(
curl -u " $_curlAuth " \
-X POST \
$_curlUrl \
$_curlOpts \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d " { \
\" type\" :\" certificate\" , \
\" name\" :\" $_cdomain \" , \
\" description\" :\" acme.sh cert for $_cdomain \" , \
\" key\" :\" $_ckey \" , \
\" cert\" :\" $_ccert \" , \
\" certChain\" :\" $_cca \" \
} " \
" $_curlUrl / "
)
_info " Update status code: $response "
if [ " $response " -lt 199 ] || [ " $response " -gt 300 ] ; then
_err "Curl failed to create new cert"
return 1
fi
}
# Check software needed
for PROGRAMM in $REQ_SOFT
do
if ! _exists $PROGRAMM ; then
_err " The command $PROGRAMM is not found. "
_deployexistingcert( ) {
# Update existing certificate
_info "Updating..."
response = $(
curl -u " $_curlAuth " \
-X PUT \
--write-out "%{http_code}" \
$_curlOpts \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d " { \
\" id\" :\" $cert_id \" , \
\" type\" :\" certificate\" , \
\" baseType\" :\" certificate\" , \
\" name\" :\" $_cdomain \" , \
\" state\" :\" active\" , \
\" accountId\" :\" $Le_rancher_environment \" , \
\" algorithm\" :\" SHA256WITHRSA\" , \
\" cert\" :\" $_ccert \" , \
\" certChain\" :\" $_cfullchain \" , \
\" key\" :\" $_ckey \" \
} " \
" $_curlUrl / $cert_id "
)
_info " Update status code: $response "
if [ " $response " -lt 199 ] || [ " $response " -gt 300 ] ; then
_err " Curl failed to update cert with id= $cert_id "
return 1
fi
done
}
_checkcert( ) {
# Check if certificate already exist in rancher
id_raw_json = $(
curl -s \
-u " $_curlAuth " \
-X GET \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
" $_curlUrl ?name= $_cdomain "
)
cert_state = $(
echo " $id_raw_json " |
awk -F= '\:' -v RS = '\,' "\$id_raw_json~/\"state\"/ {print}" |
tr -d "\n\t" |
sed -e 's/^"//' -e 's/"$//' |
grep -o "active"
)
_info " Cert state is: $cert_state "
}
_getcertid( ) {
# Get certificate ID
id_raw_json = $(
curl -s -u " $_curlAuth " \
-X GET \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
" $_curlUrl ?name= $_cdomain "
)
cert_id = $(
echo " $id_raw_json " |
awk -F= '\:' -v RS = '\,' "\$id_raw_json~/\"data\"/ {print}" |
tr -d "\n\t" |
sed -e 's/^"//' -e 's/"$//' |
sed -e 's/data.*"//'
)
}
_checkapiconnection( ) {
# Check api connection
_curlUrl = " $Le_rancher_server /v2-beta/ "
_curlOpts = "--silent --output /dev/null"
response = $(
curl \
$_curlUrl \
--write-out "%{http_code}" \
$_curlOpts
)
if [ " $response " -ge 200 ] && [ " $response " -le 299 ] ; then
_err " Curl failed to connect to $Le_rancher_server v2-beta API "
return 1
else
_info " API connected! $_curlUrl "
fi
}
_checkenvvars( ) {
# Check environment variables and config variables
for ENV_VAR in $REQ_ENV_VARS
do
@ -71,77 +154,55 @@ rancher_deploy() {
_savedomainconf $get_result "_result"
fi
done
# Check api connection
response = $(
curl " $Le_rancher_server /v2-beta/ " \
--write-out "%{http_code}" \
--silent \
--output /dev/null
)
if [ " $response " -ge 200 ] && [ " $response " -le 299 ] ; then
_err " Curl failed to connect to $Le_rancher_server v2-beta API "
}
_checksoft( ) {
# Check software needed
for PROGRAMM in $REQ_SOFT
do
if ! _exists $PROGRAMM ; then
_err " The command $PROGRAMM is not found. "
return 1
else
_info "API connected!"
fi
done
}
######## Public functions #####################
# Check if certificate already exist in rancher
#domain keyfile certfile cafile fullchain
rancher_deploy( ) {
_cdomain = " $1 "
# Further $(sed 's/$/\\n/' "$1" | tr -d '\n')
# Made for iclude cert in var in one line with \n
_ckey = $( sed 's/$/\\n/' " $2 " | tr -d '\n' )
_ccert = $( sed 's/$/\\n/' " $3 " | tr -d '\n' )
_cca = $( sed 's/$/\\n/' " $4 " | tr -d '\n' )
_cfullchain = $( sed 's/$/\\n/' " $5 " | tr -d '\n' )
_debug _cdomain " $_cdomain "
_debug _ckey " $_ckey "
_debug _ccert " $_ccert "
_debug _cca " $_cca "
_debug _cfullchain " $_cfullchain "
_checksoft
_checkenvvars
_checkapiconnection
_curlAuth = " $Le_rancher_access_key : $Le_rancher_secret_key "
_curlUrl = " $Le_rancher_server /v2-beta/projects/ $Le_rancher_environment /certificates "
_curlOpts = "--silent --output /dev/null"
_checkcert
id_raw_json = $( curl -s -u " $Le_rancher_access_key : $Le_rancher_secret_key " \
-X GET \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
" $Le_rancher_server /v2-beta/projects/ $Le_rancher_environment /certificates?name= $_cdomain " )
cert_state = $( echo " $id_raw_json " | awk -F= '\:' -v RS = '\,' "\$id_raw_json~/\"state\"/ {print}" | tr -d "\n\t" | sed -e 's/^"//' -e 's/"$//' | grep -o "active" )
_info " Cert state is $cert_state "
if [ -z " $cert_state " ] ; then
# Add new certificate
_info "Adding new cert to rancher"
response = $(
curl -u " $Le_rancher_access_key : $Le_rancher_secret_key " \
-X POST \
--write-out "%{http_code}" \
--silent \
--output /dev/null \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d " {\"type\":\"certificate\",\"name\":\" $_cdomain \",\"description\":\"acme.sh cert for $_cdomain \",\"key\":\" $_ckey \",\"cert\":\" $_ccert \",\"certChain\":\" $_cca \"} " \
" $Le_rancher_server /v2-beta/projects/ $Le_rancher_environment /certificates/ "
)
_info " Update status code: $response "
if [ " $response " -lt 199 ] || [ " $response " -gt 300 ] ; then
_err "Curl failed to create new cert"
return 1
fi
_deploynewcert
else
# Get certificate ID
id_raw_json = $( curl -s -u " $Le_rancher_access_key : $Le_rancher_secret_key " \
-X GET \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
" $Le_rancher_server /v2-beta/projects/ $Le_rancher_environment /certificates?name= $_cdomain " )
cert_id = $( echo " $id_raw_json " | awk -F= '\:' -v RS = '\,' "\$id_raw_json~/\"data\"/ {print}" | tr -d "\n\t" | sed -e 's/^"//' -e 's/"$//' | sed -e 's/data.*"//' )
_info " Cert already exist ID is: $cert_id "
# Update existing certificate
_info "Updating..."
response = $(
curl -u " $Le_rancher_access_key : $Le_rancher_secret_key " \
-X PUT \
--write-out "%{http_code}" \
--silent \
--output /dev/null \
-H 'Accept: application/json' \
-H 'Content-Type: application/json' \
-d " {\"id\":\" $cert_id \",\"type\":\"certificate\",\"baseType\":\"certificate\",\"name\":\" $_cdomain \",\"state\":\"active\",\"accountId\":\" $Le_rancher_environment \",\"algorithm\":\"SHA256WITHRSA\",\"cert\":\" $_ccert \",\"certChain\":\" $_cfullchain \",\"key\":\" $_ckey \"} " \
" $Le_rancher_server /v2-beta/projects/ $Le_rancher_environment /certificates/ $cert_id "
)
_info " Update status code: $response "
if [ " $response " -lt 199 ] || [ " $response " -gt 300 ] ; then
_err " Curl failed to update cert with id= $cert_id "
return 1
fi
_getcertid
_info " Cert already exist, ID is: $cert_id "
_deployexistingcert
fi
_info "Certificate successfully deployed"
_info " Certificate $cert_id successfully deployed "
return 0
}
Зяблицкий Михаил Владимирович
6 years ago