]>
Commit | Line | Data |
---|---|---|
7be75869 | 1 | #!/usr/bin/env sh |
c8d0d475 WS |
2 | |
3 | # Deploy certificates to a proxmox virtual environment node using the API. | |
4 | # | |
5 | # Environment variables that can be set are: | |
6 | # `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to | |
7 | # _cdomain. | |
8 | # `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. | |
9 | # Defaults to 8006. | |
10 | # `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. | |
11 | # Defaults to the host portion of the server | |
12 | # domain name. | |
13 | # `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. | |
14 | # `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates | |
15 | # with. Defaults to pam. | |
16 | # `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the | |
17 | # user account. Defaults to acme. | |
18 | # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. | |
19 | ||
a3868268 | 20 | proxmoxve_deploy() { |
c8d0d475 WS |
21 | _cdomain="$1" |
22 | _ckey="$2" | |
23 | _ccert="$3" | |
24 | _cca="$4" | |
25 | _cfullchain="$5" | |
26 | ||
27 | _debug _cdomain "$_cdomain" | |
35cf98ff | 28 | _debug2 _ckey "$_ckey" |
c8d0d475 WS |
29 | _debug _ccert "$_ccert" |
30 | _debug _cca "$_cca" | |
31 | _debug _cfullchain "$_cfullchain" | |
32 | ||
33 | # "Sane" defaults. | |
ca41ea2d WS |
34 | _getdeployconf DEPLOY_PROXMOXVE_SERVER |
35 | if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then | |
ca41ea2d | 36 | _target_hostname="$_cdomain" |
76fe5d88 WS |
37 | else |
38 | _target_hostname="$DEPLOY_PROXMOXVE_SERVER" | |
b3b4811b | 39 | _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" |
c8d0d475 | 40 | fi |
ca41ea2d | 41 | _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" |
c8d0d475 | 42 | |
ca41ea2d WS |
43 | _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT |
44 | if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then | |
45 | _target_port="8006" | |
46 | else | |
c8d0d475 | 47 | _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" |
b3b4811b | 48 | _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" |
c8d0d475 | 49 | fi |
ca41ea2d | 50 | _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" |
c8d0d475 | 51 | |
ca41ea2d WS |
52 | _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME |
53 | if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then | |
668894fc | 54 | _node_name=$(echo "$_target_hostname" | cut -d. -f1) |
ca41ea2d WS |
55 | else |
56 | _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" | |
b3b4811b | 57 | _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" |
c8d0d475 | 58 | fi |
ca41ea2d | 59 | _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" |
c8d0d475 WS |
60 | |
61 | # Complete URL. | |
62 | _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" | |
ca41ea2d | 63 | _debug TARGET_URL "$_target_url" |
c8d0d475 WS |
64 | |
65 | # More "sane" defaults. | |
ca41ea2d WS |
66 | _getdeployconf DEPLOY_PROXMOXVE_USER |
67 | if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then | |
68 | _proxmoxve_user="root" | |
69 | else | |
c8d0d475 | 70 | _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" |
b3b4811b | 71 | _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" |
c8d0d475 | 72 | fi |
b3b4811b | 73 | _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" |
c8d0d475 | 74 | |
ca41ea2d WS |
75 | _getdeployconf DEPLOY_PROXMOXVE_USER_REALM |
76 | if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then | |
77 | _proxmoxve_user_realm="pam" | |
78 | else | |
c8d0d475 | 79 | _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" |
799f509b | 80 | _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" |
c8d0d475 | 81 | fi |
ca41ea2d | 82 | _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" |
c8d0d475 | 83 | |
ca41ea2d WS |
84 | _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME |
85 | if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then | |
86 | _proxmoxve_api_token_name="acme" | |
87 | else | |
c8d0d475 | 88 | _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
b3b4811b | 89 | _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" |
c8d0d475 | 90 | fi |
ca41ea2d | 91 | _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" |
c8d0d475 WS |
92 | |
93 | # This is required. | |
ca41ea2d | 94 | _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY |
668894fc | 95 | if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then |
c8d0d475 WS |
96 | _err "API key not provided." |
97 | return 1 | |
ca41ea2d WS |
98 | else |
99 | _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" | |
b3b4811b | 100 | _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" |
c8d0d475 | 101 | fi |
ca41ea2d | 102 | _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key |
c8d0d475 WS |
103 | |
104 | # PVE API Token header value. Used in "Authorization: PVEAPIToken". | |
105 | _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" | |
ca41ea2d | 106 | _debug2 "Auth Header" _proxmoxve_header_api_token |
c8d0d475 | 107 | |
5f3cb901 WS |
108 | # Ugly. I hate putting heredocs inside functions because heredocs don't |
109 | # account for whitespace correctly but it _does_ work and is several times | |
110 | # cleaner than anything else I had here. | |
c8d0d475 | 111 | # |
5f3cb901 WS |
112 | # This dumps the json payload to a variable that should be passable to the |
113 | # _psot function. | |
668894fc | 114 | _json_payload=$( |
a3868268 | 115 | cat <<HEREDOC |
c8d0d475 | 116 | { |
a3868268 | 117 | "certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')", |
9b79743c | 118 | "key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')", |
c8d0d475 WS |
119 | "node":"$_node_name", |
120 | "restart":"1", | |
121 | "force":"1" | |
122 | } | |
123 | HEREDOC | |
668894fc | 124 | ) |
7900c493 | 125 | _debug2 Payload "$_json_payload" |
668894fc | 126 | |
c8d0d475 | 127 | # Push certificates to server. |
5f3cb901 | 128 | export _HTTPS_INSECURE=1 |
daffc4e6 | 129 | export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" |
b8761286 | 130 | _post "$_json_payload" "$_target_url" "" POST "application/json" |
c8d0d475 WS |
131 | |
132 | } |