[mirror_acme.sh.git] / deploy / proxmoxve.sh

#!/usr/bin/env sh

# Deploy certificates to a proxmox virtual environment node using the API.
#
# Environment variables that can be set are:
# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to
#                            _cdomain.
# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.
#                                 Defaults to 8006.
# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.
#                               Defaults to the host portion of the server
#                               domain name.
# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.
# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates
#                                with. Defaults to pam.
# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the
#                                    user account. Defaults to acme.
# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.

proxmoxve_deploy() {
  _cdomain="$1"
  _ckey="$2"
  _ccert="$3"
  _cca="$4"
  _cfullchain="$5"

  _debug _cdomain "$_cdomain"
  _debug2 _ckey "$_ckey"
  _debug _ccert "$_ccert"
  _debug _cca "$_cca"
  _debug _cfullchain "$_cfullchain"

  # "Sane" defaults.
  _getdeployconf DEPLOY_PROXMOXVE_SERVER
  if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then
    _target_hostname="$_cdomain"
  else
    _target_hostname="$DEPLOY_PROXMOXVE_SERVER"
    _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER"
  fi
  _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"

  _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT
  if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then
    _target_port="8006"
  else
    _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT"
    _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT"
  fi
  _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"

  _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME
  if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then
    _node_name=$(echo "$_target_hostname" | cut -d. -f1)
  else
    _node_name="$DEPLOY_PROXMOXVE_NODE_NAME"
    _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME"
  fi
  _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"

  # Complete URL.
  _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom"
  _debug TARGET_URL "$_target_url"

  # More "sane" defaults.
  _getdeployconf DEPLOY_PROXMOXVE_USER
  if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then
    _proxmoxve_user="root"
  else
    _proxmoxve_user="$DEPLOY_PROXMOXVE_USER"
    _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER"
  fi
  _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user"

  _getdeployconf DEPLOY_PROXMOXVE_USER_REALM
  if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then
    _proxmoxve_user_realm="pam"
  else
    _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM"
    _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM"
  fi
  _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"

  _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME
  if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then
    _proxmoxve_api_token_name="acme"
  else
    _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
    _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
  fi
  _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"

  # This is required.
  _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY
  if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then
    _err "API key not provided."
    return 1
  else
    _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
    _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
  fi
  _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key

  # PVE API Token header value. Used in "Authorization: PVEAPIToken".
  _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
  _debug2 "Auth Header" _proxmoxve_header_api_token

  # Ugly. I hate putting heredocs inside functions because heredocs don't
  # account for whitespace correctly but it _does_ work and is several times
  # cleaner than anything else I had here.
  #
  # This dumps the json payload to a variable that should be passable to the
  # _psot function.
  _json_payload=$(
    cat <<HEREDOC
{
  "certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')",
  "key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')",
  "node":"$_node_name",
  "restart":"1",
  "force":"1"
}
HEREDOC
  )
  _debug2 Payload "$_json_payload"

  # Push certificates to server.
  export _HTTPS_INSECURE=1
  export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
  _post "$_json_payload" "$_target_url" "" POST "application/json"

}
Commit	Line	Data
7be75869	1	#!/usr/bin/env sh
c8d0d475 WS	2
	3	# Deploy certificates to a proxmox virtual environment node using the API.
	4	#
	5	# Environment variables that can be set are:
	6	# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to
	7	# _cdomain.
	8	# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.
	9	# Defaults to 8006.
	10	# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.
	11	# Defaults to the host portion of the server
	12	# domain name.
	13	# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.
	14	# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates
	15	# with. Defaults to pam.
	16	# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the
	17	# user account. Defaults to acme.
	18	# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.
	19
a3868268	20	proxmoxve_deploy() {
c8d0d475 WS	21	_cdomain="$1"
	22	_ckey="$2"
	23	_ccert="$3"
	24	_cca="$4"
	25	_cfullchain="$5"
	26
	27	_debug _cdomain "$_cdomain"
35cf98ff	28	_debug2 _ckey "$_ckey"
c8d0d475 WS	29	_debug _ccert "$_ccert"
	30	_debug _cca "$_cca"
	31	_debug _cfullchain "$_cfullchain"
	32
	33	# "Sane" defaults.
ca41ea2d WS	34	_getdeployconf DEPLOY_PROXMOXVE_SERVER
ca41ea2d WS	35	if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then
ca41ea2d	36	_target_hostname="$_cdomain"
76fe5d88 WS	37	else
76fe5d88 WS	38	_target_hostname="$DEPLOY_PROXMOXVE_SERVER"
b3b4811b	39	_savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER"
c8d0d475	40	fi
ca41ea2d	41	_debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"
c8d0d475	42
ca41ea2d WS	43	_getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT
	44	if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then
	45	_target_port="8006"
	46	else
c8d0d475	47	_target_port="$DEPLOY_PROXMOXVE_SERVER_PORT"
b3b4811b	48	_savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT"
c8d0d475	49	fi
ca41ea2d	50	_debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"
c8d0d475	51
ca41ea2d WS	52	_getdeployconf DEPLOY_PROXMOXVE_NODE_NAME
ca41ea2d WS	53	if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then
668894fc	54	_node_name=$(echo "$_target_hostname" \| cut -d. -f1)
ca41ea2d WS	55	else
ca41ea2d WS	56	_node_name="$DEPLOY_PROXMOXVE_NODE_NAME"
b3b4811b	57	_savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME"
c8d0d475	58	fi
ca41ea2d	59	_debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"
c8d0d475 WS	60
	61	# Complete URL.
	62	_target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom"
ca41ea2d	63	_debug TARGET_URL "$_target_url"
c8d0d475 WS	64
c8d0d475 WS	65	# More "sane" defaults.
ca41ea2d WS	66	_getdeployconf DEPLOY_PROXMOXVE_USER
	67	if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then
	68	_proxmoxve_user="root"
	69	else
c8d0d475	70	_proxmoxve_user="$DEPLOY_PROXMOXVE_USER"
b3b4811b	71	_savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER"
c8d0d475	72	fi
b3b4811b	73	_debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user"
c8d0d475	74
ca41ea2d WS	75	_getdeployconf DEPLOY_PROXMOXVE_USER_REALM
	76	if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then
	77	_proxmoxve_user_realm="pam"
	78	else
c8d0d475	79	_proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM"
799f509b	80	_savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM"
c8d0d475	81	fi
ca41ea2d	82	_debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"
c8d0d475	83
ca41ea2d WS	84	_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME
	85	if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then
	86	_proxmoxve_api_token_name="acme"
	87	else
c8d0d475	88	_proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
b3b4811b	89	_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
c8d0d475	90	fi
ca41ea2d	91	_debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"
c8d0d475 WS	92
c8d0d475 WS	93	# This is required.
ca41ea2d	94	_getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY
668894fc	95	if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then
c8d0d475 WS	96	_err "API key not provided."
c8d0d475 WS	97	return 1
ca41ea2d WS	98	else
ca41ea2d WS	99	_proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
b3b4811b	100	_savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
c8d0d475	101	fi
ca41ea2d	102	_debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
c8d0d475 WS	103
	104	# PVE API Token header value. Used in "Authorization: PVEAPIToken".
	105	_proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
ca41ea2d	106	_debug2 "Auth Header" _proxmoxve_header_api_token
c8d0d475	107
5f3cb901 WS	108	# Ugly. I hate putting heredocs inside functions because heredocs don't
	109	# account for whitespace correctly but it _does_ work and is several times
	110	# cleaner than anything else I had here.
c8d0d475	111	#
5f3cb901 WS	112	# This dumps the json payload to a variable that should be passable to the
5f3cb901 WS	113	# _psot function.
668894fc	114	_json_payload=$(
a3868268	115	cat <<HEREDOC
c8d0d475	116	{
a3868268	117	"certificates": "$(tr '\n' ':' <"$_cfullchain" \| sed 's/:/\\n/g')",
9b79743c	118	"key": "$(tr '\n' ':' <"$_ckey" \| sed 's/:/\\n/g')",
c8d0d475 WS	119	"node":"$_node_name",
	120	"restart":"1",
	121	"force":"1"
	122	}
	123	HEREDOC
668894fc	124	)
7900c493	125	_debug2 Payload "$_json_payload"
668894fc	126
c8d0d475	127	# Push certificates to server.
5f3cb901	128	export _HTTPS_INSECURE=1
daffc4e6	129	export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
b8761286	130	_post "$_json_payload" "$_target_url" "" POST "application/json"
c8d0d475 WS	131
c8d0d475 WS	132	}