3 # Here is a script to deploy cert to hashicorp consul using curl
4 # (https://www.consul.io/)
6 # it requires following environment variables:
8 # CONSUL_PREFIX - this contains the prefix path in consul
9 # CONSUL_HTTP_ADDR - consul requires this to find your consul server
11 # additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
12 # to access the consul server
14 #returns 0 means success, otherwise error.
16 ######## Public functions #####################
18 #domain keyfile certfile cafile fullchain
27 _debug _cdomain
"$_cdomain"
29 _debug _ccert
"$_ccert"
31 _debug _cfullchain
"$_cfullchain"
33 # validate required env vars
34 _getdeployconf CONSUL_PREFIX
35 if [ -z "$CONSUL_PREFIX" ]; then
36 _err
"CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
39 _savedeployconf CONSUL_PREFIX
"$CONSUL_PREFIX"
41 _getdeployconf CONSUL_HTTP_ADDR
42 if [ -z "$CONSUL_HTTP_ADDR" ]; then
43 _err
"CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
46 _savedeployconf CONSUL_HTTP_ADDR
"$CONSUL_HTTP_ADDR"
48 CONSUL_CMD
=$
(command -v consul
)
50 # force CLI, but the binary does not exist => error
51 if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
52 _err
"Cannot find the consul binary!"
57 if [ -n "$USE_CLI" ] ||
[ -n "$CONSUL_CMD" ]; then
58 _info
"Found consul binary, deploying with CLI"
59 consul_deploy_cli
"$CONSUL_CMD" "$CONSUL_PREFIX"
61 _info
"Did not find consul binary, deploying with API"
62 consul_deploy_api
"$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
69 CONSUL_HTTP_TOKEN
="$3"
71 URL
="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
72 export _H1
="X-Consul-Token: $CONSUL_HTTP_TOKEN"
74 if [ -n "$FABIO" ]; then
75 _post
"$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" ||
return 1
76 _post
"$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" ||
return 1
78 _post
"$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" ||
return 1
79 _post
"$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" ||
return 1
80 _post
"$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" ||
return 1
81 _post
"$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" ||
return 1
89 if [ -n "$FABIO" ]; then
90 $CONSUL_CMD kv put
"${CONSUL_PREFIX}/${_cdomain}-cert.pem" @
"$_cfullchain" ||
return 1
91 $CONSUL_CMD kv put
"${CONSUL_PREFIX}/${_cdomain}-key.pem" @
"$_ckey" ||
return 1
93 $CONSUL_CMD kv put
"${CONSUL_PREFIX}/${_cdomain}/cert.pem" value
=@
"$_ccert" ||
return 1
94 $CONSUL_CMD kv put
"${CONSUL_PREFIX}/${_cdomain}/cert.key" value
=@
"$_ckey" ||
return 1
95 $CONSUL_CMD kv put
"${CONSUL_PREFIX}/${_cdomain}/chain.pem" value
=@
"$_cca" ||
return 1
96 $CONSUL_CMD kv put
"${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value
=@
"$_cfullchain" ||
return 1