deploy/consul.sh

   1 #!/usr/bin/env sh
   2
   3 # Here is a script to deploy cert to hashicorp consul using curl
   4 # (https://www.consul.io/)
   5 #
   6 # it requires following environment variables:
   7 #
   8 # CONSUL_PREFIX - this contains the prefix path in consul
   9 # CONSUL_HTTP_ADDR - consul requires this to find your consul server
  10 #
  11 # additionally, you need to ensure that CONSUL_HTTP_TOKEN is available
  12 # to access the consul server
  13
  14 #returns 0 means success, otherwise error.
  15
  16 ########  Public functions #####################
  17
  18 #domain keyfile certfile cafile fullchain
  19 consul_deploy() {
  20
  21   _cdomain="$1"
  22   _ckey="$2"
  23   _ccert="$3"
  24   _cca="$4"
  25   _cfullchain="$5"
  26
  27   _debug _cdomain "$_cdomain"
  28   _debug _ckey "$_ckey"
  29   _debug _ccert "$_ccert"
  30   _debug _cca "$_cca"
  31   _debug _cfullchain "$_cfullchain"
  32
  33   # validate required env vars
  34   _getdeployconf CONSUL_PREFIX
  35   if [ -z "$CONSUL_PREFIX" ]; then
  36     _err "CONSUL_PREFIX needs to be defined (contains prefix path in vault)"
  37     return 1
  38   fi
  39   _savedeployconf CONSUL_PREFIX "$CONSUL_PREFIX"
  40
  41   _getdeployconf CONSUL_HTTP_ADDR
  42   if [ -z "$CONSUL_HTTP_ADDR" ]; then
  43     _err "CONSUL_HTTP_ADDR needs to be defined (contains consul connection address)"
  44     return 1
  45   fi
  46   _savedeployconf CONSUL_HTTP_ADDR "$CONSUL_HTTP_ADDR"
  47
  48   CONSUL_CMD=$(command -v consul)
  49
  50   # force CLI, but the binary does not exist => error
  51   if [ -n "$USE_CLI" ] && [ -z "$CONSUL_CMD" ]; then
  52     _err "Cannot find the consul binary!"
  53     return 1
  54   fi
  55
  56   # use the CLI first
  57   if [ -n "$USE_CLI" ] || [ -n "$CONSUL_CMD" ]; then
  58     _info "Found consul binary, deploying with CLI"
  59     consul_deploy_cli "$CONSUL_CMD" "$CONSUL_PREFIX"
  60   else
  61     _info "Did not find consul binary, deploying with API"
  62     consul_deploy_api "$CONSUL_HTTP_ADDR" "$CONSUL_PREFIX" "$CONSUL_HTTP_TOKEN"
  63   fi
  64 }
  65
  66 consul_deploy_api() {
  67   CONSUL_HTTP_ADDR="$1"
  68   CONSUL_PREFIX="$2"
  69   CONSUL_HTTP_TOKEN="$3"
  70
  71   URL="$CONSUL_HTTP_ADDR/v1/kv/$CONSUL_PREFIX"
  72   export _H1="X-Consul-Token: $CONSUL_HTTP_TOKEN"
  73
  74   if [ -n "$FABIO" ]; then
  75     _post "$(cat "$_cfullchain")" "$URL/${_cdomain}-cert.pem" '' "PUT" || return 1
  76     _post "$(cat "$_ckey")" "$URL/${_cdomain}-key.pem" '' "PUT" || return 1
  77   else
  78     _post "$(cat "$_ccert")" "$URL/${_cdomain}/cert.pem" '' "PUT" || return 1
  79     _post "$(cat "$_ckey")" "$URL/${_cdomain}/cert.key" '' "PUT" || return 1
  80     _post "$(cat "$_cca")" "$URL/${_cdomain}/chain.pem" '' "PUT" || return 1
  81     _post "$(cat "$_cfullchain")" "$URL/${_cdomain}/fullchain.pem" '' "PUT" || return 1
  82   fi
  83 }
  84
  85 consul_deploy_cli() {
  86   CONSUL_CMD="$1"
  87   CONSUL_PREFIX="$2"
  88
  89   if [ -n "$FABIO" ]; then
  90     $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-cert.pem" @"$_cfullchain" || return 1
  91     $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}-key.pem" @"$_ckey" || return 1
  92   else
  93     $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.pem" value=@"$_ccert" || return 1
  94     $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/cert.key" value=@"$_ckey" || return 1
  95     $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/chain.pem" value=@"$_cca" || return 1
  96     $CONSUL_CMD kv put "${CONSUL_PREFIX}/${_cdomain}/fullchain.pem" value=@"$_cfullchain" || return 1
  97   fi
  98 }