deploy/proxmoxve.sh

   1 #!/usr/bin/env sh
   2
   3 # Deploy certificates to a proxmox virtual environment node using the API.
   4 #
   5 # Environment variables that can be set are:
   6 # `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to
   7 #                            _cdomain.
   8 # `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on.
   9 #                                 Defaults to 8006.
  10 # `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to.
  11 #                               Defaults to the host portion of the server
  12 #                               domain name.
  13 # `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root.
  14 # `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates
  15 #                                with. Defaults to pam.
  16 # `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the
  17 #                                    user account. Defaults to acme.
  18 # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required.
  19
  20 proxmoxve_deploy() {
  21   _cdomain="$1"
  22   _ckey="$2"
  23   _ccert="$3"
  24   _cca="$4"
  25   _cfullchain="$5"
  26
  27   _debug _cdomain "$_cdomain"
  28   _debug2 _ckey "$_ckey"
  29   _debug _ccert "$_ccert"
  30   _debug _cca "$_cca"
  31   _debug _cfullchain "$_cfullchain"
  32
  33   # "Sane" defaults.
  34   _getdeployconf DEPLOY_PROXMOXVE_SERVER
  35   if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then
  36     _target_hostname="$_cdomain"
  37   else
  38     _target_hostname="$DEPLOY_PROXMOXVE_SERVER"
  39     _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER"
  40   fi
  41   _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname"
  42
  43   _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT
  44   if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then
  45     _target_port="8006"
  46   else
  47     _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT"
  48     _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT"
  49   fi
  50   _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port"
  51
  52   _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME
  53   if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then
  54     _node_name=$(echo "$_target_hostname" | cut -d. -f1)
  55   else
  56     _node_name="$DEPLOY_PROXMOXVE_NODE_NAME"
  57     _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME"
  58   fi
  59   _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name"
  60
  61   # Complete URL.
  62   _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom"
  63   _debug TARGET_URL "$_target_url"
  64
  65   # More "sane" defaults.
  66   _getdeployconf DEPLOY_PROXMOXVE_USER
  67   if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then
  68     _proxmoxve_user="root"
  69   else
  70     _proxmoxve_user="$DEPLOY_PROXMOXVE_USER"
  71     _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER"
  72   fi
  73   _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user"
  74
  75   _getdeployconf DEPLOY_PROXMOXVE_USER_REALM
  76   if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then
  77     _proxmoxve_user_realm="pam"
  78   else
  79     _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM"
  80     _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM"
  81   fi
  82   _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm"
  83
  84   _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME
  85   if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then
  86     _proxmoxve_api_token_name="acme"
  87   else
  88     _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
  89     _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME"
  90   fi
  91   _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name"
  92
  93   # This is required.
  94   _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY
  95   if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then
  96     _err "API key not provided."
  97     return 1
  98   else
  99     _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
 100     _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY"
 101   fi
 102   _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key
 103
 104   # PVE API Token header value. Used in "Authorization: PVEAPIToken".
 105   _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}"
 106   _debug2 "Auth Header" _proxmoxve_header_api_token
 107
 108   # Ugly. I hate putting heredocs inside functions because heredocs don't
 109   # account for whitespace correctly but it _does_ work and is several times
 110   # cleaner than anything else I had here.
 111   #
 112   # This dumps the json payload to a variable that should be passable to the
 113   # _psot function.
 114   _json_payload=$(
 115     cat <<HEREDOC
 116 {
 117   "certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')",
 118   "key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')",
 119   "node":"$_node_name",
 120   "restart":"1",
 121   "force":"1"
 122 }
 123 HEREDOC
 124   )
 125   _debug2 Payload "$_json_payload"
 126
 127   # Push certificates to server.
 128   export _HTTPS_INSECURE=1
 129   export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}"
 130   _post "$_json_payload" "$_target_url" "" POST "application/json"
 131
 132 }