|
@@ -0,0 +1,120 @@
|
|
|
|
|
+#!/usr/bin/env sh
|
|
|
|
|
+
|
|
|
|
|
+# Deploy certificates to a proxmox backup server using the API.
|
|
|
|
|
+#
|
|
|
|
|
+# Environment variables that can be set are:
|
|
|
|
|
+# `DEPLOY_PROXMOXBS_SERVER`: The hostname of the proxmox backup server. Defaults to
|
|
|
|
|
+# _cdomain.
|
|
|
|
|
+# `DEPLOY_PROXMOXBS_SERVER_PORT`: The port number the management interface is on.
|
|
|
|
|
+# Defaults to 8007.
|
|
|
|
|
+# `DEPLOY_PROXMOXBS_USER`: The user we'll connect as. Defaults to root.
|
|
|
|
|
+# `DEPLOY_PROXMOXBS_USER_REALM`: The authentication realm the user authenticates
|
|
|
|
|
+# with. Defaults to pam.
|
|
|
|
|
+# `DEPLOY_PROXMOXBS_API_TOKEN_NAME`: The name of the API token created for the
|
|
|
|
|
+# user account. Defaults to acme.
|
|
|
|
|
+# `DEPLOY_PROXMOXBS_API_TOKEN_KEY`: The API token. Required.
|
|
|
|
|
+
|
|
|
|
|
+proxmoxbs_deploy() {
|
|
|
|
|
+ _cdomain="$1"
|
|
|
|
|
+ _ckey="$2"
|
|
|
|
|
+ _ccert="$3"
|
|
|
|
|
+ _cca="$4"
|
|
|
|
|
+ _cfullchain="$5"
|
|
|
|
|
+
|
|
|
|
|
+ _debug _cdomain "$_cdomain"
|
|
|
|
|
+ _debug2 _ckey "$_ckey"
|
|
|
|
|
+ _debug _ccert "$_ccert"
|
|
|
|
|
+ _debug _cca "$_cca"
|
|
|
|
|
+ _debug _cfullchain "$_cfullchain"
|
|
|
|
|
+
|
|
|
|
|
+ # "Sane" defaults.
|
|
|
|
|
+ _getdeployconf DEPLOY_PROXMOXBS_SERVER
|
|
|
|
|
+ if [ -z "$DEPLOY_PROXMOXBS_SERVER" ]; then
|
|
|
|
|
+ _target_hostname="$_cdomain"
|
|
|
|
|
+ else
|
|
|
|
|
+ _target_hostname="$DEPLOY_PROXMOXBS_SERVER"
|
|
|
|
|
+ _savedeployconf DEPLOY_PROXMOXBS_SERVER "$DEPLOY_PROXMOXBS_SERVER"
|
|
|
|
|
+ fi
|
|
|
|
|
+ _debug2 DEPLOY_PROXMOXBS_SERVER "$_target_hostname"
|
|
|
|
|
+
|
|
|
|
|
+ _getdeployconf DEPLOY_PROXMOXBS_SERVER_PORT
|
|
|
|
|
+ if [ -z "$DEPLOY_PROXMOXBS_SERVER_PORT" ]; then
|
|
|
|
|
+ _target_port="8007"
|
|
|
|
|
+ else
|
|
|
|
|
+ _target_port="$DEPLOY_PROXMOXBS_SERVER_PORT"
|
|
|
|
|
+ _savedeployconf DEPLOY_PROXMOXBS_SERVER_PORT "$DEPLOY_PROXMOXBS_SERVER_PORT"
|
|
|
|
|
+ fi
|
|
|
|
|
+ _debug2 DEPLOY_PROXMOXBS_SERVER_PORT "$_target_port"
|
|
|
|
|
+
|
|
|
|
|
+ # Complete URL.
|
|
|
|
|
+ _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/localhost/certificates/custom"
|
|
|
|
|
+ _debug TARGET_URL "$_target_url"
|
|
|
|
|
+
|
|
|
|
|
+ # More "sane" defaults.
|
|
|
|
|
+ _getdeployconf DEPLOY_PROXMOXBS_USER
|
|
|
|
|
+ if [ -z "$DEPLOY_PROXMOXBS_USER" ]; then
|
|
|
|
|
+ _proxmoxbs_user="root"
|
|
|
|
|
+ else
|
|
|
|
|
+ _proxmoxbs_user="$DEPLOY_PROXMOXBS_USER"
|
|
|
|
|
+ _savedeployconf DEPLOY_PROXMOXBS_USER "$DEPLOY_PROXMOXBS_USER"
|
|
|
|
|
+ fi
|
|
|
|
|
+ _debug2 DEPLOY_PROXMOXBS_USER "$_proxmoxbs_user"
|
|
|
|
|
+
|
|
|
|
|
+ _getdeployconf DEPLOY_PROXMOXBS_USER_REALM
|
|
|
|
|
+ if [ -z "$DEPLOY_PROXMOXBS_USER_REALM" ]; then
|
|
|
|
|
+ _proxmoxbs_user_realm="pam"
|
|
|
|
|
+ else
|
|
|
|
|
+ _proxmoxbs_user_realm="$DEPLOY_PROXMOXBS_USER_REALM"
|
|
|
|
|
+ _savedeployconf DEPLOY_PROXMOXBS_USER_REALM "$DEPLOY_PROXMOXBS_USER_REALM"
|
|
|
|
|
+ fi
|
|
|
|
|
+ _debug2 DEPLOY_PROXMOXBS_USER_REALM "$_proxmoxbs_user_realm"
|
|
|
|
|
+
|
|
|
|
|
+ _getdeployconf DEPLOY_PROXMOXBS_API_TOKEN_NAME
|
|
|
|
|
+ if [ -z "$DEPLOY_PROXMOXBS_API_TOKEN_NAME" ]; then
|
|
|
|
|
+ _proxmoxbs_api_token_name="acme"
|
|
|
|
|
+ else
|
|
|
|
|
+ _proxmoxbs_api_token_name="$DEPLOY_PROXMOXBS_API_TOKEN_NAME"
|
|
|
|
|
+ _savedeployconf DEPLOY_PROXMOXBS_API_TOKEN_NAME "$DEPLOY_PROXMOXBS_API_TOKEN_NAME"
|
|
|
|
|
+ fi
|
|
|
|
|
+ _debug2 DEPLOY_PROXMOXBS_API_TOKEN_NAME "$_proxmoxbs_api_token_name"
|
|
|
|
|
+
|
|
|
|
|
+ # This is required.
|
|
|
|
|
+ _getdeployconf DEPLOY_PROXMOXBS_API_TOKEN_KEY
|
|
|
|
|
+ if [ -z "$DEPLOY_PROXMOXBS_API_TOKEN_KEY" ]; then
|
|
|
|
|
+ _err "API key not provided."
|
|
|
|
|
+ return 1
|
|
|
|
|
+ else
|
|
|
|
|
+ _proxmoxbs_api_token_key="$DEPLOY_PROXMOXBS_API_TOKEN_KEY"
|
|
|
|
|
+ _savedeployconf DEPLOY_PROXMOXBS_API_TOKEN_KEY "$DEPLOY_PROXMOXBS_API_TOKEN_KEY"
|
|
|
|
|
+ fi
|
|
|
|
|
+ _debug2 DEPLOY_PROXMOXBS_API_TOKEN_KEY "$_proxmoxbs_api_token_key"
|
|
|
|
|
+
|
|
|
|
|
+ # PBS API Token header value. Used in "Authorization: PBSAPIToken".
|
|
|
|
|
+ _proxmoxbs_header_api_token="${_proxmoxbs_user}@${_proxmoxbs_user_realm}!${_proxmoxbs_api_token_name}:${_proxmoxbs_api_token_key}"
|
|
|
|
|
+ _debug2 "Auth Header" "$_proxmoxbs_header_api_token"
|
|
|
|
|
+
|
|
|
|
|
+ # Ugly. I hate putting heredocs inside functions because heredocs don't
|
|
|
|
|
+ # account for whitespace correctly but it _does_ work and is several times
|
|
|
|
|
+ # cleaner than anything else I had here.
|
|
|
|
|
+ #
|
|
|
|
|
+ # This dumps the json payload to a variable that should be passable to the
|
|
|
|
|
+ # _psot function.
|
|
|
|
|
+ _json_payload=$(
|
|
|
|
|
+ cat <<HEREDOC
|
|
|
|
|
+{
|
|
|
|
|
+ "certificates": "$(tr '\n' ':' <"$_cfullchain" | sed 's/:/\\n/g')",
|
|
|
|
|
+ "key": "$(tr '\n' ':' <"$_ckey" | sed 's/:/\\n/g')",
|
|
|
|
|
+ "node":"localhost",
|
|
|
|
|
+ "restart":true,
|
|
|
|
|
+ "force":true
|
|
|
|
|
+}
|
|
|
|
|
+HEREDOC
|
|
|
|
|
+ )
|
|
|
|
|
+ _debug2 Payload "$_json_payload"
|
|
|
|
|
+
|
|
|
|
|
+ _info "Push certificates to server"
|
|
|
|
|
+ export HTTPS_INSECURE=1
|
|
|
|
|
+ export _H1="Authorization: PBSAPIToken=${_proxmoxbs_header_api_token}"
|
|
|
|
|
+ _post "$_json_payload" "$_target_url" "" POST "application/json"
|
|
|
|
|
+
|
|
|
|
|
+}
|
neil