Refactor required var and software check
This commit is contained in:
Зяблицкий Михаил Владимирович
parent
89fa046c1a
commit
5996355c8c
@ -4,7 +4,7 @@
|
|||||||
# Returns 0 when success.
|
# Returns 0 when success.
|
||||||
#
|
#
|
||||||
# Written by Mihkail Zyablickiy <mikeaggy91@gmail.com>
|
# Written by Mihkail Zyablickiy <mikeaggy91@gmail.com>
|
||||||
# 2018
|
# 2018-2019
|
||||||
#
|
#
|
||||||
####### Variables ##############################
|
####### Variables ##############################
|
||||||
#export RANCHER_ACCESS_KEY=7E6F529DAAFE771A5
|
#export RANCHER_ACCESS_KEY=7E6F529DAAFE771A5
|
||||||
@ -12,153 +12,136 @@
|
|||||||
#export RANCHER_ENVIRONMENT=1a5
|
#export RANCHER_ENVIRONMENT=1a5
|
||||||
#export RANCHER_SERVER=http://rancher-server.example.com
|
#export RANCHER_SERVER=http://rancher-server.example.com
|
||||||
|
|
||||||
|
REQ_SOFT="curl awk grep"
|
||||||
|
REQ_ENV_VARS="RANCHER_ACCESS_KEY RANCHER_SECRET_KEY RANCHER_ENVIRONMENT RANCHER_SERVER"
|
||||||
|
|
||||||
|
######## Private functions #####################
|
||||||
|
|
||||||
|
_getconfigvar() {
|
||||||
|
_var="$1"
|
||||||
|
case "${_var}" in
|
||||||
|
"RANCHER_ACCESS_KEY" ) get_result="Le_rancher_access_key" ;;
|
||||||
|
"RANCHER_SECRET_KEY" ) get_result="Le_rancher_secret_key" ;;
|
||||||
|
"RANCHER_ENVIRONMENT" ) get_result="Le_rancher_environment" ;;
|
||||||
|
"RANCHER_SERVER" ) get_result="Le_rancher_server" ;;
|
||||||
|
esac
|
||||||
|
}
|
||||||
|
|
||||||
######## Public functions #####################
|
######## Public functions #####################
|
||||||
|
|
||||||
#domain keyfile certfile cafile fullchain
|
#domain keyfile certfile cafile fullchain
|
||||||
|
|
||||||
rancher_deploy() {
|
rancher_deploy() {
|
||||||
_cdomain="$1"
|
_cdomain="$1"
|
||||||
# Further $(sed 's/$/\\n/' "$1" | tr -d '\n')
|
# Further $(sed 's/$/\\n/' "$1" | tr -d '\n')
|
||||||
# Made for iclude cert in var in one line with \n
|
# Made for iclude cert in var in one line with \n
|
||||||
_ckey=$(sed 's/$/\\n/' "$2" | tr -d '\n')
|
_ckey=$(sed 's/$/\\n/' "$2" | tr -d '\n')
|
||||||
_ccert=$(sed 's/$/\\n/' "$3" | tr -d '\n')
|
_ccert=$(sed 's/$/\\n/' "$3" | tr -d '\n')
|
||||||
_cca=$(sed 's/$/\\n/' "$4" | tr -d '\n')
|
_cca=$(sed 's/$/\\n/' "$4" | tr -d '\n')
|
||||||
_cfullchain=$(sed 's/$/\\n/' "$5" | tr -d '\n')
|
_cfullchain=$(sed 's/$/\\n/' "$5" | tr -d '\n')
|
||||||
|
|
||||||
_debug _cdomain "$_cdomain"
|
_debug _cdomain "$_cdomain"
|
||||||
_debug _ckey "$_ckey"
|
_debug _ckey "$_ckey"
|
||||||
_debug _ccert "$_ccert"
|
_debug _ccert "$_ccert"
|
||||||
_debug _cca "$_cca"
|
_debug _cca "$_cca"
|
||||||
_debug _cfullchain "$_cfullchain"
|
_debug _cfullchain "$_cfullchain"
|
||||||
|
|
||||||
# Check software needed
|
# Check software needed
|
||||||
if ! _exists curl; then
|
for PROGRAMM in $REQ_SOFT
|
||||||
_err "The command curl is not found."
|
do
|
||||||
return 1
|
if ! _exists $PROGRAMM; then
|
||||||
fi
|
_err "The command $PROGRAMM is not found."
|
||||||
|
return 1
|
||||||
if ! _exists awk; then
|
fi
|
||||||
_err "The command awk is not found."
|
done
|
||||||
return 1
|
|
||||||
fi
|
# Check environment variables and config variables
|
||||||
|
for ENV_VAR in $REQ_ENV_VARS
|
||||||
if ! _exists grep; then
|
do
|
||||||
_err "The command grep is not found."
|
_getconfigvar $ENV_VAR
|
||||||
return 1
|
eval _var='$'$ENV_VAR
|
||||||
fi
|
eval _result='$'$get_result
|
||||||
|
if [ -z "$_var" ]; then
|
||||||
# Check environment variables and config
|
if [ -z "$_result" ]; then
|
||||||
|
_err "$ENV_VAR variable not defined."
|
||||||
if [ -z "$RANCHER_ACCESS_KEY" ]; then
|
return 1
|
||||||
if [ -z "$Le_rancher_access_key" ]; then
|
fi
|
||||||
_err "RANCHER_ACCESS_KEY not defined."
|
else
|
||||||
return 1
|
$get_result="$_var"
|
||||||
fi
|
_savedomainconf $get_result "_result"
|
||||||
else
|
fi
|
||||||
Le_rancher_access_key="$RANCHER_ACCESS_KEY"
|
done
|
||||||
_savedomainconf Le_rancher_access_key "$Le_rancher_access_key"
|
|
||||||
fi
|
# Check api connection
|
||||||
|
|
||||||
if [ -z "$RANCHER_SECRET_KEY" ]; then
|
|
||||||
if [ -z "$Le_rancher_secret_key" ]; then
|
|
||||||
_err "RANCHER_SECRET_KEY not defined."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
Le_rancher_secret_key="$RANCHER_SECRET_KEY"
|
|
||||||
_savedomainconf Le_rancher_secret_key "$Le_rancher_secret_key"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$RANCHER_ENVIRONMENT" ]; then
|
|
||||||
if [ -z "$Le_rancher_environment" ]; then
|
|
||||||
_err "RANCHER_ENVIRONMENT not defined."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
Le_rancher_environment="$RANCHER_ENVIRONMENT"
|
|
||||||
_savedomainconf Le_rancher_environment "$Le_rancher_environment"
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [ -z "$RANCHER_SERVER" ]; then
|
|
||||||
if [ -z "$Le_rancher_server" ]; then
|
|
||||||
_err "RANCHER_SERVER not defined."
|
|
||||||
return 1
|
|
||||||
fi
|
|
||||||
else
|
|
||||||
Le_rancher_server="$RANCHER_SERVER"
|
|
||||||
_savedomainconf Le_rancher_server "$Le_rancher_server"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check api connection
|
|
||||||
response=$(
|
|
||||||
curl "$Le_rancher_server/v2-beta/" \
|
|
||||||
--write-out "%{http_code}" \
|
|
||||||
--silent \
|
|
||||||
--output /dev/null
|
|
||||||
)
|
|
||||||
if [ "$response" -ge 200 ] && [ "$response" -le 299 ]; then
|
|
||||||
_err "Curl failed to connect to $Le_rancher_server v2-beta API"
|
|
||||||
return 1
|
|
||||||
else
|
|
||||||
_info "API connected!"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Check if certificate already exist in rancher
|
|
||||||
|
|
||||||
id_raw_json=$(curl -s -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
|
||||||
-X GET \
|
|
||||||
-H 'Accept: application/json' \
|
|
||||||
-H 'Content-Type: application/json' \
|
|
||||||
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates?name=$_cdomain")
|
|
||||||
cert_state=$(echo "$id_raw_json" | awk -F='\:' -v RS='\,' "\$id_raw_json~/\"state\"/ {print}" | tr -d "\n\t" | sed -e 's/^"//' -e 's/"$//' | grep -o "active")
|
|
||||||
_info "Cert state is $cert_state"
|
|
||||||
if [ -z "$cert_state" ]; then
|
|
||||||
# Add new certificate
|
|
||||||
_info "Adding new cert to rancher"
|
|
||||||
response=$(
|
response=$(
|
||||||
curl -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
curl "$Le_rancher_server/v2-beta/" \
|
||||||
-X POST \
|
|
||||||
--write-out "%{http_code}" \
|
--write-out "%{http_code}" \
|
||||||
--silent \
|
--silent \
|
||||||
--output /dev/null \
|
--output /dev/null
|
||||||
-H 'Accept: application/json' \
|
|
||||||
-H 'Content-Type: application/json' \
|
|
||||||
-d "{\"type\":\"certificate\",\"name\":\"$_cdomain\",\"description\":\"acme.sh cert for $_cdomain\",\"key\":\"$_ckey\",\"cert\":\"$_ccert\",\"certChain\":\"$_cca\"}" \
|
|
||||||
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates/"
|
|
||||||
)
|
)
|
||||||
_info "Update status code: $response"
|
if [ "$response" -ge 200 ] && [ "$response" -le 299 ]; then
|
||||||
if [ "$response" -lt 199 ] || [ "$response" -gt 300 ]; then
|
_err "Curl failed to connect to $Le_rancher_server v2-beta API"
|
||||||
_err "Curl failed to create new cert"
|
return 1
|
||||||
return 1
|
else
|
||||||
|
_info "API connected!"
|
||||||
fi
|
fi
|
||||||
else
|
|
||||||
# Get certificate ID
|
# Check if certificate already exist in rancher
|
||||||
|
|
||||||
id_raw_json=$(curl -s -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
id_raw_json=$(curl -s -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
||||||
-X GET \
|
-X GET \
|
||||||
-H 'Accept: application/json' \
|
|
||||||
-H 'Content-Type: application/json' \
|
|
||||||
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates?name=$_cdomain")
|
|
||||||
cert_id=$(echo "$id_raw_json" | awk -F='\:' -v RS='\,' "\$id_raw_json~/\"data\"/ {print}" | tr -d "\n\t" | sed -e 's/^"//' -e 's/"$//' | sed -e 's/data.*"//')
|
|
||||||
_info "Cert already exist ID is: $cert_id"
|
|
||||||
# Update existing certificate
|
|
||||||
_info "Updating..."
|
|
||||||
response=$(
|
|
||||||
curl -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
|
||||||
-X PUT \
|
|
||||||
--write-out "%{http_code}" \
|
|
||||||
--silent \
|
|
||||||
--output /dev/null \
|
|
||||||
-H 'Accept: application/json' \
|
-H 'Accept: application/json' \
|
||||||
-H 'Content-Type: application/json' \
|
-H 'Content-Type: application/json' \
|
||||||
-d "{\"id\":\"$cert_id\",\"type\":\"certificate\",\"baseType\":\"certificate\",\"name\":\"$_cdomain\",\"state\":\"active\",\"accountId\":\"$Le_rancher_environment\",\"algorithm\":\"SHA256WITHRSA\",\"cert\":\"$_ccert\",\"certChain\":\"$_cfullchain\",\"key\":\"$_ckey\"}" \
|
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates?name=$_cdomain")
|
||||||
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates/$cert_id"
|
cert_state=$(echo "$id_raw_json" | awk -F='\:' -v RS='\,' "\$id_raw_json~/\"state\"/ {print}" | tr -d "\n\t" | sed -e 's/^"//' -e 's/"$//' | grep -o "active")
|
||||||
)
|
_info "Cert state is $cert_state"
|
||||||
_info "Update status code: $response"
|
if [ -z "$cert_state" ]; then
|
||||||
if [ "$response" -lt 199 ] || [ "$response" -gt 300 ]; then
|
# Add new certificate
|
||||||
_err "Curl failed to update cert with id=$cert_id"
|
_info "Adding new cert to rancher"
|
||||||
return 1
|
response=$(
|
||||||
|
curl -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
||||||
|
-X POST \
|
||||||
|
--write-out "%{http_code}" \
|
||||||
|
--silent \
|
||||||
|
--output /dev/null \
|
||||||
|
-H 'Accept: application/json' \
|
||||||
|
-H 'Content-Type: application/json' \
|
||||||
|
-d "{\"type\":\"certificate\",\"name\":\"$_cdomain\",\"description\":\"acme.sh cert for $_cdomain\",\"key\":\"$_ckey\",\"cert\":\"$_ccert\",\"certChain\":\"$_cca\"}" \
|
||||||
|
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates/"
|
||||||
|
)
|
||||||
|
_info "Update status code: $response"
|
||||||
|
if [ "$response" -lt 199 ] || [ "$response" -gt 300 ]; then
|
||||||
|
_err "Curl failed to create new cert"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
|
else
|
||||||
|
# Get certificate ID
|
||||||
|
id_raw_json=$(curl -s -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
||||||
|
-X GET \
|
||||||
|
-H 'Accept: application/json' \
|
||||||
|
-H 'Content-Type: application/json' \
|
||||||
|
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates?name=$_cdomain")
|
||||||
|
cert_id=$(echo "$id_raw_json" | awk -F='\:' -v RS='\,' "\$id_raw_json~/\"data\"/ {print}" | tr -d "\n\t" | sed -e 's/^"//' -e 's/"$//' | sed -e 's/data.*"//')
|
||||||
|
_info "Cert already exist ID is: $cert_id"
|
||||||
|
# Update existing certificate
|
||||||
|
_info "Updating..."
|
||||||
|
response=$(
|
||||||
|
curl -u "$Le_rancher_access_key:$Le_rancher_secret_key" \
|
||||||
|
-X PUT \
|
||||||
|
--write-out "%{http_code}" \
|
||||||
|
--silent \
|
||||||
|
--output /dev/null \
|
||||||
|
-H 'Accept: application/json' \
|
||||||
|
-H 'Content-Type: application/json' \
|
||||||
|
-d "{\"id\":\"$cert_id\",\"type\":\"certificate\",\"baseType\":\"certificate\",\"name\":\"$_cdomain\",\"state\":\"active\",\"accountId\":\"$Le_rancher_environment\",\"algorithm\":\"SHA256WITHRSA\",\"cert\":\"$_ccert\",\"certChain\":\"$_cfullchain\",\"key\":\"$_ckey\"}" \
|
||||||
|
"$Le_rancher_server/v2-beta/projects/$Le_rancher_environment/certificates/$cert_id"
|
||||||
|
)
|
||||||
|
_info "Update status code: $response"
|
||||||
|
if [ "$response" -lt 199 ] || [ "$response" -gt 300 ]; then
|
||||||
|
_err "Curl failed to update cert with id=$cert_id"
|
||||||
|
return 1
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
fi
|
_info "Certificate successfully deployed"
|
||||||
_info "Certificate successfully deployed"
|
return 0
|
||||||
return 0
|
|
||||||
}
|
}
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user