From 55282851c4a890369bece6f3c5b8082f91f2d1ad Mon Sep 17 00:00:00 2001 From: emueller Date: Mon, 19 May 2025 09:18:29 +0200 Subject: [PATCH] implemented all suggestions --- deploy/kemplm.sh | 50 +++++++++++++++++++++--------------------------- 1 file changed, 22 insertions(+), 28 deletions(-) diff --git a/deploy/kemplm.sh b/deploy/kemplm.sh index fbe25cd8..e44e06dc 100755 --- a/deploy/kemplm.sh +++ b/deploy/kemplm.sh @@ -11,30 +11,27 @@ #domain keyfile certfile cafile fullchain kemplm_deploy() { - _cdomain="$1" - _ckey="$2" - _ccert="$3" - _cca="$4" - _cfullchain="$5" + _domain="$1" + _key_file="$2" + _cert_file="$3" + _ca_file="$4" + _fullchain_file="$5" - _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" - _debug _ccert "$_ccert" - _debug _cca "$_cca" - _debug _cfullchain "$_cfullchain" + _debug _domain "$_domain" + _debug _key_file "$_key_file" + _debug _cert_file "$_cert_file" + _debug _ca_file "$_ca_file" + _debug _fullchain_file "$_fullchain_file" if ! _exists jq; then _err "jq not found" + return 1 fi - # Rename wildcard certs, kemp accepts only alphanumeric names - _kemp_domain=$(echo "${_cdomain}" | sed 's/\*/wildcard/') + # Rename wildcard certs, kemp accepts only alphanumeric names so we delete '*.' from filename + _kemp_domain=$(echo "${_domain}" | sed 's/\*\.//') _debug _kemp_domain "$_kemp_domain" - # Clear traces of incorrectly stored values - _clearaccountconf DEPLOY_KEMP_TOKEN - _clearaccountconf DEPLOY_KEMP_URL - # Read config from saved values or env _getdeployconf DEPLOY_KEMP_TOKEN _getdeployconf DEPLOY_KEMP_URL @@ -47,7 +44,7 @@ kemplm_deploy() { return 1 fi if [ -z "$DEPLOY_KEMP_URL" ]; then - _err "Kemp Loadmaster url is not found, please define DEPLOY_KEMP_URL." + _err "Kemp Loadmaster URL is not found, please define DEPLOY_KEMP_URL." return 1 fi @@ -55,14 +52,11 @@ kemplm_deploy() { _savedeployconf DEPLOY_KEMP_TOKEN "$DEPLOY_KEMP_TOKEN" _savedeployconf DEPLOY_KEMP_URL "$DEPLOY_KEMP_URL" - # Do not check for a valid SSL certificate - export HTTPS_INSECURE=1 - # Check if certificate is already installed _info "Check if certificate is already present" - _post_request="{\"cmd\": \"listcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\"}" - _debug3 _post_request "${_post_request}" - _kemp_cert_count=$(_post "${_post_request}" "${DEPLOY_KEMP_URL}/accessv2" | jq -r '.cert[] | .name' | grep -c "${_kemp_domain}") + _list_request="{\"cmd\": \"listcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\"}" + _debug3 _list_request "${_list_request}" + _kemp_cert_count=$(HTTPS_INSECURE=1 _post "${_list_request}" "${DEPLOY_KEMP_URL}/accessv2" | jq -r '.cert[] | .name' | grep -c "${_kemp_domain}") _debug2 _kemp_cert_count "${_kemp_cert_count}" _kemp_replace_cert=1 @@ -76,13 +70,13 @@ kemplm_deploy() { # Upload new certificate to Kemp Loadmaster _kemp_upload_cert=$(_mktemp) - cat "${_cfullchain}" "${_ckey}" | base64 -w 0 >"${_kemp_upload_cert}" + cat "${_fullchain_file}" "${_key_file}" | base64 | tr -d '\n' >"${_kemp_upload_cert}" _info "Uploading certificate to Kemp Loadmaster" - _post_data=$(cat "${_kemp_upload_cert}") - _post_request="{\"cmd\": \"addcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\", \"replace\": ${_kemp_replace_cert}, \"cert\": \"${_kemp_domain}\", \"data\": \"${_post_data}\"}" - _debug3 _post_request "${_post_request}" - _kemp_post_result=$(_post "${_post_request}" "${DEPLOY_KEMP_URL}/accessv2") + _add_data=$(cat "${_kemp_upload_cert}") + _add_request="{\"cmd\": \"addcert\", \"apikey\": \"${DEPLOY_KEMP_TOKEN}\", \"replace\": ${_kemp_replace_cert}, \"cert\": \"${_kemp_domain}\", \"data\": \"${_add_data}\"}" + _debug3 _add_request "${_add_request}" + _kemp_post_result=$(HTTPS_INSECURE=1 _post "${_add_request}" "${DEPLOY_KEMP_URL}/accessv2") _retval=$? _debug2 _kemp_post_result "${_kemp_post_result}" if [ "${_retval}" -eq 0 ]; then