From c8d0d475e4f79f48877048fc6dfb45e1b28c5404 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 11 Jun 2022 13:49:31 -0400 Subject: [PATCH 01/23] deploy api script to upload certs to proxmox using proxmox api --- deploy/proxmoxve.sh | 123 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 deploy/proxmoxve.sh diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh new file mode 100644 index 00000000..8a5893b7 --- /dev/null +++ b/deploy/proxmoxve.sh @@ -0,0 +1,123 @@ +#!/usr/bin/env bash + +# Deploy certificates to a proxmox virtual environment node using the API. +# +# Environment variables that can be set are: +# `DEPLOY_PROXMOXVE_SERVER`: The hostname of the proxmox ve node. Defaults to +# _cdomain. +# `DEPLOY_PROXMOXVE_SERVER_PORT`: The port number the management interface is on. +# Defaults to 8006. +# `DEPLOY_PROXMOXVE_NODE_NAME`: The name of the node we'll be connecting to. +# Defaults to the host portion of the server +# domain name. +# `DEPLOY_PROXMOXVE_USER`: The user we'll connect as. Defaults to root. +# `DEPLOY_PROXMOXVE_USER_REALM`: The authentication realm the user authenticates +# with. Defaults to pam. +# `DEPLOY_PROXMOXVE_API_TOKEN_NAME`: The name of the API token created for the +# user account. Defaults to acme. +# `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. + +proxmoxve_deploy(){ + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # "Sane" defaults. + _target_hostname="$_cdomain" + if [ ! -z "$DEPLOY_PROXMOXVE_SERVER" ];then + _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + fi + + _target_port="8006" + if [ ! -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" + fi + + if [ ! -z "$DEPLOY_PROXMOXVE_NODE_NAME" ];then + _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" + else + _node_name=$(echo "$_target_hostname"|cut -d. -f1) + fi + + # Complete URL. + _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" + + # More "sane" defaults. + _proxmoxve_user="root" + if [ ! -z "$_proxmoxve_user" ];then + _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" + fi + + _proxmoxve_user_realm="pam" + if [ ! -z "$DEPLOY_PROXMOXVE_USER_REALM" ];then + _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" + fi + + _proxmoxve_api_token_name="acme" + if [ ! -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" + fi + + # This is required. + _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + if [ -z "$_proxmoxve_api_token_key" ];then + _err "API key not provided." + return 1 + fi + + # PVE API Token header value. Used in "Authorization: PVEAPIToken". + _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" + + # Generate the data file curl will pass as the data. + _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" + _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json" + # We delete this directory at the end of the script to avoid any conflicts. + if [ ! -d "$_proxmoxve_temp_data" ];then + mkdir -p "$_proxmoxve_temp_data" + # Set to 700 since this file will contain the private key contents. + chmod 700 "$_proxmoxve_temp_data" + fi + # Ugly. I hate putting heredocs inside functions because heredocs don't account + # for whitespace correctly but it _does_ work and is several times cleaner + # than anything else I had here. + # + # This creates a temporary data file that curl will use as the data being + # posted to the webserver. + cat << HEREDOC > "$_proxmoxve_temp_data_file" +{ + "certificates": "$(cat $_cfullchain|tr '\n' ':'|sed 's/:/\\n/g')", + "key": "$(cat $_ckey|tr '\n' ':'|sed 's/:/\\n/g')", + "node":"$_node_name", + "restart":"1", + "force":"1" +} +HEREDOC + + # Push certificates to server. + # + # --insecure is to ignore certificate errors. + # --fail is to fail the script if the http return code is not 200. + if curl -X "POST" --header "Content-Type: application/json" \ + --header "Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" \ + --data "@${_proxmoxve_temp_data_file}" \ + --insecure --fail \ + "${_target_url}" + then + _info "Successfully updated certificate for $_cdomain." + rm -r "$_proxmoxve_temp_data" + return 0 + else + _err "Unable to update certificate for $_cdomain." + rm -r "$_proxmoxve_temp_data" + return 1 + fi + +} From 6652138d3e2965ddadfbfd9d385e98973f7a4cc0 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 22:33:38 -0400 Subject: [PATCH 02/23] fixed per shellcheck's preference for `-n` instead of `! -z` --- deploy/proxmoxve.sh | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 8a5893b7..c783d248 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -32,16 +32,16 @@ proxmoxve_deploy(){ # "Sane" defaults. _target_hostname="$_cdomain" - if [ ! -z "$DEPLOY_PROXMOXVE_SERVER" ];then + if [ -n "$DEPLOY_PROXMOXVE_SERVER" ];then _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _target_port="8006" - if [ ! -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + if [ -n "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi - if [ ! -z "$DEPLOY_PROXMOXVE_NODE_NAME" ];then + if [ -n "$DEPLOY_PROXMOXVE_NODE_NAME" ];then _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" else _node_name=$(echo "$_target_hostname"|cut -d. -f1) @@ -52,17 +52,17 @@ proxmoxve_deploy(){ # More "sane" defaults. _proxmoxve_user="root" - if [ ! -z "$_proxmoxve_user" ];then + if [ -n "$_proxmoxve_user" ];then _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi _proxmoxve_user_realm="pam" - if [ ! -z "$DEPLOY_PROXMOXVE_USER_REALM" ];then + if [ -n "$DEPLOY_PROXMOXVE_USER_REALM" ];then _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi _proxmoxve_api_token_name="acme" - if [ ! -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + if [ -n "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi From 4351110082cd3cfc6a11891f4296bf5c32468da5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 22:38:06 -0400 Subject: [PATCH 03/23] properly quoted variable names --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index c783d248..664a04cd 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -93,8 +93,8 @@ proxmoxve_deploy(){ # posted to the webserver. cat << HEREDOC > "$_proxmoxve_temp_data_file" { - "certificates": "$(cat $_cfullchain|tr '\n' ':'|sed 's/:/\\n/g')", - "key": "$(cat $_ckey|tr '\n' ':'|sed 's/:/\\n/g')", + "certificates": "$(cat "$_cfullchain"|tr '\n' ':'|sed 's/:/\\n/g')", + "key": "$(cat "$_ckey"|tr '\n' ':'|sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" From 6d640982885c849172656ddcb68d01c98dbacea5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Tue, 14 Jun 2022 23:46:09 -0400 Subject: [PATCH 04/23] shell check war warning against unnecessary use of cat --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 664a04cd..459c909a 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -93,8 +93,8 @@ proxmoxve_deploy(){ # posted to the webserver. cat << HEREDOC > "$_proxmoxve_temp_data_file" { - "certificates": "$(cat "$_cfullchain"|tr '\n' ':'|sed 's/:/\\n/g')", - "key": "$(cat "$_ckey"|tr '\n' ':'|sed 's/:/\\n/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" From 7be758697133b15cd4f8410df8e114252eeb4198 Mon Sep 17 00:00:00 2001 From: neil Date: Sat, 18 Jun 2022 15:01:38 +0800 Subject: [PATCH 05/23] Update proxmoxve.sh --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 459c909a..30f8b0b6 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -1,4 +1,4 @@ -#!/usr/bin/env bash +#!/usr/bin/env sh # Deploy certificates to a proxmox virtual environment node using the API. # From 5f3cb9019b6fa182837fe1f9c97f8e2106e86d9b Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 12:18:33 -0400 Subject: [PATCH 06/23] fixed to use _post function instead of curl --- deploy/proxmoxve.sh | 34 ++++++++++------------------------ 1 file changed, 10 insertions(+), 24 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 459c909a..a7f11d20 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -85,13 +85,13 @@ proxmoxve_deploy(){ # Set to 700 since this file will contain the private key contents. chmod 700 "$_proxmoxve_temp_data" fi - # Ugly. I hate putting heredocs inside functions because heredocs don't account - # for whitespace correctly but it _does_ work and is several times cleaner - # than anything else I had here. + # Ugly. I hate putting heredocs inside functions because heredocs don't + # account for whitespace correctly but it _does_ work and is several times + # cleaner than anything else I had here. # - # This creates a temporary data file that curl will use as the data being - # posted to the webserver. - cat << HEREDOC > "$_proxmoxve_temp_data_file" + # This dumps the json payload to a variable that should be passable to the + # _psot function. + _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", @@ -100,24 +100,10 @@ proxmoxve_deploy(){ "force":"1" } HEREDOC - +) # Push certificates to server. - # - # --insecure is to ignore certificate errors. - # --fail is to fail the script if the http return code is not 200. - if curl -X "POST" --header "Content-Type: application/json" \ - --header "Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" \ - --data "@${_proxmoxve_temp_data_file}" \ - --insecure --fail \ - "${_target_url}" - then - _info "Successfully updated certificate for $_cdomain." - rm -r "$_proxmoxve_temp_data" - return 0 - else - _err "Unable to update certificate for $_cdomain." - rm -r "$_proxmoxve_temp_data" - return 1 - fi + export _HTTPS_INSECURE=1 + export ="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" + _post "$_json_payload" "$_target_url" } From daffc4e6a4818da714ee73f4ed25a824b931f466 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 12:21:14 -0400 Subject: [PATCH 07/23] typo, using _H1 to provide header keys. --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index a7f11d20..fafa3cb4 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -103,7 +103,7 @@ HEREDOC ) # Push certificates to server. export _HTTPS_INSECURE=1 - export ="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" + export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" _post "$_json_payload" "$_target_url" } From ca41ea2d5c792178d1f434ccfb0723825d139244 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:40:05 -0400 Subject: [PATCH 08/23] added _getdeployconf to set all of the environment variables --- deploy/proxmoxve.sh | 50 ++++++++++++++++++++++++++++++++------------- 1 file changed, 36 insertions(+), 14 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index fafa3cb4..7cc0b850 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -31,50 +31,72 @@ proxmoxve_deploy(){ _debug _cfullchain "$_cfullchain" # "Sane" defaults. - _target_hostname="$_cdomain" - if [ -n "$DEPLOY_PROXMOXVE_SERVER" ];then + _getdeployconf DEPLOY_PROXMOXVE_SERVER + if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + else + _target_hostname="$_cdomain" fi + _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" - _target_port="8006" - if [ -n "$DEPLOY_PROXMOXVE_SERVER_PORT" ];then + _getdeployconf DEPLOY_PROXMOXVE_SERVER_PORT + if [ -z "$DEPLOY_PROXMOXVE_SERVER_PORT" ]; then + _target_port="8006" + else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" fi + _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" - if [ -n "$DEPLOY_PROXMOXVE_NODE_NAME" ];then - _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" - else + _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME + if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then _node_name=$(echo "$_target_hostname"|cut -d. -f1) + else + _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" fi + _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" # Complete URL. _target_url="https://${_target_hostname}:${_target_port}/api2/json/nodes/${_node_name}/certificates/custom" + _debug TARGET_URL "$_target_url" # More "sane" defaults. - _proxmoxve_user="root" - if [ -n "$_proxmoxve_user" ];then + _getdeployconf DEPLOY_PROXMOXVE_USER + if [ -z "$DEPLOY_PROXMOXVE_USER" ]; then + _proxmoxve_user="root" + else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" fi + _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user" - _proxmoxve_user_realm="pam" - if [ -n "$DEPLOY_PROXMOXVE_USER_REALM" ];then + _getdeployconf DEPLOY_PROXMOXVE_USER_REALM + if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then + _proxmoxve_user_realm="pam" + else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" fi + _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" - _proxmoxve_api_token_name="acme" - if [ -n "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ];then + _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" ]; then + _proxmoxve_api_token_name="acme" + else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" # This is required. - _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY if [ -z "$_proxmoxve_api_token_key" ];then _err "API key not provided." return 1 + else + _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi + _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key # PVE API Token header value. Used in "Authorization: PVEAPIToken". _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" + _debug2 "Auth Header" _proxmoxve_header_api_token # Generate the data file curl will pass as the data. _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" From 35cf98fff2e69c8afabce3f8444e1c94ed0f9da5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:41:38 -0400 Subject: [PATCH 09/23] sensititive things debugged at a higher level --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 7cc0b850..2c99ab9f 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -25,7 +25,7 @@ proxmoxve_deploy(){ _cfullchain="$5" _debug _cdomain "$_cdomain" - _debug _ckey "$_ckey" + _debug2 _ckey "$_ckey" _debug _ccert "$_ccert" _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" From 3cc283cbee2b3ac0997ee0b5a0c1793b0647efd8 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:44:25 -0400 Subject: [PATCH 10/23] not generating files any more --- deploy/proxmoxve.sh | 9 --------- 1 file changed, 9 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 2c99ab9f..80be4a3c 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -98,15 +98,6 @@ proxmoxve_deploy(){ _proxmoxve_header_api_token="${_proxmoxve_user}@${_proxmoxve_user_realm}!${_proxmoxve_api_token_name}=${_proxmoxve_api_token_key}" _debug2 "Auth Header" _proxmoxve_header_api_token - # Generate the data file curl will pass as the data. - _proxmoxve_temp_data="/tmp/proxmoxve_api/$_cdomain" - _proxmoxve_temp_data_file="$_proxmoxve_temp_data/body.json" - # We delete this directory at the end of the script to avoid any conflicts. - if [ ! -d "$_proxmoxve_temp_data" ];then - mkdir -p "$_proxmoxve_temp_data" - # Set to 700 since this file will contain the private key contents. - chmod 700 "$_proxmoxve_temp_data" - fi # Ugly. I hate putting heredocs inside functions because heredocs don't # account for whitespace correctly but it _does_ work and is several times # cleaner than anything else I had here. From 37031721dd23db54900e7d9f0a20f00f7903b667 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 15:52:18 -0400 Subject: [PATCH 11/23] typo --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 80be4a3c..b15f06df 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -86,7 +86,7 @@ proxmoxve_deploy(){ # This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY - if [ -z "$_proxmoxve_api_token_key" ];then + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then _err "API key not provided." return 1 else From 76fe5d8831dbf0a8169f607430a3dd061971840d Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:39:32 -0400 Subject: [PATCH 12/23] those where flipped by mistake --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index b15f06df..2366b34d 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -33,9 +33,9 @@ proxmoxve_deploy(){ # "Sane" defaults. _getdeployconf DEPLOY_PROXMOXVE_SERVER if [ -z "$DEPLOY_PROXMOXVE_SERVER" ]; then - _target_hostname="$DEPLOY_PROXMOXVE_SERVER" - else _target_hostname="$_cdomain" + else + _target_hostname="$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" From 7900c493af1d035a79c54c8ad429350d7acc8041 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:43:25 -0400 Subject: [PATCH 13/23] debugging for the payload --- deploy/proxmoxve.sh | 2 ++ 1 file changed, 2 insertions(+) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 2366b34d..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -114,6 +114,8 @@ proxmoxve_deploy(){ } HEREDOC ) + _debug2 Payload "$_json_payload" + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From a5d5113be34bace02dc9370bed102187aa52e7fe Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:55:12 -0400 Subject: [PATCH 14/23] seems like the escaped new lines aren't remaining escaped new lines with the new version of curl --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..9b01b7c0 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -107,7 +107,7 @@ proxmoxve_deploy(){ _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", - "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" @@ -115,7 +115,7 @@ proxmoxve_deploy(){ HEREDOC ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From 4e625c18dc233a77517bb4be830acc0924972ce0 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:56:46 -0400 Subject: [PATCH 15/23] Revert "seems like the escaped new lines aren't remaining escaped new lines with the new version of curl" This reverts commit a5d5113be34bace02dc9370bed102187aa52e7fe. --- deploy/proxmoxve.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 9b01b7c0..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -107,7 +107,7 @@ proxmoxve_deploy(){ _json_payload=$(cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", - "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\\n/g')", + "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", "force":"1" @@ -115,7 +115,7 @@ proxmoxve_deploy(){ HEREDOC ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From 149310e1ecdec3343757296cab9ebf6975693d5d Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 16:58:15 -0400 Subject: [PATCH 16/23] '+' are being converted to ' ' at some point --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..a7123bf1 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -106,7 +106,7 @@ proxmoxve_deploy(){ # _psot function. _json_payload=$(cat << HEREDOC { - "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g' -e 's/+/\+/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", From c0da80158005bb40f793f639c12a2d604dbddb7e Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sat, 18 Jun 2022 17:00:36 -0400 Subject: [PATCH 17/23] Revert "'+' are being converted to ' ' at some point" This reverts commit 149310e1ecdec3343757296cab9ebf6975693d5d. --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index a7123bf1..3b6a5a4e 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -106,7 +106,7 @@ proxmoxve_deploy(){ # _psot function. _json_payload=$(cat << HEREDOC { - "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g' -e 's/+/\+/g')", + "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", "node":"$_node_name", "restart":"1", From b876128635542d12e7214619994bf1c1947c7fc5 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sun, 19 Jun 2022 01:46:10 -0400 Subject: [PATCH 18/23] forced content-type to json --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 3b6a5a4e..f003d2b6 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -119,6 +119,6 @@ HEREDOC # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" - _post "$_json_payload" "$_target_url" + _post "$_json_payload" "$_target_url" "" POST "application/json" } From b3b4811b2c4b9fa875d4744da6152422f55d1c20 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Sun, 19 Jun 2022 22:01:56 -0400 Subject: [PATCH 19/23] added savedeployconf to preserve environment variables usedi in initial deployments --- deploy/proxmoxve.sh | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 5f44a147..40012c75 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -36,6 +36,7 @@ proxmoxve_deploy(){ _target_hostname="$_cdomain" else _target_hostname="$DEPLOY_PROXMOXVE_SERVER" + _savedeployconf DEPLOY_PROXMOXVE_SERVER "$DEPLOY_PROXMOXVE_SERVER" fi _debug2 DEPLOY_PROXMOXVE_SERVER "$_target_hostname" @@ -44,6 +45,7 @@ proxmoxve_deploy(){ _target_port="8006" else _target_port="$DEPLOY_PROXMOXVE_SERVER_PORT" + _savedeployconf DEPLOY_PROXMOXVE_SERVER_PORT "$DEPLOY_PROXMOXVE_SERVER_PORT" fi _debug2 DEPLOY_PROXMOXVE_SERVER_PORT "$_target_port" @@ -52,6 +54,7 @@ proxmoxve_deploy(){ _node_name=$(echo "$_target_hostname"|cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" + _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" fi _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_node_name" @@ -65,14 +68,16 @@ proxmoxve_deploy(){ _proxmoxve_user="root" else _proxmoxve_user="$DEPLOY_PROXMOXVE_USER" + _savedeployconf DEPLOY_PROXMOXVE_USER "$DEPLOY_PROXMOXVE_USER" fi - _debug2 DEPLOY_PROXMOXVE_NODE_NAME "$_proxmoxve_user" + _debug2 DEPLOY_PROXMOXVE_USER "$_proxmoxve_user" _getdeployconf DEPLOY_PROXMOXVE_USER_REALM if [ -z "$DEPLOY_PROXMOXVE_USER_REALM" ]; then _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" + _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALMz" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" @@ -81,6 +86,7 @@ proxmoxve_deploy(){ _proxmoxve_api_token_name="acme" else _proxmoxve_api_token_name="$DEPLOY_PROXMOXVE_API_TOKEN_NAME" + _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_NAME "$DEPLOY_PROXMOXVE_API_TOKEN_NAME" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_NAME "$_proxmoxve_api_token_name" @@ -91,6 +97,7 @@ proxmoxve_deploy(){ return 1 else _proxmoxve_api_token_key="$DEPLOY_PROXMOXVE_API_TOKEN_KEY" + _savedeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" fi _debug2 DEPLOY_PROXMOXVE_API_TOKEN_KEY _proxmoxve_api_token_key From 799f509ba9f90e6a6d5b84eaf1d7c6d9730cdbd6 Mon Sep 17 00:00:00 2001 From: William Sellitti Date: Wed, 22 Jun 2022 23:19:12 -0400 Subject: [PATCH 20/23] typo --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 40012c75..c156b3a3 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -77,7 +77,7 @@ proxmoxve_deploy(){ _proxmoxve_user_realm="pam" else _proxmoxve_user_realm="$DEPLOY_PROXMOXVE_USER_REALM" - _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALMz" + _savedeployconf DEPLOY_PROXMOXVE_USER_REALM "$DEPLOY_PROXMOXVE_USER_REALM" fi _debug2 DEPLOY_PROXMOXVE_USER_REALM "$_proxmoxve_user_realm" From 668894fc4d1b2e7b8af4db57a6e5c454f05bfda5 Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 23 Jun 2022 14:08:24 +0800 Subject: [PATCH 21/23] Update proxmoxve.sh --- deploy/proxmoxve.sh | 11 ++++++----- 1 file changed, 6 insertions(+), 5 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index c156b3a3..91f02e10 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -51,7 +51,7 @@ proxmoxve_deploy(){ _getdeployconf DEPLOY_PROXMOXVE_NODE_NAME if [ -z "$DEPLOY_PROXMOXVE_NODE_NAME" ]; then - _node_name=$(echo "$_target_hostname"|cut -d. -f1) + _node_name=$(echo "$_target_hostname" | cut -d. -f1) else _node_name="$DEPLOY_PROXMOXVE_NODE_NAME" _savedeployconf DEPLOY_PROXMOXVE_NODE_NAME "$DEPLOY_PROXMOXVE_NODE_NAME" @@ -92,7 +92,7 @@ proxmoxve_deploy(){ # This is required. _getdeployconf DEPLOY_PROXMOXVE_API_TOKEN_KEY - if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ];then + if [ -z "$DEPLOY_PROXMOXVE_API_TOKEN_KEY" ]; then _err "API key not provided." return 1 else @@ -111,7 +111,8 @@ proxmoxve_deploy(){ # # This dumps the json payload to a variable that should be passable to the # _psot function. - _json_payload=$(cat << HEREDOC + _json_payload=$( + cat << HEREDOC { "certificates": "$(tr '\n' ':' < "$_cfullchain" | sed 's/:/\\n/g')", "key": "$(tr '\n' ':' < "$_ckey" |sed 's/:/\\n/g')", @@ -120,9 +121,9 @@ proxmoxve_deploy(){ "force":"1" } HEREDOC -) + ) _debug2 Payload "$_json_payload" - + # Push certificates to server. export _HTTPS_INSECURE=1 export _H1="Authorization: PVEAPIToken=${_proxmoxve_header_api_token}" From a386826808ae7e7dd2191c8f73ca716cf108067d Mon Sep 17 00:00:00 2001 From: neil Date: Thu, 23 Jun 2022 14:11:36 +0800 Subject: [PATCH 22/23] Update proxmoxve.sh --- deploy/proxmoxve.sh | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 91f02e10..742c977d 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -17,7 +17,7 @@ # user account. Defaults to acme. # `DEPLOY_PROXMOXVE_API_TOKEN_KEY`: The API token. Required. -proxmoxve_deploy(){ +proxmoxve_deploy() { _cdomain="$1" _ckey="$2" _ccert="$3" @@ -112,10 +112,10 @@ proxmoxve_deploy(){ # This dumps the json payload to a variable that should be passable to the # _psot function. _json_payload=$( - cat << HEREDOC + cat < Date: Thu, 23 Jun 2022 14:12:53 +0800 Subject: [PATCH 23/23] Update proxmoxve.sh --- deploy/proxmoxve.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/proxmoxve.sh b/deploy/proxmoxve.sh index 742c977d..216a8fc7 100644 --- a/deploy/proxmoxve.sh +++ b/deploy/proxmoxve.sh @@ -115,7 +115,7 @@ proxmoxve_deploy() { cat <