Update nodemgmt-scripts.sh
This commit is contained in:
@@ -707,6 +707,8 @@ CHECK-CERTS(){
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
|
||||
BACKUP(){
|
||||
BACKUP_FOLDER=/opt/idssys/backups/node-backup
|
||||
#BACKUP_FOLDER=/opt/idssys/backups/node-backups/${NODE_HOSTNAME} #/`date +%Y-%m-%d`
|
||||
@@ -1673,58 +1675,32 @@ NODEUPDATE() {
|
||||
}
|
||||
|
||||
VCENTER-SSL(){
|
||||
function status() {
|
||||
GREEN='\033[00;32m'
|
||||
RESTORE='\033[0m'
|
||||
echo -e "\n...${GREEN}$1${RESTORE}...\n"
|
||||
}
|
||||
CERTDIR='/etc/letsencrypt/live/vcenter.scity.us'
|
||||
SERVER='https://vcenter.scity.us'
|
||||
CRED="administrator@scity.vs:$(pass iDSVC)"
|
||||
|
||||
# Usage: input "Prompt Text" "Variable Name"
|
||||
function input() {
|
||||
GREEN='\033[00;32m'
|
||||
RESTORE='\033[0m'
|
||||
echo -en "\n...${GREEN}$1${RESTORE}: "
|
||||
read $2
|
||||
echo -e ""
|
||||
}
|
||||
# Step 1a - Get the session ID.
|
||||
SESSION_ID=$(curl -s -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'vmware-use-header-authn: test' --header 'vmware-api-session-id: null' -u $CRED "$SERVER/rest/com/vmware/cis/session" --insecure | python3 -c "import sys, json; print(json.load(sys.stdin)['value'])")
|
||||
echo "Session ID: $SESSION_ID"
|
||||
|
||||
function pressanykey(){
|
||||
GREEN='\033[00;32m'
|
||||
RESTORE='\033[0m'
|
||||
echo -en "\n...${GREEN}$1. Press any key to continue.${RESTORE}..."
|
||||
read -r -p "" -n 1
|
||||
}
|
||||
|
||||
if [ ${ESXiHost+x} ] && [ ${ESXiUser+x} ]; then
|
||||
status "Checking for existing ssh keys for $ESXiHost"
|
||||
if [[ -e ~/.ssh/$ESXiHost'_rsa' ]]
|
||||
then
|
||||
status "Keys for $ESXiHost exist. Continuing"
|
||||
else
|
||||
status "Keys for $ESXiHost not found. Generating 4096 bit keys"
|
||||
ssh-keygen -b 4096 -t rsa -f ~/.ssh/$ESXiHost'_rsa' -q -N "" -C "$ESXiUser@$HOSTNAME LetsEncrypt"
|
||||
status "Adding new key to ssh-agent"
|
||||
eval `ssh-agent` && ssh-add ~/.ssh/$ESXiHost'_rsa'
|
||||
status "Configuring $ESXiHost for ssh access"
|
||||
pubkey=`cat ~/.ssh/$ESXiHost'_rsa.pub'`
|
||||
ssh $ESXiUser@$ESXiHost "mkdir -p /etc/ssh/keys-$ESXiUser &&
|
||||
echo $pubkey > /etc/ssh/keys-$ESXiUser/authorized_keys &&
|
||||
chmod 700 -R /etc/ssh/keys-$ESXiUser &&
|
||||
chmod 600 /etc/ssh/keys-$ESXiUser/authorized_keys &&
|
||||
chown -R $ESXiUser /etc/ssh/keys-$ESXiUser &&
|
||||
/etc/init.d/SSH restart"
|
||||
fi
|
||||
# Step 1b - Get both the certificate and private key into the format we need. Newlines must be converted into \n using awk or a similar command
|
||||
PRIVKEY=$(awk -v ORS='\\n' '1' "$CERTDIR/privkey.pem")
|
||||
CERT=$(awk -v ORS='\\n' '1' "$CERTDIR/cert.pem")
|
||||
|
||||
# Copy letsencrypt cert to ESXi target
|
||||
status "Coping letsencrypt cert to $ESXiHost"
|
||||
sudo scp /etc/letsencrypt/live/$ESXiHost/* $ESXiUser@$ESXiHost:/root/
|
||||
|
||||
ssh $ESXiUser@$ESXiHost "/usr/lib/vmware-vmca/bin/certificate-manager"
|
||||
# Step 1c - Build the JSON request body. You can find this on your VCA appliance in the testing section.
|
||||
REQUEST_BODY="{ \"spec\" : { \"cert\" : \"$CERT\", \"key\" : \"$PRIVKEY\" } }"
|
||||
|
||||
else
|
||||
echo -e "${idsCL[Red]}Missing required variables.${idsCL[Default]}"
|
||||
exit 1
|
||||
fi
|
||||
# Step 2 - Update the certificate using the request body
|
||||
echo "Updating cert..."
|
||||
curl --insecure -X PUT "$SERVER/rest/vcenter/certificate-management/vcenter/tls" \
|
||||
-H "vmware-api-session-id: $SESSION_ID" \
|
||||
-H "Content-type: application/json" \
|
||||
-d "$REQUEST_BODY"
|
||||
|
||||
# Step 3 - Close the session
|
||||
echo "Deleting session..."
|
||||
curl --insecure -X DELETE "$SERVER/rest/com/vmware/cis/session" -H "vmware-api-session-id: $SESSION_ID"
|
||||
echo "Done!"
|
||||
}
|
||||
ADD_LOGROTATE_CRONTAB(){
|
||||
if ! crontab -l | grep -q '/opt/idssys/nodemgmt/tmp-logrotate'; then
|
||||
|
||||
Reference in New Issue
Block a user