diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index 0ba26d88..68d6fdd7 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -707,6 +707,8 @@ CHECK-CERTS(){ fi } + + BACKUP(){ BACKUP_FOLDER=/opt/idssys/backups/node-backup #BACKUP_FOLDER=/opt/idssys/backups/node-backups/${NODE_HOSTNAME} #/`date +%Y-%m-%d` @@ -1673,58 +1675,32 @@ NODEUPDATE() { } VCENTER-SSL(){ - function status() { - GREEN='\033[00;32m' - RESTORE='\033[0m' - echo -e "\n...${GREEN}$1${RESTORE}...\n" - } + CERTDIR='/etc/letsencrypt/live/vcenter.scity.us' + SERVER='https://vcenter.scity.us' + CRED="administrator@scity.vs:$(pass iDSVC)" - # Usage: input "Prompt Text" "Variable Name" - function input() { - GREEN='\033[00;32m' - RESTORE='\033[0m' - echo -en "\n...${GREEN}$1${RESTORE}: " - read $2 - echo -e "" - } + # Step 1a - Get the session ID. + SESSION_ID=$(curl -s -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'vmware-use-header-authn: test' --header 'vmware-api-session-id: null' -u $CRED "$SERVER/rest/com/vmware/cis/session" --insecure | python3 -c "import sys, json; print(json.load(sys.stdin)['value'])") + echo "Session ID: $SESSION_ID" - function pressanykey(){ - GREEN='\033[00;32m' - RESTORE='\033[0m' - echo -en "\n...${GREEN}$1. Press any key to continue.${RESTORE}..." - read -r -p "" -n 1 - } - - if [ ${ESXiHost+x} ] && [ ${ESXiUser+x} ]; then - status "Checking for existing ssh keys for $ESXiHost" - if [[ -e ~/.ssh/$ESXiHost'_rsa' ]] - then - status "Keys for $ESXiHost exist. Continuing" - else - status "Keys for $ESXiHost not found. Generating 4096 bit keys" - ssh-keygen -b 4096 -t rsa -f ~/.ssh/$ESXiHost'_rsa' -q -N "" -C "$ESXiUser@$HOSTNAME LetsEncrypt" - status "Adding new key to ssh-agent" - eval `ssh-agent` && ssh-add ~/.ssh/$ESXiHost'_rsa' - status "Configuring $ESXiHost for ssh access" - pubkey=`cat ~/.ssh/$ESXiHost'_rsa.pub'` - ssh $ESXiUser@$ESXiHost "mkdir -p /etc/ssh/keys-$ESXiUser && - echo $pubkey > /etc/ssh/keys-$ESXiUser/authorized_keys && - chmod 700 -R /etc/ssh/keys-$ESXiUser && - chmod 600 /etc/ssh/keys-$ESXiUser/authorized_keys && - chown -R $ESXiUser /etc/ssh/keys-$ESXiUser && - /etc/init.d/SSH restart" - fi + # Step 1b - Get both the certificate and private key into the format we need. Newlines must be converted into \n using awk or a similar command + PRIVKEY=$(awk -v ORS='\\n' '1' "$CERTDIR/privkey.pem") + CERT=$(awk -v ORS='\\n' '1' "$CERTDIR/cert.pem") - # Copy letsencrypt cert to ESXi target - status "Coping letsencrypt cert to $ESXiHost" - sudo scp /etc/letsencrypt/live/$ESXiHost/* $ESXiUser@$ESXiHost:/root/ - - ssh $ESXiUser@$ESXiHost "/usr/lib/vmware-vmca/bin/certificate-manager" + # Step 1c - Build the JSON request body. You can find this on your VCA appliance in the testing section. + REQUEST_BODY="{ \"spec\" : { \"cert\" : \"$CERT\", \"key\" : \"$PRIVKEY\" } }" - else - echo -e "${idsCL[Red]}Missing required variables.${idsCL[Default]}" - exit 1 - fi + # Step 2 - Update the certificate using the request body + echo "Updating cert..." + curl --insecure -X PUT "$SERVER/rest/vcenter/certificate-management/vcenter/tls" \ + -H "vmware-api-session-id: $SESSION_ID" \ + -H "Content-type: application/json" \ + -d "$REQUEST_BODY" + + # Step 3 - Close the session + echo "Deleting session..." + curl --insecure -X DELETE "$SERVER/rest/com/vmware/cis/session" -H "vmware-api-session-id: $SESSION_ID" + echo "Done!" } ADD_LOGROTATE_CRONTAB(){ if ! crontab -l | grep -q '/opt/idssys/nodemgmt/tmp-logrotate'; then