Update nodemgmt-scripts.sh

nodemgmt-scripts.sh

@@ -707,6 +707,8 @@ CHECK-CERTS(){
 	fi
 }
 
+
+
 BACKUP(){
 	BACKUP_FOLDER=/opt/idssys/backups/node-backup
 	#BACKUP_FOLDER=/opt/idssys/backups/node-backups/${NODE_HOSTNAME} #/`date +%Y-%m-%d`
@@ -1673,58 +1675,32 @@ NODEUPDATE() {
 }
 
 VCENTER-SSL(){
-	function status() {
+	CERTDIR='/etc/letsencrypt/live/vcenter.scity.us'
-	  GREEN='\033[00;32m'
+	SERVER='https://vcenter.scity.us'
-	  RESTORE='\033[0m'
+	CRED="administrator@scity.vs:$(pass iDSVC)"
-	  echo -e "\n...${GREEN}$1${RESTORE}...\n"
-	}
 
-	# Usage: input "Prompt Text" "Variable Name"
+	# Step 1a - Get the session ID.
-	function input() {
+	SESSION_ID=$(curl -s -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'vmware-use-header-authn: test' --header 'vmware-api-session-id: null' -u $CRED "$SERVER/rest/com/vmware/cis/session" --insecure | python3 -c "import sys, json; print(json.load(sys.stdin)['value'])")
-	  GREEN='\033[00;32m'
+	echo "Session ID: $SESSION_ID"
-	  RESTORE='\033[0m'
-	  echo -en "\n...${GREEN}$1${RESTORE}: "
-	  read $2
-	  echo -e ""
-	}
 
-	function pressanykey(){
+	# Step 1b - Get both the certificate and private key into the format we need. Newlines must be converted into \n using awk or a similar command
-	  GREEN='\033[00;32m'
+	PRIVKEY=$(awk -v ORS='\\n' '1' "$CERTDIR/privkey.pem")
-	  RESTORE='\033[0m'
+	CERT=$(awk -v ORS='\\n' '1' "$CERTDIR/cert.pem")
-	  echo -en "\n...${GREEN}$1. Press any key to continue.${RESTORE}..."
-	  read -r -p "" -n 1
-	}
 
-	if [ ${ESXiHost+x} ] && [ ${ESXiUser+x} ]; then
+	# Step 1c - Build the JSON request body. You can find this on your VCA appliance in the testing section.
-		status "Checking for existing ssh keys for $ESXiHost"
+	REQUEST_BODY="{ \"spec\" : { \"cert\" : \"$CERT\", \"key\" : \"$PRIVKEY\"  } }"
-		if [[ -e ~/.ssh/$ESXiHost'_rsa' ]]
-			then
-		    status "Keys for $ESXiHost exist. Continuing"
-		else
-		  status "Keys for $ESXiHost not found. Generating 4096 bit keys"
-		  ssh-keygen -b 4096 -t rsa -f ~/.ssh/$ESXiHost'_rsa' -q -N "" -C "$ESXiUser@$HOSTNAME LetsEncrypt"
-		  status "Adding new key to ssh-agent"
-		  eval `ssh-agent` && ssh-add ~/.ssh/$ESXiHost'_rsa'
-		  status "Configuring $ESXiHost for ssh access"
-		  pubkey=`cat ~/.ssh/$ESXiHost'_rsa.pub'`
-		  ssh $ESXiUser@$ESXiHost "mkdir -p /etc/ssh/keys-$ESXiUser &&
-		  echo $pubkey > /etc/ssh/keys-$ESXiUser/authorized_keys &&
-		  chmod 700 -R /etc/ssh/keys-$ESXiUser &&
-		  chmod 600 /etc/ssh/keys-$ESXiUser/authorized_keys &&
-		  chown -R $ESXiUser /etc/ssh/keys-$ESXiUser &&
-		  /etc/init.d/SSH restart"
-		fi
 
-		# Copy letsencrypt cert to ESXi target
+	# Step 2 - Update the certificate using the request body
-		status "Coping letsencrypt cert to $ESXiHost"
+	echo "Updating cert..."
-		sudo scp /etc/letsencrypt/live/$ESXiHost/* $ESXiUser@$ESXiHost:/root/
+	curl --insecure -X PUT "$SERVER/rest/vcenter/certificate-management/vcenter/tls" \
+	                -H "vmware-api-session-id: $SESSION_ID" \
+	                -H "Content-type: application/json" \
+	                -d "$REQUEST_BODY"
 
-		ssh $ESXiUser@$ESXiHost "/usr/lib/vmware-vmca/bin/certificate-manager"
+	# Step 3 - Close the session
-
+	echo "Deleting session..."
-	else
+	curl --insecure -X DELETE "$SERVER/rest/com/vmware/cis/session" -H "vmware-api-session-id: $SESSION_ID"
-		echo -e "${idsCL[Red]}Missing required variables.${idsCL[Default]}"
+	echo "Done!"
-		exit 1
-	fi
 }
 ADD_LOGROTATE_CRONTAB(){
 	if ! crontab -l | grep -q '/opt/idssys/nodemgmt/tmp-logrotate'; then