diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index 68d6fdd7..a75b5f28 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -1675,32 +1675,48 @@ NODEUPDATE() { } VCENTER-SSL(){ - CERTDIR='/etc/letsencrypt/live/vcenter.scity.us' - SERVER='https://vcenter.scity.us' - CRED="administrator@scity.vs:$(pass iDSVC)" + VCHOSTNAME='vcenter.scity.us' + CERTDIR='/etc/letsencrypt/live/${VCHOSTNAME}' + SERVER='https://${VCHOSTNAME}' + CRED="administrator@scity.vs:$(pass iDSVC)" + + echo -en "${idsCL[LightCyan]}Checking if certificate needs to be updated on vCenter... ${idsCL[Default]}" + VCCERTDAYS=$(${FOLDER}/ssl-cert-check/ssl-cert-check -p 443 -s ${VCHOSTNAME} -N) + + if [ ${VCCERTDAYS} -lt 30 ]; then + echo -e "${idsCL[Green]}Certificate is still valid for ${VCCERTDAYS} days yet, no noeed to update${idsCL[Default]}" + exit 0 + else + echo -e "${idsCL[Green]}Certificate needds to be updated${idsCL[Default]}" + echo + fi + + echo -en "${idsCL[LightCyan]}Updating certificate on vCenter... ${idsCL[Default]}" - # Step 1a - Get the session ID. SESSION_ID=$(curl -s -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'vmware-use-header-authn: test' --header 'vmware-api-session-id: null' -u $CRED "$SERVER/rest/com/vmware/cis/session" --insecure | python3 -c "import sys, json; print(json.load(sys.stdin)['value'])") - echo "Session ID: $SESSION_ID" - # Step 1b - Get both the certificate and private key into the format we need. Newlines must be converted into \n using awk or a similar command PRIVKEY=$(awk -v ORS='\\n' '1' "$CERTDIR/privkey.pem") CERT=$(awk -v ORS='\\n' '1' "$CERTDIR/cert.pem") - # Step 1c - Build the JSON request body. You can find this on your VCA appliance in the testing section. REQUEST_BODY="{ \"spec\" : { \"cert\" : \"$CERT\", \"key\" : \"$PRIVKEY\" } }" - # Step 2 - Update the certificate using the request body - echo "Updating cert..." curl --insecure -X PUT "$SERVER/rest/vcenter/certificate-management/vcenter/tls" \ -H "vmware-api-session-id: $SESSION_ID" \ -H "Content-type: application/json" \ -d "$REQUEST_BODY" - # Step 3 - Close the session - echo "Deleting session..." curl --insecure -X DELETE "$SERVER/rest/com/vmware/cis/session" -H "vmware-api-session-id: $SESSION_ID" - echo "Done!" + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + echo + echo -en "${idsCL[LightCyan]}Stopping vCenter services... ${idsCL[Default]}" + ssh -i ~/.ssh/id_rsa root@vcenter.scity.us 'service-control --stop --all' + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + echo -en "${idsCL[LightCyan]}Starting vCenter services... ${idsCL[Default]}" + ssh -i ~/.ssh/id_rsa root@vcenter.scity.us 'service-control --start --all' + echo -e "${idsCL[Green]}Done${idsCL[Default]}" + echo + echo -e "${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}" + } ADD_LOGROTATE_CRONTAB(){ if ! crontab -l | grep -q '/opt/idssys/nodemgmt/tmp-logrotate'; then