add vcenter ssl
This commit is contained in:
@@ -1495,6 +1495,77 @@ NODEUPDATE() {
|
||||
echo ""
|
||||
}
|
||||
|
||||
VCENTER_SSL(){
|
||||
function status() {
|
||||
GREEN='\033[00;32m'
|
||||
RESTORE='\033[0m'
|
||||
echo -e "\n...${GREEN}$1${RESTORE}...\n"
|
||||
}
|
||||
|
||||
# Usage: input "Prompt Text" "Variable Name"
|
||||
function input() {
|
||||
GREEN='\033[00;32m'
|
||||
RESTORE='\033[0m'
|
||||
echo -en "\n...${GREEN}$1${RESTORE}: "
|
||||
read $2
|
||||
echo -e ""
|
||||
}
|
||||
|
||||
function pressanykey(){
|
||||
GREEN='\033[00;32m'
|
||||
RESTORE='\033[0m'
|
||||
echo -en "\n...${GREEN}$1. Press any key to continue.${RESTORE}..."
|
||||
read -r -p "" -n 1
|
||||
}
|
||||
|
||||
if [ ${ESXiHost+x} ] && [ ${ESXiUser+x} ]; then
|
||||
status "Checking for existing ssh keys for $ESXiHost"
|
||||
if [[ -e ~/.ssh/$ESXiHost'_rsa' ]]
|
||||
then
|
||||
status "Keys for $ESXiHost exist. Continuing"
|
||||
else
|
||||
status "Keys for $ESXiHost not found. Generating 4096 bit keys"
|
||||
ssh-keygen -b 4096 -t rsa -f ~/.ssh/$ESXiHost'_rsa' -q -N "" -C "$ESXiUser@$HOSTNAME LetsEncrypt"
|
||||
status "Adding new key to ssh-agent"
|
||||
eval `ssh-agent` && ssh-add ~/.ssh/$ESXiHost'_rsa'
|
||||
status "Configuring $ESXiHost for ssh access"
|
||||
pubkey=`cat ~/.ssh/$ESXiHost'_rsa.pub'`
|
||||
ssh $ESXiUser@$ESXiHost "mkdir -p /etc/ssh/keys-$ESXiUser &&
|
||||
echo $pubkey > /etc/ssh/keys-$ESXiUser/authorized_keys &&
|
||||
chmod 700 -R /etc/ssh/keys-$ESXiUser &&
|
||||
chmod 600 /etc/ssh/keys-$ESXiUser/authorized_keys &&
|
||||
chown -R $ESXiUser /etc/ssh/keys-$ESXiUser &&
|
||||
/etc/init.d/SSH restart"
|
||||
fi
|
||||
|
||||
time=$(date +%Y.%m.%d_%H:%M:%S)
|
||||
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/castore.pem /etc/vmware/ssl/castore.pem.back.$time"
|
||||
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.back.$time"
|
||||
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.back.$time"
|
||||
|
||||
# Copy letsencrypt cert to ESXi target
|
||||
status "Coping letsencrypt cert to $ESXiHost"
|
||||
sudo scp /etc/letsencrypt/live/$ESXiHost/fullchain.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/castore.pem
|
||||
sudo scp /etc/letsencrypt/live/$ESXiHost/cert.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/rui.crt
|
||||
sudo scp /etc/letsencrypt/live/$ESXiHost/privkey.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/rui.key
|
||||
|
||||
# Restart services on ESXi target
|
||||
status "Restarting services on $ESXiHost"
|
||||
ssh $ESXiUser@$ESXiHost "services.sh restart"
|
||||
|
||||
# Disable UPnP http(s) port forward
|
||||
status "Removing http(s) port forwarding"
|
||||
upnpc -d 80 tcp
|
||||
upnpc -d 443 tcp
|
||||
|
||||
# Prompt user to confirm/disable SSH on ESXi target
|
||||
pressanykey "Remember to disable SSH service on $ESXiHost"
|
||||
else
|
||||
echo -e "${idsCL[Red]}Missing required variables.${idsCL[Default]}"
|
||||
exit 1
|
||||
fi
|
||||
}
|
||||
|
||||
GUI(){
|
||||
DISP_HEADER true true
|
||||
while :
|
||||
|
||||
Reference in New Issue
Block a user