add vcenter ssl
This commit is contained in:
@@ -1495,6 +1495,77 @@ NODEUPDATE() {
|
|||||||
echo ""
|
echo ""
|
||||||
}
|
}
|
||||||
|
|
||||||
|
VCENTER_SSL(){
|
||||||
|
function status() {
|
||||||
|
GREEN='\033[00;32m'
|
||||||
|
RESTORE='\033[0m'
|
||||||
|
echo -e "\n...${GREEN}$1${RESTORE}...\n"
|
||||||
|
}
|
||||||
|
|
||||||
|
# Usage: input "Prompt Text" "Variable Name"
|
||||||
|
function input() {
|
||||||
|
GREEN='\033[00;32m'
|
||||||
|
RESTORE='\033[0m'
|
||||||
|
echo -en "\n...${GREEN}$1${RESTORE}: "
|
||||||
|
read $2
|
||||||
|
echo -e ""
|
||||||
|
}
|
||||||
|
|
||||||
|
function pressanykey(){
|
||||||
|
GREEN='\033[00;32m'
|
||||||
|
RESTORE='\033[0m'
|
||||||
|
echo -en "\n...${GREEN}$1. Press any key to continue.${RESTORE}..."
|
||||||
|
read -r -p "" -n 1
|
||||||
|
}
|
||||||
|
|
||||||
|
if [ ${ESXiHost+x} ] && [ ${ESXiUser+x} ]; then
|
||||||
|
status "Checking for existing ssh keys for $ESXiHost"
|
||||||
|
if [[ -e ~/.ssh/$ESXiHost'_rsa' ]]
|
||||||
|
then
|
||||||
|
status "Keys for $ESXiHost exist. Continuing"
|
||||||
|
else
|
||||||
|
status "Keys for $ESXiHost not found. Generating 4096 bit keys"
|
||||||
|
ssh-keygen -b 4096 -t rsa -f ~/.ssh/$ESXiHost'_rsa' -q -N "" -C "$ESXiUser@$HOSTNAME LetsEncrypt"
|
||||||
|
status "Adding new key to ssh-agent"
|
||||||
|
eval `ssh-agent` && ssh-add ~/.ssh/$ESXiHost'_rsa'
|
||||||
|
status "Configuring $ESXiHost for ssh access"
|
||||||
|
pubkey=`cat ~/.ssh/$ESXiHost'_rsa.pub'`
|
||||||
|
ssh $ESXiUser@$ESXiHost "mkdir -p /etc/ssh/keys-$ESXiUser &&
|
||||||
|
echo $pubkey > /etc/ssh/keys-$ESXiUser/authorized_keys &&
|
||||||
|
chmod 700 -R /etc/ssh/keys-$ESXiUser &&
|
||||||
|
chmod 600 /etc/ssh/keys-$ESXiUser/authorized_keys &&
|
||||||
|
chown -R $ESXiUser /etc/ssh/keys-$ESXiUser &&
|
||||||
|
/etc/init.d/SSH restart"
|
||||||
|
fi
|
||||||
|
|
||||||
|
time=$(date +%Y.%m.%d_%H:%M:%S)
|
||||||
|
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/castore.pem /etc/vmware/ssl/castore.pem.back.$time"
|
||||||
|
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/rui.crt /etc/vmware/ssl/rui.crt.back.$time"
|
||||||
|
ssh $ESXiUser@$ESXiHost "cp /etc/vmware/ssl/rui.key /etc/vmware/ssl/rui.key.back.$time"
|
||||||
|
|
||||||
|
# Copy letsencrypt cert to ESXi target
|
||||||
|
status "Coping letsencrypt cert to $ESXiHost"
|
||||||
|
sudo scp /etc/letsencrypt/live/$ESXiHost/fullchain.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/castore.pem
|
||||||
|
sudo scp /etc/letsencrypt/live/$ESXiHost/cert.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/rui.crt
|
||||||
|
sudo scp /etc/letsencrypt/live/$ESXiHost/privkey.pem $ESXiUser@$ESXiHost:/etc/vmware/ssl/rui.key
|
||||||
|
|
||||||
|
# Restart services on ESXi target
|
||||||
|
status "Restarting services on $ESXiHost"
|
||||||
|
ssh $ESXiUser@$ESXiHost "services.sh restart"
|
||||||
|
|
||||||
|
# Disable UPnP http(s) port forward
|
||||||
|
status "Removing http(s) port forwarding"
|
||||||
|
upnpc -d 80 tcp
|
||||||
|
upnpc -d 443 tcp
|
||||||
|
|
||||||
|
# Prompt user to confirm/disable SSH on ESXi target
|
||||||
|
pressanykey "Remember to disable SSH service on $ESXiHost"
|
||||||
|
else
|
||||||
|
echo -e "${idsCL[Red]}Missing required variables.${idsCL[Default]}"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
|
}
|
||||||
|
|
||||||
GUI(){
|
GUI(){
|
||||||
DISP_HEADER true true
|
DISP_HEADER true true
|
||||||
while :
|
while :
|
||||||
|
|||||||
Reference in New Issue
Block a user