From ed18c1e6b9cb82b12c425303b4e0452afdfa0915 Mon Sep 17 00:00:00 2001
From: David Schroeder <david@schroedercity.com>
Date: Wed, 22 Nov 2023 20:15:03 -0600
Subject: [PATCH] Update nodemgmt-scripts.sh

---
 nodemgmt-scripts.sh | 62 +++++++++++++++++++++++----------------------
 1 file changed, 32 insertions(+), 30 deletions(-)

diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh
index 16200d35..969d8deb 100755
--- a/nodemgmt-scripts.sh
+++ b/nodemgmt-scripts.sh
@@ -396,16 +396,19 @@ NODEUPDATE() {
 }
 
 VCENTER-SSL(){
-	if [ "${NM_VCHOSTNAME}" != "" ] && [ "${NM_VCUSER}" != "" ] && [ "${NM_VCPASS}" != "" ] && [ "${NM_WPDNS_KEY}" != "" ]; then
-		VCSERVER="https://${NM_VCHOSTNAME}"
-		CURRENTLIVE=/etc/vmware-rhttpproxy/ssl/rui.crt
+ 	[ "${NM_VC_ACMEFOLDER}" == "" ] && NM_VC_ACMEFOLDER="/root/.acme.sh"
+ 	[ "${NM_VC_ACMESCRIPT}" == "" ] && NM_VC_ACMESCRIPT="acme.sh"
 	
-		VC_CERT=/root/.acme.sh/${NM_VCHOSTNAME}/${NM_VCHOSTNAME}.cer
-		VC_KEY=/root/.acme.sh/${NM_VCHOSTNAME}/${NM_VCHOSTNAME}.key
-		VC_CHAIN=/root/.acme.sh/${NM_VCHOSTNAME}/fullchain.cer
+	if [ "${NM_VC_HOSTNAME}" != "" ] && [ "${NM_VC_USER}" != "" ] && [ "${NM_VC_PASS}" != "" ] && [ "${NM_WPDNS_KEY}" != "" ]; then
+		VCSERVER="https://${NM_VC_HOSTNAME}"
+		CURRENTLIVECERTCERT=/etc/vmware-rhttpproxy/ssl/rui.crt
+	
+		VC_CERT=${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/${NM_VC_HOSTNAME}.cer
+		VC_KEY=${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/${NM_VC_HOSTNAME}.key
+		VC_CHAIN=${NM_VC_ACMEFOLDER}/${NM_VC_HOSTNAME}/fullchain.cer
 	
 		echo -en "${idsCL[LightCyan]}Checking days left on vCenter cert... ${idsCL[Default]}"
-		VCCERTDAYS=$(${NM_FOLDER}/ssl-cert-check/ssl-cert-check -p 443 -s ${NM_VCHOSTNAME} -N)
+		VCCERTDAYS=$(${NM_FOLDER}/ssl-cert-check/ssl-cert-check -p 443 -s ${NM_VC_HOSTNAME} -N)
 		VCCERTDAYS=${VCCERTDAYS#*=}
 	
 		if [ "${VCCERTDAYS}" -gt "29" ]; then
@@ -425,44 +428,43 @@ VCENTER-SSL(){
 		echo '#!/usr/bin/env bash' >| /tmp/vcenter-update-ssl.sh
 		echo "export PDNS_Url='https://wdns.scity.us'
 export PDNS_Token='${NM_WPDNS_KEY}'
+# export PDNS_ServerId='localhost'
 export PDNS_ServerId='scity.us'
 export PDNS_Ttl=60
 		" >> /tmp/vcenter-update-ssl.sh
 	
-		if ssh -q root@${NM_VCHOSTNAME} [ ! -d /root/.acme.sh ]; then
+		if ssh -q root@${NM_VC_HOSTNAME} [ ! -d ${NM_VC_ACMEFOLDER} ]; then
 			echo -e "${idsCL[Yellow]}Installing acme.sh scripts on vCenter${idsCL[Default]}\n"
-			ssh -q root@${NM_VCHOSTNAME} "wget -O -  https://get.acme.sh | sh"
-			echo -e "${idsCL[LightGreen]}Requesting new certificate ...${idsCL[Default]}\n"
-			echo "/root/.acme.sh/acme.sh --server letsencrypt -k 2048 --preferred-chain 'ISRG Root X1' --issue --dns dns_pdns -d ${NM_VCHOSTNAME}" >> /tmp/vcenter-update-ssl.sh
+			ssh -q root@${NM_VC_HOSTNAME} "wget -O -  https://get.acme.sh | sh"
+			echo -e "\n${idsCL[LightGreen]}Requesting new certificate ...${idsCL[Default]}\n"
+			echo "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --server letsencrypt -k 2048 --preferred-chain 'ISRG Root X1' --issue --dns dns_pdns -d ${NM_VC_HOSTNAME}" >> /tmp/vcenter-update-ssl.sh
 		else
 			echo -e "${idsCL[Green]}Verified acme.sh scripts are installed on vCenter, checking for updates${idsCL[Default]}\n"
-			ssh -q root@${NM_VCHOSTNAME} "/root/.acme.sh/acme.sh --upgrade"
-			echo -e "${idsCL[LightGreen]}Renewing certificate ...${idsCL[Default]}\n"
+			ssh -q root@${NM_VC_HOSTNAME} "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --upgrade"
+			echo -e "\n${idsCL[LightGreen]}Renewing certificate ...${idsCL[Default]}\n"
 			if [ "${1}" == "force" ]; then
-				echo "/root/.acme.sh/acme.sh --renew-all --force --test" >> /tmp/vcenter-update-ssl.sh
+				# echo "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --renew-all --force" >> /tmp/vcenter-update-ssl.sh
 			else
-				echo "/root/.acme.sh/acme.sh --renew-all" >> /tmp/vcenter-update-ssl.sh
+				echo "${NM_VC_ACMEFOLDER}/${NM_VC_ACMESCRIPT} --renew-all" >> /tmp/vcenter-update-ssl.sh
 			fi
 		fi
 		
-		scp -q /tmp/vcenter-update-ssl.sh root@${NM_VCHOSTNAME}:/tmp/vcenter-update-ssl.sh
-		ssh -q root@${NM_VCHOSTNAME} "bash /tmp/vcenter-update-ssl.sh"
-
+		scp -q /tmp/vcenter-update-ssl.sh root@${NM_VC_HOSTNAME}:/tmp/vcenter-update-ssl.sh
+		ssh -q root@${NM_VC_HOSTNAME} "bash /tmp/vcenter-update-ssl.sh"
 		
+		LIVEMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum ${CURRENTLIVECERT} | cut -d\  -f1")
+		CURRENTMD5=$(ssh -q root@${NM_VC_HOSTNAME} "md5sum ${VC_CERT} | cut -d\  -f1")
+		if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then
+			echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}"
+			echo
+			exit 0
+		fi
 	
-		# LIVEMD5=$(ssh root@${NM_VCHOSTNAME} "md5sum $CURRENTLIVE | cut -d\  -f1")
-		# CURRENTMD5=$(md5sum $CERTDIR/cert.pem | cut -d\  -f1)
-		# if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then
-		# 	echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}"
-		# 	echo
-		# 	exit 0
-		# fi
+		echo -e "${idsCL[LightGreen]}Updating certificates on vCenter... ${idsCL[Default]}"
+		echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}"
+		echo
 	
-		# echo -e "${idsCL[Green]}Updating certificates on vCenter... ${idsCL[Default]}"
-		# echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}"
-		# echo
-	
-		# ssh root@${NM_VCHOSTNAME} "(printf '1\n%s\n' '${NM_VCUSER}'; sleep 1; printf '%s\n' '${NM_VCPASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager"
+		ssh -q root@${NM_VC_HOSTNAME} "(printf '1\n%s\n' '${NM_VC_USER}'; sleep 1; printf '%s\n' '${NM_VC_PASS}'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '${VC_CERT}' '${VC_KEY}' '${VC_CHAIN}') | setsid /usr/lib/vmware-vmca/bin/certificate-manager"
 	
 	
 		echo -e "\n${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}"