diff --git a/nodemgmt-scripts.sh b/nodemgmt-scripts.sh index 5076d078..887b59c9 100755 --- a/nodemgmt-scripts.sh +++ b/nodemgmt-scripts.sh @@ -396,78 +396,52 @@ NODEUPDATE() { } VCENTER-SSL(){ - VCHOSTNAME='vcenter.scity.us' - BASECERTDIR="${NM_CERTPATH}/live" - CERTDIR="${BASECERTDIR}/${VCHOSTNAME}" - SERVER="https://${VCHOSTNAME}" + VCSERVER="https://${NM_VCHOSTNAME}" CRED="administrator@scity.vs:$(pass iDSVC)" - VCUSER="administrator@scity.vs" CURRENTLIVE=/etc/vmware-rhttpproxy/ssl/rui.crt - CERT=/root/.acme.sh/$VCHOSTNAME/$VCHOSTNAME.cer - KEY=/root/.acme.sh/$VCHOSTNAME/$VCHOSTNAME.key - CHAIN=/root/.acme.sh/$VCHOSTNAME/fullchain.cer + CERT=/root/.acme.sh/${NM_VCHOSTNAME}/${NM_VCHOSTNAME}.cer + KEY=/root/.acme.sh/${NM_VCHOSTNAME}/${NM_VCHOSTNAME}.key + CHAIN=/root/.acme.sh/${NM_VCHOSTNAME}/fullchain.cer echo -en "${idsCL[LightCyan]}Checking days left on vCenter cert... ${idsCL[Default]}" - VCCERTDAYS=$(${NM_FOLDER}/ssl-cert-check/ssl-cert-check -p 443 -s ${VCHOSTNAME} -N) + VCCERTDAYS=$(${NM_FOLDER}/ssl-cert-check/ssl-cert-check -p 443 -s ${NM_VCHOSTNAME} -N) VCCERTDAYS=${VCCERTDAYS#*=} - if [ "${VCCERTDAYS}" -gt "29" ] && [ "${1}" != "force" ]; then - echo -e "${idsCL[Green]}${VCCERTDAYS} days left, Certificate is still valid, no noeed to update${idsCL[Default]}" - echo - exit 0 - elif [ "${VCCERTDAYS}" -gt "29" ] && [ "${1}" == "force" ]; then - echo -e "${idsCL[Yellow]}${VCCERTDAYS} days left, forcing certificate update${idsCL[Default]}" - echo + if [ "${VCCERTDAYS}" -gt "29" ]; then + if [ "${1}" == "force" ]; then + echo -e "${idsCL[Yellow]}${VCCERTDAYS} days left, forcing certificate update${idsCL[Default]}" + echo + else + echo -e "${idsCL[Green]}${VCCERTDAYS} days left, Certificate is still valid, no noeed to update${idsCL[Default]}" + echo + exit 0 + fi else echo -e "${idsCL[Yellow]}${VCCERTDAYS} days left, Certificate needs to be updated${idsCL[Default]}" echo fi - LIVEMD5=$(ssh root@$VCHOSTNAME "md5sum $CURRENTLIVE | cut -d\ -f1") - CURRENTMD5=$(md5sum $CERTDIR/cert.pem | cut -d\ -f1) - if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then - echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}" - echo - exit 0 + if ssh -q root@${NM_VCHOSTNAME} [ ! -d /root/.acme.sh ]; then + echo -e "${idsCL[Yellow]}Installing acme.sh scripts on vCenter${idsCL[Default]}\n" + else + echo -e "${idsCL[Green]}Verified acme.sh scripts are installed on vCenter${idsCL[Default]}\n" fi + # LIVEMD5=$(ssh root@${NM_VCHOSTNAME} "md5sum $CURRENTLIVE | cut -d\ -f1") + # CURRENTMD5=$(md5sum $CERTDIR/cert.pem | cut -d\ -f1) + # if [ "$LIVEMD5" == "$CURRENTMD5" ] && [ "${1}" != "force" ]; then + # echo -e "${idsCL[Yellow]}Certificates remains the same, no newer certificates exist${idsCL[Default]}" + # echo + # exit 0 + # fi + echo -e "${idsCL[Green]}Updating certificates on vCenter... ${idsCL[Default]}" echo -e "${idsCL[LightCyan]}This process make take up to 10mins${idsCL[Default]}" echo - # eval $(awk '{ print "export " $1 }' /etc/sysconfig/vmware-environment) - - scp $BASECERTDIR/$VCHOSTNAME/cert.pem root@${VCHOSTNAME}:$CERT - scp $BASECERTDIR/$VCHOSTNAME/privkey.pem root@${VCHOSTNAME}:$KEY - scp $BASECERTDIR/$VCHOSTNAME/fullchain.pem root@${VCHOSTNAME}:$CHAIN + # ssh root@${NM_VCHOSTNAME} "(printf '1\n%s\n' '${NM_VCUSER}'; sleep 1; printf '%s\n' '$(pass iDSVC)'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '$CERT' '$KEY' '$CHAIN') | setsid /usr/lib/vmware-vmca/bin/certificate-manager" - ssh root@$VCHOSTNAME "(printf '1\n%s\n' '$VCUSER'; sleep 1; printf '%s\n' '$(pass iDSVC)'; sleep 1; printf '2\n'; sleep 1; printf '%s\n%s\n%s\ny\n\n' '$CERT' '$KEY' '$CHAIN') | setsid /usr/lib/vmware-vmca/bin/certificate-manager" - - - - # SESSION_ID=$(curl -s -X POST --header 'Content-Type: application/json' --header 'Accept: application/json' --header 'vmware-use-header-authn: test' --header 'vmware-api-session-id: null' -u $CRED "$SERVER/rest/com/vmware/cis/session" --insecure | python3 -c "import sys, json; print(json.load(sys.stdin)['value'])") - # PRIVKEY=$(awk -v ORS='\\n' '1' "$CERTDIR/privkey.pem") - # CERT=$(awk -v ORS='\\n' '1' "$CERTDIR/fullcert.pem") - # REQUEST_BODY="{ \"spec\" : { \"cert\" : \"$CERT\", \"key\" : \"$PRIVKEY\" } }" - # curl --insecure -X PUT "$SERVER/rest/vcenter/certificate-management/vcenter/tls" \ - # -H "vmware-api-session-id: $SESSION_ID" \ - # -H "Content-type: application/json" \ - # -d "$REQUEST_BODY" - # curl --insecure -X DELETE "$SERVER/rest/com/vmware/cis/session" -H "vmware-api-session-id: $SESSION_ID" - - # echo -e "${idsCL[Green]}Done${idsCL[Default]}" - # echo - - # read -n 1 -s -p "Press any key to continue" - - # echo -en "${idsCL[LightCyan]}Stopping vCenter services... ${idsCL[Default]}" - # ssh -i ~/.ssh/id_rsa root@vcenter.scity.us 'service-control --stop --all' >/dev/null 2>&1 - # echo -e "${idsCL[Green]}Done${idsCL[Default]}" - # - # echo -en "${idsCL[LightCyan]}Starting vCenter services... ${idsCL[Default]}" - # ssh -i ~/.ssh/id_rsa root@vcenter.scity.us 'service-control --start --all' >/dev/null 2>&1 - # echo -e "${idsCL[Green]}Done${idsCL[Default]}" echo echo -e "${idsCL[Green]}The vCenter certifcate has been updated${idsCL[Default]}"