From 6b0b520ec2fd6cc682976e033057cf52a9c083bc Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sat, 19 Mar 2022 15:24:45 +0000 Subject: [PATCH 1/4] feat: Add deploy script for HP iLO (using Redfish REST API) --- deploy/hpilo.sh | 78 +++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 78 insertions(+) create mode 100644 deploy/hpilo.sh diff --git a/deploy/hpilo.sh b/deploy/hpilo.sh new file mode 100644 index 00000000..d2894255 --- /dev/null +++ b/deploy/hpilo.sh @@ -0,0 +1,78 @@ +#!/bin/bash + +# Deploy script for HPE iLO4 +# +# The following environment variables are +# needed for the deploy script to work: +# +# ```sh +# export HPILO_USERNAME=admin +# export HPILO_PASSWORD=secret +# export HPILO_HOST=ilo.example.com +# +# acme.sh --deploy -d ilo.example.com --deploy-hook hpilo +# ``` + +######## Public functions ##################### + +#domain keyfile certfile cafile fullchain +hpilo_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + if [ -f "$DOMAIN_CONF" ]; then + # shellcheck disable=SC1090 + . "$DOMAIN_CONF" + fi + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + # iLO host is optional, use _cdomain if not provided + if [ -n "$HPILO_HOST" ]; then + Le_Deploy_ilo_host="$HPILO_HOST" + _savedomainconf Le_Deploy_ilo_host "$Le_Deploy_ilo_host" + elif [ -z "$Le_Deploy_ilo_host" ]; then + _debug "Using _cdomain as iLO host, set HPILO_HOST if not correct." + Le_Deploy_ilo_host="$_cdomain" + fi + + # iLO username is required + if [ -z "$HPILO_USERNAME" ]; then + if [ -z "$Le_Deploy_ilo_username" ]; then + _err "HPILO_USERNAME is not defined." + return 1 + fi + else + Le_Deploy_ilo_username="$HPILO_USERNAME" + _savedomainconf Le_Deploy_ilo_username "$Le_Deploy_ilo_username" + fi + + # iLO password is required + if [ -z "$HPILO_PASSWORD" ]; then + if [ -z "$Le_Deploy_ilo_password" ]; then + _err "HPILO_PASSWORD is not defined." + return 1 + fi + else + Le_Deploy_ilo_password="$HPILO_PASSWORD" + _savedomainconf Le_Deploy_ilo_password "$Le_Deploy_ilo_password" + fi + + _info "Attempting to deploy certificate '$_ccert' to '$Le_Deploy_ilo_host'" + + curl -sS -k -X POST -H "Content-Type: application/json" -d "{ \"Action\": \"ImportCertificate\", \"Certificate\": \"$(cat "$_ccert")\" }" -u "${Le_Deploy_ilo_username}":"${Le_Deploy_ilo_password}" "https://${Le_Deploy_ilo_host}/redfish/v1/Managers/1/SecurityService/HttpsCert/" + _ret="$?" + + if [ "$_ret" != "0" ]; then + _err "Error code $_ret returned from iLO Redfish API" + fi + + return $_ret +} From 85bb20108a3fd586651e507161d96722090c3c88 Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sun, 20 Mar 2022 08:17:38 +0000 Subject: [PATCH 2/4] fix: Change shebang to `sh` (conform to dev guide) --- deploy/hpilo.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/hpilo.sh b/deploy/hpilo.sh index d2894255..14374977 100644 --- a/deploy/hpilo.sh +++ b/deploy/hpilo.sh @@ -1,4 +1,4 @@ -#!/bin/bash +#!/usr/bin/env sh # Deploy script for HPE iLO4 # From 6f53f92ed3d835274e08448be41539d125259b57 Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sun, 20 Mar 2022 16:45:30 +0000 Subject: [PATCH 3/4] fix: Use _post() abstracted function instead of curl directly (conform to dev guide) --- deploy/hpilo.sh | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) diff --git a/deploy/hpilo.sh b/deploy/hpilo.sh index 14374977..432f533b 100644 --- a/deploy/hpilo.sh +++ b/deploy/hpilo.sh @@ -67,7 +67,21 @@ hpilo_deploy() { _info "Attempting to deploy certificate '$_ccert' to '$Le_Deploy_ilo_host'" - curl -sS -k -X POST -H "Content-Type: application/json" -d "{ \"Action\": \"ImportCertificate\", \"Certificate\": \"$(cat "$_ccert")\" }" -u "${Le_Deploy_ilo_username}":"${Le_Deploy_ilo_password}" "https://${Le_Deploy_ilo_host}/redfish/v1/Managers/1/SecurityService/HttpsCert/" + ilo_credentials="${Le_Deploy_ilo_username}:${Le_Deploy_ilo_password}" + _secure_debug "HPILO_USERNAME:HPILO_PASSWORD" $ilo_credentials + ilo_credentials_encoded=$(printf "%s" "$ilo_credentials" | _base64) + export _H1="Authorization: Basic ${ilo_credentials_encoded}" + _debug3 _H1 "$_H1" + + ilo_redfish_httpscert_uri="https://${Le_Deploy_ilo_host}/redfish/v1/Managers/1/SecurityService/HttpsCert/" + _debug2 ilo_redfish_httpscert_uri "$ilo_redfish_httpscert_uri" + + ilo_redfish_httpscert_body="{ \"Action\": \"ImportCertificate\", \"Certificate\": \"$(cat "$_ccert")\" }" + + # Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate + export HTTPS_INSECURE=1 + + _post "$ilo_redfish_httpscert_body" "$ilo_redfish_httpscert_uri" "" "POST" "application/json" _ret="$?" if [ "$_ret" != "0" ]; then From 9032fb99c75e11d8e26e1e85989cbd0f266cca92 Mon Sep 17 00:00:00 2001 From: Ian Grant Date: Sun, 20 Mar 2022 16:48:17 +0000 Subject: [PATCH 4/4] style: Whitespace and quoting for shellcheck/shfmt conformity --- deploy/hpilo.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/hpilo.sh b/deploy/hpilo.sh index 432f533b..f5a3990b 100644 --- a/deploy/hpilo.sh +++ b/deploy/hpilo.sh @@ -68,19 +68,19 @@ hpilo_deploy() { _info "Attempting to deploy certificate '$_ccert' to '$Le_Deploy_ilo_host'" ilo_credentials="${Le_Deploy_ilo_username}:${Le_Deploy_ilo_password}" - _secure_debug "HPILO_USERNAME:HPILO_PASSWORD" $ilo_credentials + _secure_debug "HPILO_USERNAME:HPILO_PASSWORD" "$ilo_credentials" ilo_credentials_encoded=$(printf "%s" "$ilo_credentials" | _base64) export _H1="Authorization: Basic ${ilo_credentials_encoded}" _debug3 _H1 "$_H1" ilo_redfish_httpscert_uri="https://${Le_Deploy_ilo_host}/redfish/v1/Managers/1/SecurityService/HttpsCert/" _debug2 ilo_redfish_httpscert_uri "$ilo_redfish_httpscert_uri" - + ilo_redfish_httpscert_body="{ \"Action\": \"ImportCertificate\", \"Certificate\": \"$(cat "$_ccert")\" }" # Do not check for a valid SSL certificate, because initially the cert is not valid, so it could not install the LE generated certificate export HTTPS_INSECURE=1 - + _post "$ilo_redfish_httpscert_body" "$ilo_redfish_httpscert_uri" "" "POST" "application/json" _ret="$?"