Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Deploy ACME certificates to HP Aruba IAP Access Point
#!/bin/bash
##
## AstLinux acme-client, deploy/custom.sh action script
##
## Tested with:
## ArubaOS (MODEL: 215), Version 6.5.4.3
##
## custom_deploy() arguments
_cdomain="$1"
_ckey="$2"
_ccert="$3"
_cca="$4"
_cfullchain="$5"
##
## Define Aruba IAP controller SSH user and host
user_host="admin@iap.example.com"
## Define Aruba IAP controller SSH password
pass="secret"
## Define local TFTP server IP address reachable by Aruba IAP
tftp_server="10.20.30.40"
## Define local TFTP server PEM file name and path
pem_file="aruba-iap.pem"
pem_path="/tftpboot/$pem_file"
##
pid_file="/var/run/empty.$$.pid"
prompt=":[0-9a-f][0-9a-f]#"
empty_rtn=0
empty_cleanup()
{
sleep 1
empty -k >/dev/null 2>&1
rm -f "$pem_path"
}
empty_error()
{
local msg="$1"
trap - INT TERM EXIT
echo "$msg" >&2
empty_cleanup
exit 1
}
empty_expect()
{
local expect="$1" error_str="$2"
empty -v -w "$expect"
if [ $? -eq 255 ]; then
if [ -n "$error_str" ]; then
empty_error "$error_str"
fi
empty_rtn=255
fi
}
empty_send()
{
local send="$1"
empty -s "$send"
}
trap 'empty_cleanup ; exit $?' INT TERM EXIT
if empty -f -p $pid_file ssh -o 'StrictHostKeyChecking=no' $user_host; then
rm -f "$pem_path"
key_pass="$(openssl rand -base64 24)"
echo "$key_pass" | openssl rsa -aes256 -in "$_ckey" -out "$pem_path" -passout stdin
if [ ! -f "$pem_path" ]; then
empty_error "Error: Failed to create file: $pem_path, exiting"
fi
if [ -f "$_cfullchain" ]; then
cat "$_cfullchain" >> "$pem_path"
else
cat "$_ccert" >> "$pem_path"
fi
chmod 644 "$pem_path"
empty_expect 'password:'
echo "$pass" | empty -s
empty_expect "$prompt" "Error: Bad password, exiting"
empty_send "copy tftp $tftp_server $pem_file ui cert $key_pass format pem\n"
empty_expect "$prompt"
empty_send "copy tftp $tftp_server $pem_file cp cert $key_pass format pem\n"
empty_expect "$prompt"
empty_send 'exit\n'
empty_cleanup
else
empty_error "Error: Can't start empty in daemon mode"
fi
trap - INT TERM EXIT
if [ $empty_rtn -eq 0 ]; then
logger -s -t acme-client "New ACME certificates deployed to Aruba IAP applied for 'ui' and 'cp'"
fi
exit $empty_rtn
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.