Skip to content

Instantly share code, notes, and snippets.

@jasonrahm

jasonrahm/cert_install.py

Created November 16, 2015 23:37
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save jasonrahm/12b14470529581c6144a to your computer and use it in GitHub Desktop.
Save jasonrahm/12b14470529581c6144a to your computer and use it in GitHub Desktop.
Download ZIP
Install certificate and key on BIG-IP, create the file objects, create an SSL profile
Raw
cert_install.py
def _upload(host, creds, fp):
chunk_size = 512 * 1024
headers = {
'Content-Type': 'application/octet-stream'
}
fileobj = open(fp, 'rb')
filename = os.path.basename(fp)
uri = 'https://%s/mgmt/shared/file-transfer/uploads/%s' % (host, filename)
requests.packages.urllib3.disable_warnings()
size = os.path.getsize(fp)
start = 0
while True:
file_slice = fileobj.read(chunk_size)
if not file_slice:
break
current_bytes = len(file_slice)
if current_bytes < chunk_size:
end = size
else:
end = start + current_bytes
content_range = "%s-%s/%s" % (start, end - 1, size)
headers['Content-Range'] = content_range
requests.post(uri,
auth=creds,
data=file_slice,
headers=headers,
verify=False)
start += current_bytes
def create_cert_obj(bigip, b_url, files):
f1 = os.path.basename(files[0])
f2 = os.path.basename(files[1])
if f1.endswith('.crt'):
certfilename = f1
keyfilename = f2
else:
keyfilename = f1
certfilename = f2
certname = f1.split('.')[0]
payload = {}
payload['command'] = 'install'
payload['name'] = certname
# Map Cert to File Object
payload['from-local-file'] = '/var/config/rest/downloads/%s' % certfilename
bigip.post('%s/sys/crypto/cert' % b_url, json.dumps(payload))
# Map Key to File Object
payload['from-local-file'] = '/var/config/rest/downloads/%s' % keyfilename
bigip.post('%s/sys/crypto/key' % b_url, json.dumps(payload))
return certfilename, keyfilename
def create_ssl_profile(bigip, b_url, certname, keyname):
payload = {}
payload['name'] = certname.split('.')[0]
payload['cert'] = certname
payload['key'] = keyname
bigip.post('%s/ltm/profile/client-ssl' % b_url, json.dumps(payload))
if __name__ == "__main__":
import os, requests, json, argparse, getpass
parser = argparse.ArgumentParser(description='Upload Key/Cert to BIG-IP')
parser.add_argument("host", help='BIG-IP IP or Hostname', )
parser.add_argument("username", help='BIG-IP Username')
parser.add_argument("filepath", nargs=2, help='Key/Cert file names (include the path.)')
args = vars(parser.parse_args())
hostname = args['host']
username = args['username']
filepath = args['filepath']
print "%s, enter your password: " % args['username'],
password = getpass.getpass()
# Build the auth object for uploading the cert/key
b_url_base = 'https://%s/mgmt/tm' % hostname
b = requests.session()
b.auth = (username, password)
b.verify = False
b.headers.update({'Content-Type':'application/json'})
#upload the key/cert files to BIG-IP. Default location is /var/config/rest/downloads/
_upload(hostname, (username, password), filepath[0])
_upload(hostname, (username, password), filepath[1])
# Map the key/cert files to a BIG-IP cert file object for use in ssl profiles
certname, keyname = create_cert_obj(b, b_url_base, filepath)
# Use the new cert file object to create an ssl profile
create_ssl_profile(b, b_url_base, certname, keyname)
@zancas
Copy link

zancas commented May 16, 2016

Folks I've ported this code into the f5-sdk everything works as described except for the very last step.

@kmunson1973
Copy link

kmunson1973 commented May 16, 2016
edited

@zancas in create_cert_obj I think you need to return certname and not certfilename, then in your create_ssl_profile pass certname twice. Actually scratch that, what you are doing is the same thing I've done over REST and it works.

@kryojenik
Copy link

To get this to properly create the client-ssl profile, modify lines 49 and 68.

Change the split('.') to rsplit('.',1)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment