Created
November 16, 2015 23:37
-
-
Save jasonrahm/12b14470529581c6144a to your computer and use it in GitHub Desktop.
Install certificate and key on BIG-IP, create the file objects, create an SSL profile
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
def _upload(host, creds, fp): | |
chunk_size = 512 * 1024 | |
headers = { | |
'Content-Type': 'application/octet-stream' | |
} | |
fileobj = open(fp, 'rb') | |
filename = os.path.basename(fp) | |
uri = 'https://%s/mgmt/shared/file-transfer/uploads/%s' % (host, filename) | |
requests.packages.urllib3.disable_warnings() | |
size = os.path.getsize(fp) | |
start = 0 | |
while True: | |
file_slice = fileobj.read(chunk_size) | |
if not file_slice: | |
break | |
current_bytes = len(file_slice) | |
if current_bytes < chunk_size: | |
end = size | |
else: | |
end = start + current_bytes | |
content_range = "%s-%s/%s" % (start, end - 1, size) | |
headers['Content-Range'] = content_range | |
requests.post(uri, | |
auth=creds, | |
data=file_slice, | |
headers=headers, | |
verify=False) | |
start += current_bytes | |
def create_cert_obj(bigip, b_url, files): | |
f1 = os.path.basename(files[0]) | |
f2 = os.path.basename(files[1]) | |
if f1.endswith('.crt'): | |
certfilename = f1 | |
keyfilename = f2 | |
else: | |
keyfilename = f1 | |
certfilename = f2 | |
certname = f1.split('.')[0] | |
payload = {} | |
payload['command'] = 'install' | |
payload['name'] = certname | |
# Map Cert to File Object | |
payload['from-local-file'] = '/var/config/rest/downloads/%s' % certfilename | |
bigip.post('%s/sys/crypto/cert' % b_url, json.dumps(payload)) | |
# Map Key to File Object | |
payload['from-local-file'] = '/var/config/rest/downloads/%s' % keyfilename | |
bigip.post('%s/sys/crypto/key' % b_url, json.dumps(payload)) | |
return certfilename, keyfilename | |
def create_ssl_profile(bigip, b_url, certname, keyname): | |
payload = {} | |
payload['name'] = certname.split('.')[0] | |
payload['cert'] = certname | |
payload['key'] = keyname | |
bigip.post('%s/ltm/profile/client-ssl' % b_url, json.dumps(payload)) | |
if __name__ == "__main__": | |
import os, requests, json, argparse, getpass | |
parser = argparse.ArgumentParser(description='Upload Key/Cert to BIG-IP') | |
parser.add_argument("host", help='BIG-IP IP or Hostname', ) | |
parser.add_argument("username", help='BIG-IP Username') | |
parser.add_argument("filepath", nargs=2, help='Key/Cert file names (include the path.)') | |
args = vars(parser.parse_args()) | |
hostname = args['host'] | |
username = args['username'] | |
filepath = args['filepath'] | |
print "%s, enter your password: " % args['username'], | |
password = getpass.getpass() | |
# Build the auth object for uploading the cert/key | |
b_url_base = 'https://%s/mgmt/tm' % hostname | |
b = requests.session() | |
b.auth = (username, password) | |
b.verify = False | |
b.headers.update({'Content-Type':'application/json'}) | |
#upload the key/cert files to BIG-IP. Default location is /var/config/rest/downloads/ | |
_upload(hostname, (username, password), filepath[0]) | |
_upload(hostname, (username, password), filepath[1]) | |
# Map the key/cert files to a BIG-IP cert file object for use in ssl profiles | |
certname, keyname = create_cert_obj(b, b_url_base, filepath) | |
# Use the new cert file object to create an ssl profile | |
create_ssl_profile(b, b_url_base, certname, keyname) |
@zancas in create_cert_obj I think you need to return certname and not certfilename, then in your create_ssl_profile pass certname twice. Actually scratch that, what you are doing is the same thing I've done over REST and it works.
To get this to properly create the client-ssl profile, modify lines 49 and 68.
Change the split('.') to rsplit('.',1)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Folks I've ported this code into the
f5-sdk
everything works as described except for the very last step.