Created
May 25, 2020 14:00
-
-
Save jforman/178010d3930283949e4be45b9d3d95c7 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env python3 | |
import argparse | |
import os | |
from proxmoxer import ProxmoxAPI | |
parser = argparse.ArgumentParser() | |
parser.add_argument("--host", | |
action='append', | |
help="Proxmox node to distribute certificate to.") | |
parser.add_argument("--proxmox_username", | |
help="Proxmox username attached to API Key.") | |
parser.add_argument("--cert_path", | |
default="/certs/", | |
help="Directory which contains certificate data.") | |
parser.add_argument("--envvar_api_token_secret", | |
default="PROXMOX_API_TOKENSECRET", | |
help="Environment variable which contains API token secret.") | |
parser.add_argument("--envvar_api_token_id", | |
default="PROXMOX_API_TOKENID", | |
help="Environment variable which contains API token ID.") | |
parser.add_argument("--refresh_days", | |
default=7, | |
help="Interval (days) in which a new certificate is pushed to Proxmox hosts." | |
) | |
args = parser.parse_args() | |
tls_key = "" | |
tls_crt = "" | |
refresh_secs = args.refresh_days * 24 * 3600 | |
with open(f"{args.cert_path}/tls.key", 'r') as f: | |
tls_key = f.read() | |
with open(f"{args.cert_path}/tls.crt", 'r') as f: | |
tls_crt = f.read() | |
api_id = os.getenv(args.envvar_api_token_id) | |
api_secret = os.getenv(args.envvar_api_token_secret) | |
while True: | |
for host in args.host: | |
print(f"Updating certificate on Proxmox node {host}.") | |
proxmox = ProxmoxAPI(host, | |
verify_ssl=False, | |
user=args.proxmox_username, | |
token_name=api_id, # this is the token ID | |
token_value=api_secret) # this is the token secret | |
print(f"proxmox: {proxmox}.") | |
node = host.split(".")[0] | |
cert_args = { | |
'certificates': tls_crt, | |
'key:': tls_key, | |
} | |
print(f"cert_args: {cert_args}") | |
update_output = proxmox.nodes(node).certificates.custom.post(**cert_args) | |
print(f"Certificate Update Output: {update_output}.") | |
time.sleep(refresh_secs) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment