Let's Encrypt on a Big-IP
Problem this snippet solves: It is now possible to make use of Let's Encrypt certificates and maintain them on the Big-IP. Code : http://wiki.lnxgeek.org/doku.php/howtos:let_s_encrypt_-_how_to_iss...
Published Dec 12, 2015
Version 1.0
lnxgeek
MVP
MVPMy upload.sh: cat upload.sh
BIGIP_USERNAME="xxx"
BIGIP_PASSWORD="xxx"
BIGIP_DEVICE="xxx"
CURL="/usr/bin/curl"
LOGFILE=${LOGFILE:-'/home/xxx/dehydrated-bigip-deploy-traffic-certificate.log'}
DATE='date +%m/%d/%Y:%H:%M:%S'
log() {
echo `$DATE`" $*" >> $LOGFILE
}
uploadFile() {
log "uploadFile()[Upload File]: ${1}"
if [ ! -r ${1} ] ; then
return 1
fi
declare -i CHUNK_SIZE
declare -i FILESIZE
declare -i TMP_FILESIZE
declare -i BYTES_START
declare -i BYTES_END
FILENAME=`basename ${1}`
CHUNK_SIZE=$((512 * 1024))
FILESIZE=`stat -L -c%s ${1}`
TMP_FILESIZE=0
BYTES_START=0
TMP_FILE=`mktemp`
if [ ${FILESIZE} -le ${CHUNK_SIZE} ] ; then
OUT=$(/bin/bash -c "${CURL} -s --insecure -X POST --data-binary '@${1}' --user '${BIGIP_USERNAME}:${BIGIP_PASSWORD}' -H 'Content-Type: application/octet-stream' -H 'Content-Range: ${BYTES_START}-$((${FILESIZE} - 1))/${FILESIZE}' 'https://${BIGIP_DEVICE}/mgmt/shared/file-transfer/uploads/${2}'")
log "${CURL} -s --insecure -X POST --data-binary '@${1}' --user '${BIGIP_USERNAME}:${BIGIP_PASSWORD}' -H 'Content-Type: application/octet-stream' -H 'Content-Range: ${BYTES_START}-$((${FILESIZE} - 1))/${FILESIZE}' 'https://${BIGIP_DEVICE}/mgmt/shared/file-transfer/uploads/${2}'"
else
TMP_FILE=`mktemp`
while [ ${BYTES_START} -le ${FILESIZE} ] ; do
echo -n '' > ${TMP_FILE}
dd if="${1}" skip=${BYTES_START} bs=${CHUNK_SIZE} count=1 of="${TMP_FILE}"
TMP_FILESIZE=`stat -L -c%s ${TMP_FILE}`
if [ $((${BYTES_START} + ${CHUNK_SIZE})) -gt ${TMP_FILESIZE} ] ; then
BYTES_END=${FILESIZE}
else
BYTES_END=$((${BYTES_START} + ${TMP_FILESIZE}))
fi
OUT=$(/bin/bash -c "${CURL} -s --insecure -X POST --data-binary '@${TMP_FILE}' --user '${BIGIP_USERNAME}:${BIGIP_PASSWORD}' -H 'Content-Type: application/octet-stream' -H 'Content-Range: ${BYTES_START}-$((${BYTES_END} - 1))/${FILESIZE}' 'https://${BIGIP_DEVICE}/mgmt/shared/file-transfer/uploads/${2}'")
log "${CURL} -s --insecure -X POST --data-binary '@${TMP_FILE}' --user '${BIGIP_USERNAME}:${BIGIP_PASSWORD}' -H 'Content-Type: application/octet-stream' -H 'Content-Range: ${BYTES_START}-$((${BYTES_END} - 1))/${FILESIZE}' 'https://${BIGIP_DEVICE}/mgmt/shared/file-transfer/uploads/${2}'"
BYTES_START=${BYTES_END}
done
fi
if [ "${TMP_FILE}x" != "x" ] && test -e "${TMP_FILE}" ; then
rm -f "${TMP_FILE}"
fi
Overwrite the old records list with the new one.
OUT=$(restCall "POST" "/mgmt/shared/file-transfer/uploads/~${BIGIP_PARTITION}~${1}" "{ \"records\": ${TT} }")
log "uploadFile()[Upload results]: `echo $OUT | python -mjson.tool`"
return 0
}
OUT=$(uploadFile "file.txt" "file.txt")
echo $OUT
So in essence it is just the upload function called with some static parameters.