Added marathon API access token key support d2iq-archive#6 d2iq-archi…

…ve#10
pawmart · Feb 19, 2017 · 771cbdf · 771cbdf
1 parent cccefca
commit 771cbdf
Show file tree

Hide file tree

Showing 3 changed files with 11 additions and 8 deletions.
diff --git a/README.md b/README.md
@@ -8,6 +8,7 @@ Clone (or manually copy) this repo, and modify the [letsencrypt-dcos.json](letse
  - The list of hostnames (must be FQDNs) for which you want to generate SSL certs (in `HAPROXY_0_VHOST`)
  - An admin email address for your certificate (in `LETSENCRYPT_EMAIL`)
  - The Marathon API endpoint (in `MARATHON_URL`)
+ - The Marathon API access token (in `MARATHON_AUTH_TOKEN`)
  - The Marathon-lb app ID (in `MARATHON_LB_ID`)
  - Ensure you have **at least 2 or more** public agents in your DC/OS cluster, and that marathon-lb is scaled out to more than 1 public agent. Deploying this app requires this since it entails restarting marathon-lb.
 

diff --git a/post_cert.py b/post_cert.py
@@ -6,14 +6,18 @@
 import requests
 import time
 
-url = os.environ.get('MARATHON_URL')
+base_url = os.environ.get('MARATHON_URL')
+headers = {'Content-Type': 'application/json', 'Authorization': 'token=' + os.environ.get('MARATHON_AUTH_TOKEN')}
+
 marathon_lb_id = os.environ.get('MARATHON_LB_ID')
 marathon_lb_cert_env = \
     os.environ.get('MARATHON_LB_CERT_ENV', 'HAPROXY_SSL_CERT')
 
 print("Retrieving current marathon-lb cert")
 sys.stdout.flush()
-r = requests.get(url + '/v2/apps/' + marathon_lb_id)
+
+marathon_lb_url = base_url + '/v2/apps/' + marathon_lb_id
+r = requests.get(marathon_lb_url, headers=headers)
 mlb = r.json()
 env = mlb['app']['env']
 cert = ''
@@ -28,8 +32,7 @@
 
     print("Deploying marathon-lb with new cert")
     sys.stdout.flush()
-    headers = {'Content-Type': 'application/json'}
-    r = requests.put(url + '/v2/apps/' + marathon_lb_id,
+    r = requests.put(marathon_lb_url,
                      headers=headers,
                      data=json.dumps({
                          'id': marathon_lb_id,
@@ -43,7 +46,7 @@
         time.sleep(5)
         print("Waiting for deployment to complete")
         sys.stdout.flush()
-        r = requests.get(url + '/v2/deployments')
+        r = requests.get(base_url + '/v2/deployments', headers=headers)
         deployments = r.json()
         deployment_exists = False
         for deployment in deployments:

diff --git a/run.sh b/run.sh
@@ -4,9 +4,8 @@ set -e
 # Wait to settle
 sleep 15
 
-# Get our SSL domains from the Marathon app label
-SSL_DOMAINS=$(curl -s ${MARATHON_URL}/v2/apps${MARATHON_APP_ID} | python -c 'import sys, json; print(json.load(sys.stdin)["app"]["labels"]["HAPROXY_0_VHOST"])')
-
+# Get our SSL domains from env variable
+SSL_DOMAINS=${HAPROXY_0_VHOST}
 
 IFS=',' read -ra ADDR <<< "$SSL_DOMAINS"
 DOMAIN_ARGS=""