diff --git a/README.md b/README.md index c14df78..e866d70 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ Clone (or manually copy) this repo, and modify the [letsencrypt-dcos.json](letse - The list of hostnames (must be FQDNs) for which you want to generate SSL certs (in `HAPROXY_0_VHOST`) - An admin email address for your certificate (in `LETSENCRYPT_EMAIL`) - The Marathon API endpoint (in `MARATHON_URL`) + - The Marathon API access token (in `MARATHON_AUTH_TOKEN`) - The Marathon-lb app ID (in `MARATHON_LB_ID`) - Ensure you have **at least 2 or more** public agents in your DC/OS cluster, and that marathon-lb is scaled out to more than 1 public agent. Deploying this app requires this since it entails restarting marathon-lb. diff --git a/post_cert.py b/post_cert.py index c3d1f6f..ca72546 100755 --- a/post_cert.py +++ b/post_cert.py @@ -6,14 +6,18 @@ import requests import time -url = os.environ.get('MARATHON_URL') +base_url = os.environ.get('MARATHON_URL') +headers = {'Content-Type': 'application/json', 'Authorization': 'token=' + os.environ.get('MARATHON_AUTH_TOKEN')} + marathon_lb_id = os.environ.get('MARATHON_LB_ID') marathon_lb_cert_env = \ os.environ.get('MARATHON_LB_CERT_ENV', 'HAPROXY_SSL_CERT') print("Retrieving current marathon-lb cert") sys.stdout.flush() -r = requests.get(url + '/v2/apps/' + marathon_lb_id) + +marathon_lb_url = base_url + '/v2/apps/' + marathon_lb_id +r = requests.get(marathon_lb_url, headers=headers) mlb = r.json() env = mlb['app']['env'] cert = '' @@ -28,8 +32,7 @@ print("Deploying marathon-lb with new cert") sys.stdout.flush() - headers = {'Content-Type': 'application/json'} - r = requests.put(url + '/v2/apps/' + marathon_lb_id, + r = requests.put(marathon_lb_url, headers=headers, data=json.dumps({ 'id': marathon_lb_id, @@ -43,7 +46,7 @@ time.sleep(5) print("Waiting for deployment to complete") sys.stdout.flush() - r = requests.get(url + '/v2/deployments') + r = requests.get(base_url + '/v2/deployments', headers=headers) deployments = r.json() deployment_exists = False for deployment in deployments: diff --git a/run.sh b/run.sh index 578a4db..5d868f9 100755 --- a/run.sh +++ b/run.sh @@ -4,9 +4,8 @@ set -e # Wait to settle sleep 15 -# Get our SSL domains from the Marathon app label -SSL_DOMAINS=$(curl -s ${MARATHON_URL}/v2/apps${MARATHON_APP_ID} | python -c 'import sys, json; print(json.load(sys.stdin)["app"]["labels"]["HAPROXY_0_VHOST"])') - +# Get our SSL domains from env variable +SSL_DOMAINS=${HAPROXY_0_VHOST} IFS=',' read -ra ADDR <<< "$SSL_DOMAINS" DOMAIN_ARGS=""