You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

486 lines
16 KiB

8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
8 years ago
3 years ago
8 years ago
8 years ago
8 years ago
3 years ago
3 years ago
8 years ago
3 years ago
3 years ago
8 years ago
3 years ago
3 years ago
3 years ago
3 years ago
8 years ago
8 years ago
8 years ago
8 years ago
  1. #!/usr/bin/env sh
  2. # Script to deploy certificates to remote server by SSH
  3. # Note that SSH must be able to login to remote host without a password...
  4. # SSH Keys must have been exchanged with the remote host. Validate and
  5. # test that you can login to USER@SERVER from the host running acme.sh before
  6. # using this script.
  7. #
  8. # The following variables exported from environment will be used.
  9. # If not set then values previously saved in domain.conf file are used.
  10. #
  11. # Only a username is required. All others are optional.
  12. #
  13. # The following examples are for QNAP NAS running QTS 4.2
  14. # export DEPLOY_SSH_CMD="" # defaults to "ssh -T"
  15. # export DEPLOY_SSH_USER="admin" # required
  16. # export DEPLOY_SSH_SERVER="host1 host2:8022 192.168.0.1:9022" # defaults to domain name, support multiple servers with optional port
  17. # export DEPLOY_SSH_KEYFILE="/etc/stunnel/stunnel.pem"
  18. # export DEPLOY_SSH_CERTFILE="/etc/stunnel/stunnel.pem"
  19. # export DEPLOY_SSH_CAFILE="/etc/stunnel/uca.pem"
  20. # export DEPLOY_SSH_FULLCHAIN=""
  21. # export DEPLOY_SSH_REMOTE_CMD="/etc/init.d/stunnel.sh restart"
  22. # export DEPLOY_SSH_BACKUP="" # yes or no, default to yes or previously saved value
  23. # export DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy" # path on remote system. Defaults to .acme_ssh_deploy
  24. # export DEPLOY_SSH_MULTI_CALL="" # yes or no, default to no or previously saved value
  25. # export DEPLOY_SSH_USE_SCP="" yes or no, default to no
  26. # export DEPLOY_SSH_SCP_CMD="" defaults to "scp -q"
  27. # export DEPLOY_SSH_REMOTE_SHELL="" # defaults to sh -c
  28. # export DEPLOY_SSH_REMOTE_CMD_QUOTE="" # yes or no, defaults to yes
  29. ######## Public functions #####################
  30. #domain keyfile certfile cafile fullchain
  31. ssh_deploy() {
  32. _cdomain="$1"
  33. _ckey="$2"
  34. _ccert="$3"
  35. _cca="$4"
  36. _cfullchain="$5"
  37. _deploy_ssh_servers=""
  38. _debug _cdomain "$_cdomain"
  39. _debug _ckey "$_ckey"
  40. _debug _ccert "$_ccert"
  41. _debug _cca "$_cca"
  42. _debug _cfullchain "$_cfullchain"
  43. # USER is required to login by SSH to remote host.
  44. _migratedeployconf Le_Deploy_ssh_user DEPLOY_SSH_USER
  45. _getdeployconf DEPLOY_SSH_USER
  46. _debug2 DEPLOY_SSH_USER "$DEPLOY_SSH_USER"
  47. if [ -z "$DEPLOY_SSH_USER" ]; then
  48. _err "DEPLOY_SSH_USER not defined."
  49. return 1
  50. fi
  51. _savedeployconf DEPLOY_SSH_USER "$DEPLOY_SSH_USER"
  52. # SERVER is optional. If not provided then use _cdomain
  53. _migratedeployconf Le_Deploy_ssh_server DEPLOY_SSH_SERVER
  54. _getdeployconf DEPLOY_SSH_SERVER
  55. _debug2 DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER"
  56. if [ -z "$DEPLOY_SSH_SERVER" ]; then
  57. DEPLOY_SSH_SERVER="$_cdomain"
  58. fi
  59. _savedeployconf DEPLOY_SSH_SERVER "$DEPLOY_SSH_SERVER"
  60. # CMD is optional. If not provided then use ssh
  61. _migratedeployconf Le_Deploy_ssh_cmd DEPLOY_SSH_CMD
  62. _getdeployconf DEPLOY_SSH_CMD
  63. _debug2 DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD"
  64. if [ -z "$DEPLOY_SSH_CMD" ]; then
  65. DEPLOY_SSH_CMD="ssh -T"
  66. fi
  67. _savedeployconf DEPLOY_SSH_CMD "$DEPLOY_SSH_CMD"
  68. # REMOTE_SHELL is optional. If not provided then use sh
  69. _migratedeployconf Le_Deploy_ssh_remote_shell DEPLOY_SSH_REMOTE_SHELL
  70. _getdeployconf DEPLOY_SSH_REMOTE_SHELL
  71. _debug2 DEPLOY_SSH_REMOTE_SHELL "$DEPLOY_SSH_REMOTE_SHELL"
  72. if [ -z "$DEPLOY_SSH_REMOTE_SHELL" ]; then
  73. DEPLOY_SSH_REMOTE_SHELL="sh -c"
  74. fi
  75. _savedeployconf DEPLOY_SSH_REMOTE_SHELL "$DEPLOY_SSH_REMOTE_SHELL"
  76. # REMOTE_CMD_QUOTE is optional. If not provided then yes
  77. _migratedeployconf Le_Deploy_ssh_remote_cmd_quote DEPLOY_SSH_REMOTE_CMD_QUOTE
  78. _getdeployconf DEPLOY_SSH_REMOTE_CMD_QUOTE
  79. _debug2 DEPLOY_SSH_REMOTE_CMD_QUOTE "$DEPLOY_SSH_REMOTE_CMD_QUOTE"
  80. if [ -z "$DEPLOY_SSH_REMOTE_CMD_QUOTE" ]; then
  81. DEPLOY_SSH_REMOTE_CMD_QUOTE="yes"
  82. fi
  83. _savedeployconf DEPLOY_SSH_REMOTE_CMD_QUOTE "$DEPLOY_SSH_REMOTE_CMD_QUOTE"
  84. # BACKUP is optional. If not provided then default to previously saved value or yes.
  85. _migratedeployconf Le_Deploy_ssh_backup DEPLOY_SSH_BACKUP
  86. _getdeployconf DEPLOY_SSH_BACKUP
  87. _debug2 DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP"
  88. if [ -z "$DEPLOY_SSH_BACKUP" ]; then
  89. DEPLOY_SSH_BACKUP="yes"
  90. fi
  91. _savedeployconf DEPLOY_SSH_BACKUP "$DEPLOY_SSH_BACKUP"
  92. # BACKUP_PATH is optional. If not provided then default to previously saved value or .acme_ssh_deploy
  93. _migratedeployconf Le_Deploy_ssh_backup_path DEPLOY_SSH_BACKUP_PATH
  94. _getdeployconf DEPLOY_SSH_BACKUP_PATH
  95. _debug2 DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH"
  96. if [ -z "$DEPLOY_SSH_BACKUP_PATH" ]; then
  97. DEPLOY_SSH_BACKUP_PATH=".acme_ssh_deploy"
  98. fi
  99. _savedeployconf DEPLOY_SSH_BACKUP_PATH "$DEPLOY_SSH_BACKUP_PATH"
  100. # MULTI_CALL is optional. If not provided then default to previously saved
  101. # value (which may be undefined... equivalent to "no").
  102. _migratedeployconf Le_Deploy_ssh_multi_call DEPLOY_SSH_MULTI_CALL
  103. _getdeployconf DEPLOY_SSH_MULTI_CALL
  104. _debug2 DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL"
  105. if [ -z "$DEPLOY_SSH_MULTI_CALL" ]; then
  106. DEPLOY_SSH_MULTI_CALL="no"
  107. fi
  108. _savedeployconf DEPLOY_SSH_MULTI_CALL "$DEPLOY_SSH_MULTI_CALL"
  109. # KEYFILE is optional.
  110. # If provided then private key will be copied to provided filename.
  111. _migratedeployconf Le_Deploy_ssh_keyfile DEPLOY_SSH_KEYFILE
  112. _getdeployconf DEPLOY_SSH_KEYFILE
  113. _debug2 DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE"
  114. if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
  115. _savedeployconf DEPLOY_SSH_KEYFILE "$DEPLOY_SSH_KEYFILE"
  116. fi
  117. # CERTFILE is optional.
  118. # If provided then certificate will be copied or appended to provided filename.
  119. _migratedeployconf Le_Deploy_ssh_certfile DEPLOY_SSH_CERTFILE
  120. _getdeployconf DEPLOY_SSH_CERTFILE
  121. _debug2 DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE"
  122. if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
  123. _savedeployconf DEPLOY_SSH_CERTFILE "$DEPLOY_SSH_CERTFILE"
  124. fi
  125. # CAFILE is optional.
  126. # If provided then CA intermediate certificate will be copied or appended to provided filename.
  127. _migratedeployconf Le_Deploy_ssh_cafile DEPLOY_SSH_CAFILE
  128. _getdeployconf DEPLOY_SSH_CAFILE
  129. _debug2 DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE"
  130. if [ -n "$DEPLOY_SSH_CAFILE" ]; then
  131. _savedeployconf DEPLOY_SSH_CAFILE "$DEPLOY_SSH_CAFILE"
  132. fi
  133. # FULLCHAIN is optional.
  134. # If provided then fullchain certificate will be copied or appended to provided filename.
  135. _migratedeployconf Le_Deploy_ssh_fullchain DEPLOY_SSH_FULLCHAIN
  136. _getdeployconf DEPLOY_SSH_FULLCHAIN
  137. _debug2 DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN"
  138. if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
  139. _savedeployconf DEPLOY_SSH_FULLCHAIN "$DEPLOY_SSH_FULLCHAIN"
  140. fi
  141. # REMOTE_CMD is optional.
  142. # If provided then this command will be executed on remote host.
  143. _migratedeployconf Le_Deploy_ssh_remote_cmd DEPLOY_SSH_REMOTE_CMD
  144. _getdeployconf DEPLOY_SSH_REMOTE_CMD
  145. _debug2 DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD"
  146. if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
  147. _savedeployconf DEPLOY_SSH_REMOTE_CMD "$DEPLOY_SSH_REMOTE_CMD"
  148. fi
  149. # USE_SCP is optional. If not provided then default to previously saved
  150. # value (which may be undefined... equivalent to "no").
  151. _getdeployconf DEPLOY_SSH_USE_SCP
  152. _debug2 DEPLOY_SSH_USE_SCP "$DEPLOY_SSH_USE_SCP"
  153. if [ -z "$DEPLOY_SSH_USE_SCP" ]; then
  154. DEPLOY_SSH_USE_SCP="no"
  155. fi
  156. _savedeployconf DEPLOY_SSH_USE_SCP "$DEPLOY_SSH_USE_SCP"
  157. # SCP_CMD is optional. If not provided then use scp
  158. _getdeployconf DEPLOY_SSH_SCP_CMD
  159. _debug2 DEPLOY_SSH_SCP_CMD "$DEPLOY_SSH_SCP_CMD"
  160. if [ -z "$DEPLOY_SSH_SCP_CMD" ]; then
  161. DEPLOY_SSH_SCP_CMD="scp -q"
  162. fi
  163. _savedeployconf DEPLOY_SSH_SCP_CMD "$DEPLOY_SSH_SCP_CMD"
  164. if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
  165. DEPLOY_SSH_MULTI_CALL="yes"
  166. _info "Using scp as alternate method for copying files. Multicall Mode is implicit"
  167. elif [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  168. _info "Using MULTI_CALL mode... Required commands sent in multiple calls to remote host"
  169. else
  170. _info "Required commands batched and sent in single call to remote host"
  171. fi
  172. _deploy_ssh_servers="$DEPLOY_SSH_SERVER"
  173. for DEPLOY_SSH_SERVER in $_deploy_ssh_servers; do
  174. _ssh_deploy
  175. done
  176. }
  177. _ssh_deploy() {
  178. _err_code=0
  179. _cmdstr=""
  180. _backupprefix=""
  181. _backupdir=""
  182. _local_cert_file=""
  183. _local_ca_file=""
  184. _local_full_file=""
  185. case $DEPLOY_SSH_SERVER in
  186. *:*)
  187. _host=${DEPLOY_SSH_SERVER%:*}
  188. _port=${DEPLOY_SSH_SERVER##*:}
  189. ;;
  190. *)
  191. _host=$DEPLOY_SSH_SERVER
  192. _port=
  193. ;;
  194. esac
  195. _info "Deploy certificates to remote server $DEPLOY_SSH_USER@$_host:$_port"
  196. if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
  197. _backupprefix="$DEPLOY_SSH_BACKUP_PATH/$_cdomain-backup"
  198. _backupdir="$_backupprefix-$(_utc_date | tr ' ' '-')"
  199. # run cleanup on the backup directory, erase all older
  200. # than 180 days (15552000 seconds).
  201. _cmdstr="{ now=\"\$(date -u +%s)\"; for fn in $_backupprefix*; \
  202. do if [ -d \"\$fn\" ] && [ \"\$(expr \$now - \$(date -ur \$fn +%s) )\" -ge \"15552000\" ]; \
  203. then rm -rf \"\$fn\"; echo \"Backup \$fn deleted as older than 180 days\"; fi; done; }; $_cmdstr"
  204. # Alternate version of above... _cmdstr="find $_backupprefix* -type d -mtime +180 2>/dev/null | xargs rm -rf; $_cmdstr"
  205. # Create our backup directory for overwritten cert files.
  206. _cmdstr="mkdir -p $_backupdir; $_cmdstr"
  207. _info "Backup of old certificate files will be placed in remote directory $_backupdir"
  208. _info "Backup directories erased after 180 days."
  209. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  210. if ! _ssh_remote_cmd "$_cmdstr"; then
  211. return $_err_code
  212. fi
  213. _cmdstr=""
  214. fi
  215. fi
  216. if [ -n "$DEPLOY_SSH_KEYFILE" ]; then
  217. if [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
  218. # backup file we are about to overwrite.
  219. _cmdstr="$_cmdstr cp $DEPLOY_SSH_KEYFILE $_backupdir >/dev/null;"
  220. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  221. if ! _ssh_remote_cmd "$_cmdstr"; then
  222. return $_err_code
  223. fi
  224. _cmdstr=""
  225. fi
  226. fi
  227. # copy new key into file.
  228. if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
  229. # scp the file
  230. if ! _scp_remote_cmd "$_ckey" "$DEPLOY_SSH_KEYFILE"; then
  231. return $_err_code
  232. fi
  233. else
  234. # ssh echo to the file
  235. _cmdstr="$_cmdstr echo \"$(cat "$_ckey")\" > $DEPLOY_SSH_KEYFILE;"
  236. _info "will copy private key to remote file $DEPLOY_SSH_KEYFILE"
  237. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  238. if ! _ssh_remote_cmd "$_cmdstr"; then
  239. return $_err_code
  240. fi
  241. _cmdstr=""
  242. fi
  243. fi
  244. fi
  245. if [ -n "$DEPLOY_SSH_CERTFILE" ]; then
  246. _pipe=">"
  247. if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then
  248. # if filename is same as previous file then append.
  249. _pipe=">>"
  250. elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
  251. # backup file we are about to overwrite.
  252. _cmdstr="$_cmdstr cp $DEPLOY_SSH_CERTFILE $_backupdir >/dev/null;"
  253. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  254. if ! _ssh_remote_cmd "$_cmdstr"; then
  255. return $_err_code
  256. fi
  257. _cmdstr=""
  258. fi
  259. fi
  260. # copy new certificate into file.
  261. if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
  262. # scp the file
  263. _local_cert_file=$(_mktemp)
  264. if [ "$DEPLOY_SSH_CERTFILE" = "$DEPLOY_SSH_KEYFILE" ]; then
  265. cat "$_ckey" >>"$_local_cert_file"
  266. fi
  267. cat "$_ccert" >>"$_local_cert_file"
  268. if ! _scp_remote_cmd "$_local_cert_file" "$DEPLOY_SSH_CERTFILE"; then
  269. return $_err_code
  270. fi
  271. else
  272. # ssh echo to the file
  273. _cmdstr="$_cmdstr echo \"$(cat "$_ccert")\" $_pipe $DEPLOY_SSH_CERTFILE;"
  274. _info "will copy certificate to remote file $DEPLOY_SSH_CERTFILE"
  275. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  276. if ! _ssh_remote_cmd "$_cmdstr"; then
  277. return $_err_code
  278. fi
  279. _cmdstr=""
  280. fi
  281. fi
  282. fi
  283. if [ -n "$DEPLOY_SSH_CAFILE" ]; then
  284. _pipe=">"
  285. if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ] ||
  286. [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then
  287. # if filename is same as previous file then append.
  288. _pipe=">>"
  289. elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
  290. # backup file we are about to overwrite.
  291. _cmdstr="$_cmdstr cp $DEPLOY_SSH_CAFILE $_backupdir >/dev/null;"
  292. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  293. if ! _ssh_remote_cmd "$_cmdstr"; then
  294. return $_err_code
  295. fi
  296. _cmdstr=""
  297. fi
  298. fi
  299. # copy new certificate into file.
  300. if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
  301. # scp the file
  302. _local_ca_file=$(_mktemp)
  303. if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_KEYFILE" ]; then
  304. cat "$_ckey" >>"$_local_ca_file"
  305. fi
  306. if [ "$DEPLOY_SSH_CAFILE" = "$DEPLOY_SSH_CERTFILE" ]; then
  307. cat "$_ccert" >>"$_local_ca_file"
  308. fi
  309. cat "$_cca" >>"$_local_ca_file"
  310. if ! _scp_remote_cmd "$_local_ca_file" "$DEPLOY_SSH_CAFILE"; then
  311. return $_err_code
  312. fi
  313. else
  314. # ssh echo to the file
  315. _cmdstr="$_cmdstr echo \"$(cat "$_cca")\" $_pipe $DEPLOY_SSH_CAFILE;"
  316. _info "will copy CA file to remote file $DEPLOY_SSH_CAFILE"
  317. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  318. if ! _ssh_remote_cmd "$_cmdstr"; then
  319. return $_err_code
  320. fi
  321. _cmdstr=""
  322. fi
  323. fi
  324. fi
  325. if [ -n "$DEPLOY_SSH_FULLCHAIN" ]; then
  326. _pipe=">"
  327. if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ] ||
  328. [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ] ||
  329. [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then
  330. # if filename is same as previous file then append.
  331. _pipe=">>"
  332. elif [ "$DEPLOY_SSH_BACKUP" = "yes" ]; then
  333. # backup file we are about to overwrite.
  334. _cmdstr="$_cmdstr cp $DEPLOY_SSH_FULLCHAIN $_backupdir >/dev/null;"
  335. if [ "$DEPLOY_SSH_FULLCHAIN" = "yes" ]; then
  336. if ! _ssh_remote_cmd "$_cmdstr"; then
  337. return $_err_code
  338. fi
  339. _cmdstr=""
  340. fi
  341. fi
  342. # copy new certificate into file.
  343. if [ "$DEPLOY_SSH_USE_SCP" = "yes" ]; then
  344. # scp the file
  345. _local_full_file=$(_mktemp)
  346. if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_KEYFILE" ]; then
  347. cat "$_ckey" >>"$_local_full_file"
  348. fi
  349. if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CERTFILE" ]; then
  350. cat "$_ccert" >>"$_local_full_file"
  351. fi
  352. if [ "$DEPLOY_SSH_FULLCHAIN" = "$DEPLOY_SSH_CAFILE" ]; then
  353. cat "$_cca" >>"$_local_full_file"
  354. fi
  355. cat "$_cfullchain" >>"$_local_full_file"
  356. if ! _scp_remote_cmd "$_local_full_file" "$DEPLOY_SSH_FULLCHAIN"; then
  357. return $_err_code
  358. fi
  359. else
  360. # ssh echo to the file
  361. _cmdstr="$_cmdstr echo \"$(cat "$_cfullchain")\" $_pipe $DEPLOY_SSH_FULLCHAIN;"
  362. _info "will copy fullchain to remote file $DEPLOY_SSH_FULLCHAIN"
  363. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  364. if ! _ssh_remote_cmd "$_cmdstr"; then
  365. return $_err_code
  366. fi
  367. _cmdstr=""
  368. fi
  369. fi
  370. fi
  371. # cleanup local files if any
  372. if [ -f "$_local_cert_file" ]; then
  373. rm -f "$_local_cert_file"
  374. fi
  375. if [ -f "$_local_ca_file" ]; then
  376. rm -f "$_local_ca_file"
  377. fi
  378. if [ -f "$_local_full_file" ]; then
  379. rm -f "$_local_full_file"
  380. fi
  381. if [ -n "$DEPLOY_SSH_REMOTE_CMD" ]; then
  382. _cmdstr="$_cmdstr $DEPLOY_SSH_REMOTE_CMD;"
  383. _info "Will execute remote command $DEPLOY_SSH_REMOTE_CMD"
  384. if [ "$DEPLOY_SSH_MULTI_CALL" = "yes" ]; then
  385. if ! _ssh_remote_cmd "$_cmdstr"; then
  386. return $_err_code
  387. fi
  388. _cmdstr=""
  389. fi
  390. fi
  391. # if commands not all sent in multiple calls then all commands sent in a single SSH call now...
  392. if [ -n "$_cmdstr" ]; then
  393. if ! _ssh_remote_cmd "$_cmdstr"; then
  394. return $_err_code
  395. fi
  396. fi
  397. # cleanup in case all is ok
  398. return 0
  399. }
  400. #cmd
  401. _ssh_remote_cmd() {
  402. _cmd="$1"
  403. _ssh_cmd="$DEPLOY_SSH_CMD"
  404. if [ -n "$_port" ]; then
  405. _ssh_cmd="$_ssh_cmd -p $_port"
  406. fi
  407. _secure_debug "Remote commands to execute: $_cmd"
  408. _info "Submitting sequence of commands to remote server by $_ssh_cmd"
  409. if [ "$DEPLOY_SSH_REMOTE_CMD_QUOTE" = "yes" ]; then
  410. # quotations in bash cmd below intended. Squash travis spellcheck error
  411. # shellcheck disable=SC2029
  412. $_ssh_cmd "$DEPLOY_SSH_USER@$_host" $DEPLOY_SSH_REMOTE_SHELL "'$_cmd'"
  413. else
  414. $_ssh_cmd "$DEPLOY_SSH_USER@$_host" $DEPLOY_SSH_REMOTE_SHELL "$_cmd"
  415. fi
  416. _err_code="$?"
  417. if [ "$_err_code" != "0" ]; then
  418. _err "Error code $_err_code returned from ssh"
  419. fi
  420. return $_err_code
  421. }
  422. # cmd scp
  423. _scp_remote_cmd() {
  424. _src=$1
  425. _dest=$2
  426. _scp_cmd="$DEPLOY_SSH_SCP_CMD"
  427. if [ -n "$_port" ]; then
  428. _scp_cmd="$_scp_cmd -P $_port"
  429. fi
  430. _secure_debug "Remote copy source $_src to destination $_dest"
  431. _info "Submitting secure copy by $_scp_cmd"
  432. $_scp_cmd "$_src" "$DEPLOY_SSH_USER"@"$_host":"$_dest"
  433. _err_code="$?"
  434. if [ "$_err_code" != "0" ]; then
  435. _err "Error code $_err_code returned from scp"
  436. fi
  437. return $_err_code
  438. }