You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

88 lines
2.9 KiB

2 years ago
2 years ago
  1. #!/bin/bash
  2. #Here is a script to deploy cert to opengear operations manager.
  3. #returns 0 means success, otherwise error.
  4. # Note that SSH must be able to login to remote host without a password...
  5. # The user must have sudo-access without password
  6. #
  7. # SSH Keys must have been exchanged with the remote host. Validate and
  8. # test that you can login to USER@SERVER from the host running acme.sh before
  9. # using this script.
  10. # export OPENGEAR_USER="" # required
  11. # export OPENGEAR_HOST="om1234" # defaults to domain name
  12. Le_Deploy_ssh_cmd="ssh"
  13. #domain keyfile certfile cafile fullchain
  14. opengear_deploy() {
  15. _cdomain="$1"
  16. _ckey="$2"
  17. _ccert="$3"
  18. _cca="$4"
  19. _cfullchain="$5"
  20. _debug _cdomain "$_cdomain"
  21. _debug _ckey "$_ckey"
  22. _debug _ccert "$_ccert"
  23. _debug _cca "$_cca"
  24. _debug _cfullchain "$_cfullchain"
  25. # OPENGEAR ENV VAR check
  26. if [ -z "$OPENGEAR_HOST" ]; then
  27. # HOST is not set in environment, check for saved variable
  28. _getdeployconf OPENGEAR_HOST
  29. _opengear_host=$OPENGEAR_HOST
  30. fi
  31. if [ -z "$_opengear_host" ]; then
  32. _info "No host found in saved vars. Defaulting to domain: $_cdomain"
  33. _opengear_host="$_cdomain"
  34. fi
  35. if [ -z "$OPENGEAR_USER" ]; then
  36. _debug "USER not found in ENV variables lets check for saved variables"
  37. _getdeployconf OPENGEAR_USER
  38. _opengear_user=$OPENGEAR_USER
  39. if [ -z "$_opengear_user" ]; then
  40. _err "No user found.. If this is the first time deploying please set OPENGEAR_USER in environment variables. Delete them after you have succesfully deployed certs."
  41. return 1
  42. else
  43. _debug "Using saved env variables."
  44. fi
  45. else
  46. _debug "Detected ENV variables to be saved to the deploy conf."
  47. _opengear_user="$OPENGEAR_USER"
  48. # Encrypt and save user
  49. _savedeployconf OPENGEAR_USER "$_opengear_user" 1
  50. _savedeployconf OPENGEAR_HOST "$_opengear_host" 1
  51. fi
  52. _info "Deploying to $_opengear_host"
  53. _cmdstr="sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/bin/ogconfig-cli || \
  54. sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli"
  55. _info "will deploy new certificate"
  56. if ! _ssh_remote_cmd "$_cmdstr"; then
  57. return "$_err_code"
  58. fi
  59. return "$_err_code"
  60. }
  61. #cmd
  62. _ssh_remote_cmd() {
  63. _cmd="$1"
  64. _secure_debug "Remote commands to execute: $_cmd"
  65. _info "Submitting sequence of commands to remote server by ssh"
  66. # quotations in bash cmd below intended. Squash travis spellcheck error
  67. # shellcheck disable=SC2029
  68. _debug $Le_Deploy_ssh_cmd "$_opengear_user@$_opengear_host" sh -c "'$_cmd'"
  69. $Le_Deploy_ssh_cmd "$_opengear_user@$_opengear_host" sh -c "'$_cmd'"
  70. _err_code="$?"
  71. if [ "$_err_code" != "0" ]; then
  72. _err "Error code $_err_code returned from ssh"
  73. fi
  74. return $_err_code
  75. }