Merge 903ae2954f into eb00852a71

deploy/edgemax.sh

@@ -0,0 +1,111 @@
+#!/bin/bash
+
+################################################################
+###
+###  A script to deploy Let's Encrypt certificate
+###  on Edgemax routers.
+###
+################################################################
+
+#This file name is "edgemax.sh"
+#So, here must be a method   edgemax_deploy()
+#Which will be called by acme.sh to deploy the cert
+#returns 0 means success, otherwise error.
+
+########  Public functions #####################
+atexit() {
+  #closes CLI session
+  cli-shell-api teardownSession
+  _debug EXITCODE: "$1"
+  return "$1"
+}
+
+#domain keyfile certfile cafile fullchain
+edgemax_deploy() {
+  _cdomain="$1"
+  _ckey="$2"
+  _ccert="$3"
+  _cca="$4"
+  _cfullchain="$5"
+  ### 'lighttpd_pem' - certificate file configured for your Edgemax GUI
+
+  lighttpd_pem=/config/auth/le-cert.pem
+
+  _info "$(__green "EdgeMax Certificate Path: $lighttpd_pem")"
+  _debug _cdomain "$_cdomain"
+  _debug _ckey "$_ckey"
+  _debug _ccert "$_ccert"
+  _debug _cca "$_cca"
+  _debug _cfullchain "$_cfullchain"
+  _info "Generating PEM file for lighttpd"
+  sudo sh -c "cat ${_ccert} ${_ckey} > ${lighttpd_pem}"
+
+  _info "$(__green "Checking for Cron Job")"
+  cronval=$(cli-shell-api returnEffectiveValue system task-scheduler task LetsEncrypt executable path)
+  if [ "$cronval" != "/config/user-data/acme.sh/acme.sh" ]; then
+    _info "$(__green "Job not found. Adding")"
+     vyatta_sbindir="/opt/vyatta/sbin" #overwritten by eval command but needed to pass github checks.
+    # Obtain session environment
+    session_env=$(cli-shell-api getSessionEnv $PPID)
+    eval "$session_env"
+
+    # Setup the session
+    cli-shell-api setupSession
+
+    # Verify Session Started
+    cli-shell-api inSession
+    if [ $? -ne 0 ]; then
+      _err "Something went wrong starting CLI Session!"
+      atexit 1
+    fi
+    SET=${vyatta_sbindir}/my_set
+    COMMIT=${vyatta_sbindir}/my_commit
+    SAVE=${vyatta_sbindir}/vyatta-save-config.pl
+    _info "Setting CRON job parameter."
+    $SET system task-scheduler task LetsEncrypt crontab-spec '39 1 * * *'
+    $SET system task-scheduler task LetsEncrypt executable arguments '--cron --home /config/user-data/acme.sh --config-home /config/user-data/acme.sh'
+    $SET system task-scheduler task LetsEncrypt executable path /config/user-data/acme.sh/acme.sh
+    $COMMIT
+    $SAVE
+  else
+    _info "CRON job already set"
+  fi
+
+  _info "$(__green "Checking EdgeMax Config for SSL Settings: $lighttpd_pem")"
+  vals=$(cli-shell-api returnEffectiveValue service gui cert-file)
+  certfile=$vals
+  if [ "$lighttpd_pem" != "$certfile" ]; then
+    _debug "Current Edgemax Certfile" "$certfile"
+    _info "Certfile is not set to $lighttpd_pem"
+
+    vyatta_sbindir="/opt/vyatta/sbin" #overwritten by eval command but needed to pass github checks.
+    # Obtain session environment
+    session_env=$(cli-shell-api getSessionEnv $PPID)
+    eval "$session_env"
+
+    # Setup the session
+    cli-shell-api setupSession
+
+    # Verify Session Started
+    cli-shell-api inSession
+    if [ $? -ne 0 ]; then
+      _err "Something went wrong starting CLI Session!"
+      atexit 1
+    fi
+    SET=${vyatta_sbindir}/my_set
+    COMMIT=${vyatta_sbindir}/my_commit
+    SAVE=${vyatta_sbindir}/vyatta-save-config.pl
+    _info "Setting Certificate parameter."
+    $SET service gui cert-file /config/auth/le-cert.pem
+    $COMMIT
+    $SAVE
+  else
+    _info "EdgeMax cert-file already set to $lighttpd_pem"
+  fi
+  _info Restarting lighttpd
+  sudo kill -SIGTERM "$(cat /var/run/lighttpd.pid)"
+  sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf
+
+  atexit 0
+
+}