Browse Source
deploy: Add deployment script for Mikrotik systems
deploy: Add deployment script for Mikrotik systems
Add a script to deploy certificates on Mikrotik/RouterOS systems. Certificate will be deployed for the `www-ssl` service and optionally the `api-ssl` service. Signed-off-by: Jimmy Thrasibule <jimmy@thrasibule.mx>pull/1870/head
Jimmy Thrasibule
7 years ago
1 changed files with 130 additions and 0 deletions
@ -0,0 +1,130 @@ |
|||||
|
#!/usr/bin/env sh |
||||
|
# |
||||
|
# mikrotik.sh |
||||
|
# =========== |
||||
|
# |
||||
|
# Deploy certificate to a Mikrotik RouterOS system using the SSH protocol. |
||||
|
# |
||||
|
# The script must be able to connect to the remote host without a password. |
||||
|
# Therefore only public key authentication method is available and SSH keys must |
||||
|
# have been exchanged prior to running this script. |
||||
|
# |
||||
|
# |
||||
|
# Variables |
||||
|
# --------- |
||||
|
# |
||||
|
# The following variables can be exported in order to configure the script's |
||||
|
# behavior. When not set, values previously saved in _domain.conf_ are taken. |
||||
|
# |
||||
|
# |
||||
|
# DEPLOY_MIKROTIK_SET_API |
||||
|
# : Deploy certificate also to the API-SSL service. |
||||
|
# |
||||
|
# DEPLOY_MIKROTIK_SSH_HOST |
||||
|
# : Hostname or IP address to connect to the remote host. When not provided |
||||
|
# use the domain name from the `acme.sh` command. |
||||
|
# |
||||
|
# DEPLOY_MIKROTIK_SSH_IDFILE |
||||
|
# : Selects a file from which the identity (private key) for public key |
||||
|
# authentication is read. When not provided, `ssh` default is used. |
||||
|
# |
||||
|
# DEPLOY_MIKROTIK_SSH_OPTIONS |
||||
|
# : Additional options to pass to the `ssh` process. |
||||
|
# |
||||
|
# DEPLOY_MIKROTIK_SSH_PORT |
||||
|
# : Port to connect to on the remote host. |
||||
|
# |
||||
|
# DEPLOY_MIKROTIK_SSH_USER |
||||
|
# : Specifies the user to log in as on the remote machine. When not provide |
||||
|
# use the current user name. |
||||
|
# |
||||
|
mikrotik_deploy() { |
||||
|
_cdomain="${1}" |
||||
|
_ckey="${2}" |
||||
|
_ccert="${3}" |
||||
|
_cca="${4}" |
||||
|
_cfullchain="${5}" |
||||
|
|
||||
|
_debug _cdomain "${_cdomain}" |
||||
|
_debug _ckey "${_ckey}" |
||||
|
_debug _ccert "${_ccert}" |
||||
|
_debug _cca "${_cca}" |
||||
|
_debug _cfullchain "${_cfullchain}" |
||||
|
|
||||
|
_ssh_opts="${DEPLOY_MIKROTIK_SSH_OPTIONS}" |
||||
|
if [ "${_ssh_opts}" ]; then |
||||
|
_savedomainconf DEPLOY_MIKROTIK_SSH_OPTIONS "${_ssh_opts}" |
||||
|
fi |
||||
|
|
||||
|
_ssh_host="${DEPLOY_MIKROTIK_SSH_HOST}" |
||||
|
if [ "${_ssh_host}" ]; then |
||||
|
_savedomainconf DEPLOY_MIKROTIK_SSH_HOST "${_ssh_host}" |
||||
|
else |
||||
|
_ssh_host="${_cdomain}" |
||||
|
fi |
||||
|
|
||||
|
if [ "${DEPLOY_MIKROTIK_SET_API}" = "yes" ]; then |
||||
|
_debug DEPLOY_MIKROTIK_SET_API "${DEPLOY_MIKROTIK_SET_API}" |
||||
|
_savedomainconf DEPLOY_MIKROTIK_SET_API "${DEPLOY_MIKROTIK_SET_API}" |
||||
|
fi |
||||
|
|
||||
|
if [ "${DEPLOY_MIKROTIK_SSH_IDFILE}" ]; then |
||||
|
_debug DEPLOY_MIKROTIK_SSH_IDFILE "${DEPLOY_MIKROTIK_SSH_IDFILE}" |
||||
|
|
||||
|
_ssh_opts="${_ssh_opts} -i ${DEPLOY_MIKROTIK_SSH_IDFILE}" |
||||
|
_savedomainconf DEPLOY_MIKROTIK_SSH_IDFILE "${DEPLOY_MIKROTIK_SSH_IDFILE}" |
||||
|
fi |
||||
|
|
||||
|
if [ "${DEPLOY_MIKROTIK_SSH_PORT}" ]; then |
||||
|
_debug DEPLOY_MIKROTIK_SSH_PORT "${DEPLOY_MIKROTIK_SSH_PORT}" |
||||
|
|
||||
|
_ssh_opts="${_ssh_opts} -p ${DEPLOY_MIKROTIK_SSH_PORT}" |
||||
|
_savedomainconf DEPLOY_MIKROTIK_SSH_PORT "${DEPLOY_MIKROTIK_SSH_PORT}" |
||||
|
fi |
||||
|
|
||||
|
if [ "${DEPLOY_MIKROTIK_SSH_USER}" ]; then |
||||
|
_debug DEPLOY_MIKROTIK_SSH_USER "${DEPLOY_MIKROTIK_SSH_USER}" |
||||
|
|
||||
|
_ssh_host="${DEPLOY_MIKROTIK_SSH_USER}@${_ssh_host}" |
||||
|
_savedomainconf DEPLOY_MIKROTIK_SSH_USER "${DEPLOY_MIKROTIK_SSH_USER}" |
||||
|
fi |
||||
|
|
||||
|
_scp_opts=$(echo "${_ssh_opts} -q" | sed "s/-p/-P/g") |
||||
|
_debug _ssh_host "${_ssh_host}" |
||||
|
_debug _ssh_opts "${_ssh_opts}" |
||||
|
_debug _scp_opts "${_scp_opts}" |
||||
|
|
||||
|
_ssh="ssh ${_ssh_opts} ${_ssh_host}" |
||||
|
_scp="scp ${_scp_opts}" |
||||
|
|
||||
|
_debug _ssh "${_ssh}" |
||||
|
_debug _scp "${_scp}" |
||||
|
|
||||
|
${_ssh} /system resource print |
||||
|
_ret=${?} |
||||
|
if [ ${_ret} != "0" ]; then |
||||
|
_err "Could not connect to ${_ssh_host}." |
||||
|
return ${_ret} |
||||
|
fi |
||||
|
_info "Connected successfully to ${_ssh_host}." |
||||
|
|
||||
|
_info "Cleaning out old certificate from ${_ssh_host}." |
||||
|
${_ssh} /certificate remove [find name="${_cdomain}.pem_0"] |
||||
|
${_ssh} /file remove "${_cdomain}.pem" |
||||
|
${_ssh} /file remove "${_cdomain}.key" |
||||
|
|
||||
|
_info "Uploading certificate for ${_cdomain} to ${_ssh_host}." |
||||
|
${_scp} "${_cfullchain}" "${_ssh_host}:${_cdomain}.pem" |
||||
|
${_scp} "${_ckey}" "${_ssh_host}:${_cdomain}.key" |
||||
|
|
||||
|
_info "Setting up new certificate." |
||||
|
${_ssh} /certificate import file-name="${_cdomain}.pem" passphrase=\"\" |
||||
|
${_ssh} /certificate import file-name="${_cdomain}.key" passphrase=\"\" |
||||
|
${_ssh} /file remove "${_cdomain}.pem" |
||||
|
${_ssh} /file remove "${_cdomain}.key" |
||||
|
|
||||
|
${_ssh} /ip service set www-ssl certificate="${_cdomain}.pem_0" |
||||
|
if [ "${DEPLOY_MIKROTIK_SET_API}" = "yes" ]; then |
||||
|
${_ssh} /ip service set api-ssl certificate="${_cdomain}.pem_0" |
||||
|
fi |
||||
|
} |
||||
Write
Preview
Loading…
Cancel
Save
Reference in new issue