|
@ -49,6 +49,16 @@ |
|
|
# One optional thing to do as well is to create a script that updates |
|
|
# One optional thing to do as well is to create a script that updates |
|
|
# all the required services and run that script in a single command. |
|
|
# all the required services and run that script in a single command. |
|
|
# |
|
|
# |
|
|
|
|
|
# To adopt parameters to `scp` and/or `ssh` set the optional |
|
|
|
|
|
# `ROUTER_OS_SSH_CMD` and `ROUTER_OS_SCP_CMD` variables accordingly, |
|
|
|
|
|
# see ssh(1) and scp(1) for parameters to those commands. |
|
|
|
|
|
# |
|
|
|
|
|
# Example: |
|
|
|
|
|
# ```ssh |
|
|
|
|
|
# export ROUTER_OS_SSH_CMD="ssh -i /acme.sh/.ssh/router.example.com -o UserKnownHostsFile=/acme.sh/.ssh/known_hosts" |
|
|
|
|
|
# export ROUTER_OS_SCP_CMD="scp -i /acme.sh/.ssh/router.example.com -o UserKnownHostsFile=/acme.sh/.ssh/known_hosts" |
|
|
|
|
|
# ```` |
|
|
|
|
|
# |
|
|
# returns 0 means success, otherwise error. |
|
|
# returns 0 means success, otherwise error. |
|
|
|
|
|
|
|
|
######## Public functions ##################### |
|
|
######## Public functions ##################### |
|
@ -88,6 +98,20 @@ routeros_deploy() { |
|
|
ROUTER_OS_PORT=22 |
|
|
ROUTER_OS_PORT=22 |
|
|
fi |
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
_getdeployconf ROUTER_OS_SSH_CMD |
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$ROUTER_OS_SSH_CMD" ]; then |
|
|
|
|
|
_debug "Use default ssh setup." |
|
|
|
|
|
ROUTER_OS_SSH_CMD="ssh -p $ROUTER_OS_PORT" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
|
|
|
_getdeployconf ROUTER_OS_SCP_CMD |
|
|
|
|
|
|
|
|
|
|
|
if [ -z "$ROUTER_OS_SCP_CMD" ]; then |
|
|
|
|
|
_debug "USe default scp setup." |
|
|
|
|
|
ROUTER_OS_SCP_CMD="scp -P $ROUTER_OS_PORT" |
|
|
|
|
|
fi |
|
|
|
|
|
|
|
|
_getdeployconf ROUTER_OS_ADDITIONAL_SERVICES |
|
|
_getdeployconf ROUTER_OS_ADDITIONAL_SERVICES |
|
|
|
|
|
|
|
|
if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then |
|
|
if [ -z "$ROUTER_OS_ADDITIONAL_SERVICES" ]; then |
|
@ -98,16 +122,19 @@ routeros_deploy() { |
|
|
_savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST" |
|
|
_savedeployconf ROUTER_OS_HOST "$ROUTER_OS_HOST" |
|
|
_savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME" |
|
|
_savedeployconf ROUTER_OS_USERNAME "$ROUTER_OS_USERNAME" |
|
|
_savedeployconf ROUTER_OS_PORT "$ROUTER_OS_PORT" |
|
|
_savedeployconf ROUTER_OS_PORT "$ROUTER_OS_PORT" |
|
|
|
|
|
_savedeployconf ROUTER_OS_SSH_CMD "$ROUTER_OS_SSH_CMD" |
|
|
|
|
|
_savedeployconf ROUTER_OS_SCP_CMD "$ROUTER_OS_SCP_CMD" |
|
|
_savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" |
|
|
_savedeployconf ROUTER_OS_ADDITIONAL_SERVICES "$ROUTER_OS_ADDITIONAL_SERVICES" |
|
|
|
|
|
|
|
|
_info "Trying to push key '$_ckey' to router" |
|
|
_info "Trying to push key '$_ckey' to router" |
|
|
scp -P "$ROUTER_OS_PORT" "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" |
|
|
|
|
|
|
|
|
$ROUTER_OS_SCP_CMD "$_ckey" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.key" |
|
|
_info "Trying to push cert '$_cfullchain' to router" |
|
|
_info "Trying to push cert '$_cfullchain' to router" |
|
|
scp -P "$ROUTER_OS_PORT" "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" |
|
|
|
|
|
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=admin policy=ftp,read,write,password,sensitive \ |
|
|
|
|
|
source=\"## generated by routeros deploy script in acme.sh;\ |
|
|
|
|
|
\n/certificate remove [ find name=$_cdomain.cer_0 ];\ |
|
|
|
|
|
|
|
|
$ROUTER_OS_SCP_CMD "$_cfullchain" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST:$_cdomain.cer" |
|
|
|
|
|
DEPLOY_SCRIPT_CMD="/system script add name=\"LE Cert Deploy - $_cdomain\" owner=$ROUTER_OS_USER \ |
|
|
|
|
|
comment=\"generated by routeros deploy script in acme.sh\" \ |
|
|
|
|
|
source=\"/certificate remove [ find name=$_cdomain.cer_0 ];\ |
|
|
\n/certificate remove [ find name=$_cdomain.cer_1 ];\ |
|
|
\n/certificate remove [ find name=$_cdomain.cer_1 ];\ |
|
|
|
|
|
\n/certificate remove [ find name=$_cdomain.cer_2 ];\ |
|
|
\ndelay 1;\ |
|
|
\ndelay 1;\ |
|
|
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\ |
|
|
\n/certificate import file-name=$_cdomain.cer passphrase=\\\"\\\";\ |
|
|
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\ |
|
|
\n/certificate import file-name=$_cdomain.key passphrase=\\\"\\\";\ |
|
@ -120,11 +147,11 @@ source=\"## generated by routeros deploy script in acme.sh;\ |
|
|
\n\" |
|
|
\n\" |
|
|
" |
|
|
" |
|
|
# shellcheck disable=SC2029 |
|
|
# shellcheck disable=SC2029 |
|
|
ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" |
|
|
|
|
|
|
|
|
$ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "$DEPLOY_SCRIPT_CMD" |
|
|
# shellcheck disable=SC2029 |
|
|
# shellcheck disable=SC2029 |
|
|
ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" |
|
|
|
|
|
|
|
|
$ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script run \"LE Cert Deploy - $_cdomain\"" |
|
|
# shellcheck disable=SC2029 |
|
|
# shellcheck disable=SC2029 |
|
|
ssh -p "$ROUTER_OS_PORT" "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" |
|
|
|
|
|
|
|
|
$ROUTER_OS_SSH_CMD "$ROUTER_OS_USERNAME@$ROUTER_OS_HOST" "/system script remove \"LE Cert Deploy - $_cdomain\"" |
|
|
|
|
|
|
|
|
return 0 |
|
|
return 0 |
|
|
} |
|
|
} |