]>
Commit | Line | Data |
---|---|---|
561803c0 | 1 | #!/usr/bin/env sh |
2 | ||
3 | #DEPLOY_DOCKER_CONTAINER_LABEL="xxxxxxx" | |
561803c0 | 4 | |
5 | #DEPLOY_DOCKER_CONTAINER_KEY_FILE="/path/to/key.pem" | |
6 | #DEPLOY_DOCKER_CONTAINER_CERT_FILE="/path/to/cert.pem" | |
7 | #DEPLOY_DOCKER_CONTAINER_CA_FILE="/path/to/ca.pem" | |
8 | #DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE="/path/to/fullchain.pem" | |
9 | #DEPLOY_DOCKER_CONTAINER_RELOAD_CMD="service nginx force-reload" | |
10 | ||
0bbaa519 | 11 | _DEPLOY_DOCKER_WIKI="https://github.com/Neilpang/acme.sh/wiki/deploy-to-docker-containers" |
561803c0 | 12 | |
13 | _DOCKER_HOST_DEFAULT="/var/run/docker.sock" | |
14 | ||
15 | docker_deploy() { | |
16 | _cdomain="$1" | |
17 | _ckey="$2" | |
18 | _ccert="$3" | |
19 | _cca="$4" | |
20 | _cfullchain="$5" | |
0bbaa519 | 21 | _debug _cdomain "$_cdomain" |
aec66362 | 22 | _getdeployconf DEPLOY_DOCKER_CONTAINER_LABEL |
2e3ddd3a | 23 | _debug2 DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL" |
561803c0 | 24 | if [ -z "$DEPLOY_DOCKER_CONTAINER_LABEL" ]; then |
25 | _err "The DEPLOY_DOCKER_CONTAINER_LABEL variable is not defined, we use this label to find the container." | |
26 | _err "See: $_DEPLOY_DOCKER_WIKI" | |
27 | fi | |
28 | ||
aec66362 | 29 | _savedeployconf DEPLOY_DOCKER_CONTAINER_LABEL "$DEPLOY_DOCKER_CONTAINER_LABEL" |
561803c0 | 30 | |
31 | if [ "$DOCKER_HOST" ]; then | |
32 | _saveaccountconf DOCKER_HOST "$DOCKER_HOST" | |
33 | fi | |
34 | ||
35 | if _exists docker && docker version | grep -i docker >/dev/null; then | |
36 | _info "Using docker command" | |
37 | export _USE_DOCKER_COMMAND=1 | |
38 | else | |
39 | export _USE_DOCKER_COMMAND= | |
40 | fi | |
41 | ||
42 | export _USE_UNIX_SOCKET= | |
43 | if [ -z "$_USE_DOCKER_COMMAND" ]; then | |
44 | export _USE_REST= | |
45 | if [ "$DOCKER_HOST" ]; then | |
46 | _debug "Try use docker host: $DOCKER_HOST" | |
47 | export _USE_REST=1 | |
48 | else | |
49 | export _DOCKER_SOCK="$_DOCKER_HOST_DEFAULT" | |
50 | _debug "Try use $_DOCKER_SOCK" | |
51 | if [ ! -e "$_DOCKER_SOCK" ] || [ ! -w "$_DOCKER_SOCK" ]; then | |
52 | _err "$_DOCKER_SOCK is not available" | |
53 | return 1 | |
54 | fi | |
55 | export _USE_UNIX_SOCKET=1 | |
56 | if ! _exists "curl"; then | |
57 | _err "Please install curl first." | |
58 | _err "We need curl to work." | |
59 | return 1 | |
60 | fi | |
61 | if ! _check_curl_version; then | |
62 | return 1 | |
63 | fi | |
64 | fi | |
65 | fi | |
66 | ||
aec66362 | 67 | _getdeployconf DEPLOY_DOCKER_CONTAINER_KEY_FILE |
2e3ddd3a | 68 | _debug2 DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" |
561803c0 | 69 | if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then |
aec66362 | 70 | _savedeployconf DEPLOY_DOCKER_CONTAINER_KEY_FILE "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" |
561803c0 | 71 | fi |
72 | ||
aec66362 | 73 | _getdeployconf DEPLOY_DOCKER_CONTAINER_CERT_FILE |
2e3ddd3a | 74 | _debug2 DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" |
561803c0 | 75 | if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then |
aec66362 | 76 | _savedeployconf DEPLOY_DOCKER_CONTAINER_CERT_FILE "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" |
561803c0 | 77 | fi |
78 | ||
aec66362 | 79 | _getdeployconf DEPLOY_DOCKER_CONTAINER_CA_FILE |
2e3ddd3a | 80 | _debug2 DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE" |
561803c0 | 81 | if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then |
aec66362 | 82 | _savedeployconf DEPLOY_DOCKER_CONTAINER_CA_FILE "$DEPLOY_DOCKER_CONTAINER_CA_FILE" |
561803c0 | 83 | fi |
84 | ||
aec66362 | 85 | _getdeployconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE |
2e3ddd3a | 86 | _debug2 DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" |
561803c0 | 87 | if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then |
aec66362 | 88 | _savedeployconf DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" |
561803c0 | 89 | fi |
90 | ||
aec66362 | 91 | _getdeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD |
2e3ddd3a | 92 | _debug2 DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" |
561803c0 | 93 | if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then |
aec66362 | 94 | _savedeployconf DEPLOY_DOCKER_CONTAINER_RELOAD_CMD "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" |
561803c0 | 95 | fi |
96 | ||
97 | _cid="$(_get_id "$DEPLOY_DOCKER_CONTAINER_LABEL")" | |
98 | _info "Container id: $_cid" | |
99 | if [ -z "$_cid" ]; then | |
100 | _err "can not find container id" | |
101 | return 1 | |
102 | fi | |
103 | ||
104 | if [ "$DEPLOY_DOCKER_CONTAINER_KEY_FILE" ]; then | |
105 | if ! _docker_cp "$_cid" "$_ckey" "$DEPLOY_DOCKER_CONTAINER_KEY_FILE"; then | |
106 | return 1 | |
107 | fi | |
108 | fi | |
109 | ||
110 | if [ "$DEPLOY_DOCKER_CONTAINER_CERT_FILE" ]; then | |
111 | if ! _docker_cp "$_cid" "$_ccert" "$DEPLOY_DOCKER_CONTAINER_CERT_FILE"; then | |
112 | return 1 | |
113 | fi | |
114 | fi | |
115 | ||
116 | if [ "$DEPLOY_DOCKER_CONTAINER_CA_FILE" ]; then | |
117 | if ! _docker_cp "$_cid" "$_cca" "$DEPLOY_DOCKER_CONTAINER_CA_FILE"; then | |
118 | return 1 | |
119 | fi | |
120 | fi | |
121 | ||
122 | if [ "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE" ]; then | |
123 | if ! _docker_cp "$_cid" "$_cfullchain" "$DEPLOY_DOCKER_CONTAINER_FULLCHAIN_FILE"; then | |
124 | return 1 | |
125 | fi | |
126 | fi | |
127 | ||
128 | if [ "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD" ]; then | |
129 | if ! _docker_exec "$_cid" "$DEPLOY_DOCKER_CONTAINER_RELOAD_CMD"; then | |
130 | return 1 | |
131 | fi | |
132 | fi | |
133 | return 0 | |
134 | } | |
135 | ||
136 | #label | |
137 | _get_id() { | |
138 | _label="$1" | |
139 | if [ "$_USE_DOCKER_COMMAND" ]; then | |
140 | docker ps -f label="$_label" --format "{{.ID}}" | |
141 | elif [ "$_USE_REST" ]; then | |
142 | _err "Not implemented yet." | |
143 | return 1 | |
144 | elif [ "$_USE_UNIX_SOCKET" ]; then | |
145 | _req="{\"label\":[\"$_label\"]}" | |
146 | _debug2 _req "$_req" | |
147 | _req="$(printf "%s" "$_req" | _url_encode)" | |
148 | _debug2 _req "$_req" | |
0bbaa519 | 149 | listjson="$(_curl_unix_sock "${_DOCKER_SOCK:-$_DOCKER_HOST_DEFAULT}" GET "/containers/json?filters=$_req")" |
561803c0 | 150 | _debug2 "listjson" "$listjson" |
151 | echo "$listjson" | tr '{,' '\n' | grep -i '"id":' | _head_n 1 | cut -d '"' -f 4 | |
152 | else | |
153 | _err "Not implemented yet." | |
154 | return 1 | |
155 | fi | |
156 | } | |
157 | ||
158 | #id cmd | |
159 | _docker_exec() { | |
0bbaa519 | 160 | _eargs="$*" |
561803c0 | 161 | _debug2 "_docker_exec $_eargs" |
162 | _dcid="$1" | |
163 | shift | |
164 | if [ "$_USE_DOCKER_COMMAND" ]; then | |
a18c3ff0 | 165 | docker exec -i "$_dcid" sh -c "$*" |
561803c0 | 166 | elif [ "$_USE_REST" ]; then |
167 | _err "Not implemented yet." | |
168 | return 1 | |
169 | elif [ "$_USE_UNIX_SOCKET" ]; then | |
0bbaa519 | 170 | _cmd="$*" |
a18c3ff0 | 171 | #_cmd="$(printf "%s" "$_cmd" | sed 's/ /","/g')" |
561803c0 | 172 | _debug2 _cmd "$_cmd" |
173 | #create exec instance: | |
a18c3ff0 | 174 | cjson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/containers/$_dcid/exec" "{\"Cmd\": [\"sh\", \"-c\", \"$_cmd\"]}")" |
561803c0 | 175 | _debug2 cjson "$cjson" |
176 | execid="$(echo "$cjson" | cut -d '"' -f 4)" | |
177 | _debug execid "$execid" | |
0bbaa519 | 178 | ejson="$(_curl_unix_sock "$_DOCKER_SOCK" POST "/exec/$execid/start" "{\"Detach\": false,\"Tty\": false}")" |
561803c0 | 179 | _debug2 ejson "$ejson" |
a18c3ff0 | 180 | if [ "$ejson" ]; then |
181 | _err "$ejson" | |
182 | return 1 | |
183 | fi | |
561803c0 | 184 | else |
185 | _err "Not implemented yet." | |
186 | return 1 | |
187 | fi | |
188 | } | |
189 | ||
190 | #id from to | |
191 | _docker_cp() { | |
192 | _dcid="$1" | |
193 | _from="$2" | |
194 | _to="$3" | |
195 | _info "Copying file from $_from to $_to" | |
196 | _dir="$(dirname "$_to")" | |
2e3ddd3a | 197 | _debug2 _dir "$_dir" |
561803c0 | 198 | _docker_exec "$_dcid" mkdir -p "$_dir" |
199 | if [ "$_USE_DOCKER_COMMAND" ]; then | |
0bbaa519 | 200 | if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then |
201 | _docker_exec "$_dcid" tee "$_to" <"$_from" | |
202 | else | |
203 | _docker_exec "$_dcid" tee "$_to" <"$_from" >/dev/null | |
204 | fi | |
561803c0 | 205 | if [ "$?" = "0" ]; then |
206 | _info "Success" | |
207 | return 0 | |
208 | else | |
209 | _info "Error" | |
210 | return 1 | |
211 | fi | |
212 | elif [ "$_USE_REST" ]; then | |
213 | _err "Not implemented yet." | |
214 | return 1 | |
215 | elif [ "$_USE_UNIX_SOCKET" ]; then | |
216 | _frompath="$_from" | |
217 | if _startswith "$_frompath" '/'; then | |
0bbaa519 | 218 | _frompath="$(echo "$_from" | cut -b 2-)" #remove the first '/' char |
561803c0 | 219 | fi |
220 | _debug2 "_frompath" "$_frompath" | |
221 | _toname="$(basename "$_to")" | |
222 | _debug2 "_toname" "$_toname" | |
223 | if ! tar --transform="s,$_frompath,$_toname," -cz "$_from" 2>/dev/null | _curl_unix_sock "$_DOCKER_SOCK" PUT "/containers/$_dcid/archive?noOverwriteDirNonDir=1&path=$(printf "%s" "$_dir" | _url_encode)" '@-' "Content-Type: application/octet-stream"; then | |
224 | _err "copy error" | |
225 | return 1 | |
226 | fi | |
227 | return 0 | |
228 | else | |
229 | _err "Not implemented yet." | |
230 | return 1 | |
231 | fi | |
232 | ||
233 | } | |
234 | ||
235 | #sock method endpoint data content-type | |
236 | _curl_unix_sock() { | |
237 | _socket="$1" | |
238 | _method="$2" | |
239 | _endpoint="$3" | |
240 | _data="$4" | |
241 | _ctype="$5" | |
242 | if [ -z "$_ctype" ]; then | |
243 | _ctype="Content-Type: application/json" | |
244 | fi | |
245 | _debug _data "$_data" | |
246 | _debug2 "url" "http://localhost$_endpoint" | |
247 | if [ "$_CURL_NO_HOST" ]; then | |
248 | _cux_url="http:$_endpoint" | |
249 | else | |
250 | _cux_url="http://localhost$_endpoint" | |
251 | fi | |
252 | ||
253 | if [ "$DEBUG" ] && [ "$DEBUG" -ge "2" ]; then | |
0bbaa519 | 254 | curl -vvv --silent --unix-socket "$_socket" -X "$_method" --data-binary "$_data" --header "$_ctype" "$_cux_url" |
561803c0 | 255 | else |
0bbaa519 | 256 | curl --silent --unix-socket "$_socket" -X "$_method" --data-binary "$_data" --header "$_ctype" "$_cux_url" |
561803c0 | 257 | fi |
258 | ||
259 | } | |
260 | ||
261 | _check_curl_version() { | |
262 | _cversion="$(curl -V | grep '^curl ' | cut -d ' ' -f 2)" | |
263 | _debug2 "_cversion" "$_cversion" | |
264 | ||
265 | _major="$(_getfield "$_cversion" 1 '.')" | |
266 | _debug2 "_major" "$_major" | |
267 | ||
268 | _minor="$(_getfield "$_cversion" 2 '.')" | |
269 | _debug2 "_minor" "$_minor" | |
270 | ||
271 | if [ "$_major$_minor" -lt "740" ]; then | |
272 | _err "curl v$_cversion doesn't support unit socket" | |
273 | return 1 | |
274 | fi | |
275 | if [ "$_major$_minor" -lt "750" ]; then | |
276 | _debug "Use short host name" | |
277 | export _CURL_NO_HOST=1 | |
278 | else | |
279 | export _CURL_NO_HOST= | |
280 | fi | |
281 | return 0 | |
282 | } |