]>
Commit | Line | Data |
---|---|---|
dca9def4 RS |
1 | #!/usr/bin/env sh |
2 | ||
67c990e8 RS |
3 | # This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment. |
4 | # The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert. | |
5 | # | |
6 | # DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command. | |
7 | # DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh. | |
8 | # | |
9 | # returns 0 means success, otherwise error. | |
10 | ||
dca9def4 RS |
11 | ######## Public functions ##################### |
12 | ||
13 | #domain keyfile certfile cafile fullchain | |
14 | openmediavault_deploy() { | |
15 | _cdomain="$1" | |
16 | _ckey="$2" | |
17 | _ccert="$3" | |
18 | _cca="$4" | |
19 | _cfullchain="$5" | |
20 | ||
21 | _debug _cdomain "$_cdomain" | |
22 | _debug _ckey "$_ckey" | |
23 | _debug _ccert "$_ccert" | |
24 | _debug _cca "$_cca" | |
25 | _debug _cfullchain "$_cfullchain" | |
26 | ||
6bbf927f | 27 | _getdeployconf DEPLOY_OMV_WEBUI_ADMIN |
dca9def4 | 28 | |
6bbf927f RS |
29 | if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then |
30 | DEPLOY_OMV_WEBUI_ADMIN="admin" | |
31 | fi | |
32 | ||
0292e20c RS |
33 | _savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN" |
34 | ||
35 | _getdeployconf DEPLOY_OMV_HOST | |
6bbf927f RS |
36 | _getdeployconf DEPLOY_OMV_SSH_USER |
37 | ||
0292e20c RS |
38 | if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
39 | _info "[OMV deploy-hook] Deploy certificate remotely through ssh." | |
40 | _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST" | |
41 | _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER" | |
42 | else | |
43 | _info "[OMV deploy-hook] Deploy certificate locally." | |
dca9def4 RS |
44 | fi |
45 | ||
0292e20c | 46 | if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then |
dca9def4 | 47 | |
0292e20c | 48 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'" |
a78a4e67 | 49 | # shellcheck disable=SC2029 |
6bbf927f | 50 | _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") |
dca9def4 RS |
51 | _debug _command "$_command" |
52 | ||
53 | if [ -z "$_uuid" ]; then | |
0292e20c RS |
54 | _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" |
55 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'" | |
56 | # shellcheck disable=SC2029 | |
57 | _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") | |
58 | _debug _command "$_command" | |
59 | ||
60 | if [ -z "$_uuid" ]; then | |
61 | _err "[OMV deploy-hook] An error occured while creating the certificate" | |
62 | return 1 | |
63 | fi | |
dca9def4 | 64 | fi |
dca9def4 | 65 | |
0292e20c RS |
66 | _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" |
67 | _fullchain=$(jq <"$_cfullchain" -aRs .) | |
68 | _key=$(jq <"$_ckey" -aRs .) | |
69 | ||
70 | _debug _fullchain "$_fullchain" | |
71 | _debug _key "$_key" | |
72 | ||
73 | _info "[OMV deploy-hook] Updating key and certificate in openmediavault" | |
74 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" | |
75 | # shellcheck disable=SC2029 | |
76 | _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") | |
77 | ||
78 | _debug _command "$_command" | |
79 | _debug _result "$_result" | |
80 | ||
81 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" | |
82 | # shellcheck disable=SC2029 | |
83 | _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") | |
84 | ||
85 | _debug _command "$_command" | |
86 | _debug _result "$_result" | |
87 | ||
88 | _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" | |
89 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" | |
90 | # shellcheck disable=SC2029 | |
91 | _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") | |
92 | ||
93 | _debug _command "$_command" | |
94 | _debug _result "$_result" | |
95 | ||
96 | _info "[OMV deploy-hook] Asking nginx to reload" | |
97 | _command="nginx -s reload" | |
98 | # shellcheck disable=SC2029 | |
99 | _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command") | |
100 | ||
101 | _debug _command "$_command" | |
102 | _debug _result "$_result" | |
103 | ||
104 | else | |
105 | ||
106 | # shellcheck disable=SC2086 | |
107 | _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid') | |
108 | if [ -z "$_uuid" ]; then | |
109 | _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!" | |
110 | # shellcheck disable=SC2086 | |
111 | _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid') | |
112 | ||
113 | if [ -z "$_uuid" ]; then | |
114 | _err "[OMB deploy-hook] An error occured while creating the certificate" | |
115 | return 1 | |
116 | fi | |
117 | fi | |
118 | ||
119 | _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid" | |
120 | _fullchain=$(jq <"$_cfullchain" -aRs .) | |
121 | _key=$(jq <"$_ckey" -aRs .) | |
122 | ||
123 | _debug _fullchain "$_fullchain" | |
124 | _debug _key "$_key" | |
125 | ||
126 | _info "[OMV deploy-hook] Updating key and certificate in openmediavault" | |
127 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'" | |
128 | _result=$(eval "$_command") | |
129 | ||
130 | _debug _command "$_command" | |
131 | _debug _result "$_result" | |
dca9def4 | 132 | |
0292e20c RS |
133 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')" |
134 | _result=$(eval "$_command") | |
dca9def4 | 135 | |
0292e20c RS |
136 | _debug _command "$_command" |
137 | _debug _result "$_result" | |
dca9def4 | 138 | |
0292e20c RS |
139 | _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)" |
140 | _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'" | |
141 | _result=$(eval "$_command") | |
dca9def4 | 142 | |
0292e20c RS |
143 | _debug _command "$_command" |
144 | _debug _result "$_result" | |
dca9def4 | 145 | |
0292e20c RS |
146 | _info "[OMV deploy-hook] Asking nginx to reload" |
147 | _command="nginx -s reload" | |
148 | _result=$(eval "$_command") | |
dca9def4 | 149 | |
0292e20c RS |
150 | _debug _command "$_command" |
151 | _debug _result "$_result" | |
dca9def4 | 152 | |
0292e20c | 153 | fi |
dca9def4 RS |
154 | |
155 | return 0 | |
156 | } |