deploy/openmediavault.sh

   1 #!/usr/bin/env sh
   2
   3 # This deploy hook is tested on OpenMediaVault 5.x. It supports both local and remote deployment.
   4 # The way it works is that if a cert with the matching domain name is not found, it will firstly create a dummy cert to get its uuid, and then replace it with your cert.
   5 #
   6 # DEPLOY_OMV_WEBUI_ADMIN - This is OMV web gui admin account. Default value is admin. It's required as the user parameter (-u) for the omv-rpc command.
   7 # DEPLOY_OMV_HOST and DEPLOY_OMV_SSH_USER are optional. They are used for remote deployment through ssh (support public key authentication only). Per design, OMV web gui admin doesn't have ssh permission, so another account is needed for ssh.
   8 #
   9 # returns 0 means success, otherwise error.
  10
  11 ########  Public functions #####################
  12
  13 #domain keyfile certfile cafile fullchain
  14 openmediavault_deploy() {
  15   _cdomain="$1"
  16   _ckey="$2"
  17   _ccert="$3"
  18   _cca="$4"
  19   _cfullchain="$5"
  20
  21   _debug _cdomain "$_cdomain"
  22   _debug _ckey "$_ckey"
  23   _debug _ccert "$_ccert"
  24   _debug _cca "$_cca"
  25   _debug _cfullchain "$_cfullchain"
  26
  27   _getdeployconf DEPLOY_OMV_WEBUI_ADMIN
  28
  29   if [ -z "$DEPLOY_OMV_WEBUI_ADMIN" ]; then
  30     DEPLOY_OMV_WEBUI_ADMIN="admin"
  31   fi
  32
  33   _savedeployconf DEPLOY_OMV_WEBUI_ADMIN "$DEPLOY_OMV_WEBUI_ADMIN"
  34
  35   _getdeployconf DEPLOY_OMV_HOST
  36   _getdeployconf DEPLOY_OMV_SSH_USER
  37
  38   if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
  39     _info "[OMV deploy-hook] Deploy certificate remotely through ssh."
  40     _savedeployconf DEPLOY_OMV_HOST "$DEPLOY_OMV_HOST"
  41     _savedeployconf DEPLOY_OMV_SSH_USER "$DEPLOY_OMV_SSH_USER"
  42   else
  43     _info "[OMV deploy-hook] Deploy certificate locally."
  44   fi
  45
  46   if [ -n "$DEPLOY_OMV_HOST" ] && [ -n "$DEPLOY_OMV_SSH_USER" ]; then
  47
  48     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{\"start\": 0, \"limit\": -1}' | jq -r '.data[] | select(.name==\"/CN='$_cdomain'\") | .uuid'"
  49     # shellcheck disable=SC2029
  50     _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  51     _debug _command "$_command"
  52
  53     if [ -z "$_uuid" ]; then
  54       _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
  55       _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{\"cn\": \"test.example.com\", \"size\": 4096, \"days\": 3650, \"c\": \"\", \"st\": \"\", \"l\": \"\", \"o\": \"\", \"ou\": \"\", \"email\": \"\"}' | jq -r '.uuid'"
  56       # shellcheck disable=SC2029
  57       _uuid=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  58       _debug _command "$_command"
  59
  60       if [ -z "$_uuid" ]; then
  61         _err "[OMV deploy-hook] An error occured while creating the certificate"
  62         return 1
  63       fi
  64     fi
  65
  66     _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
  67     _fullchain=$(jq <"$_cfullchain" -aRs .)
  68     _key=$(jq <"$_ckey" -aRs .)
  69
  70     _debug _fullchain "$_fullchain"
  71     _debug _key "$_key"
  72
  73     _info "[OMV deploy-hook] Updating key and certificate in openmediavault"
  74     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
  75     # shellcheck disable=SC2029
  76     _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  77
  78     _debug _command "$_command"
  79     _debug _result "$_result"
  80
  81     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
  82     # shellcheck disable=SC2029
  83     _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  84
  85     _debug _command "$_command"
  86     _debug _result "$_result"
  87
  88     _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
  89     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
  90     # shellcheck disable=SC2029
  91     _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
  92
  93     _debug _command "$_command"
  94     _debug _result "$_result"
  95
  96     _info "[OMV deploy-hook] Asking nginx to reload"
  97     _command="nginx -s reload"
  98     # shellcheck disable=SC2029
  99     _result=$(ssh "$DEPLOY_OMV_SSH_USER@$DEPLOY_OMV_HOST" "$_command")
 100
 101     _debug _command "$_command"
 102     _debug _result "$_result"
 103
 104   else
 105
 106     # shellcheck disable=SC2086
 107     _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'getList' '{"start": 0, "limit": -1}' | jq -r '.data[] | select(.name=="/CN='$_cdomain'") | .uuid')
 108     if [ -z "$_uuid" ]; then
 109       _info "[OMV deploy-hook] Domain $_cdomain has no certificate in openmediavault, creating it!"
 110       # shellcheck disable=SC2086
 111       _uuid=$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'create' '{"cn": "test.example.com", "size": 4096, "days": 3650, "c": "", "st": "", "l": "", "o": "", "ou": "", "email": ""}' | jq -r '.uuid')
 112
 113       if [ -z "$_uuid" ]; then
 114         _err "[OMB deploy-hook] An error occured while creating the certificate"
 115         return 1
 116       fi
 117     fi
 118
 119     _info "[OMV deploy-hook] Domain $_cdomain has uuid: $_uuid"
 120     _fullchain=$(jq <"$_cfullchain" -aRs .)
 121     _key=$(jq <"$_ckey" -aRs .)
 122
 123     _debug _fullchain "$_fullchain"
 124     _debug _key "$_key"
 125
 126     _info "[OMV deploy-hook] Updating key and certificate in openmediavault"
 127     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'CertificateMgmt' 'set' '{\"uuid\":\"$_uuid\", \"certificate\":$_fullchain, \"privatekey\":$_key, \"comment\":\"acme.sh deployed $(date)\"}'"
 128     _result=$(eval "$_command")
 129
 130     _debug _command "$_command"
 131     _debug _result "$_result"
 132
 133     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'setSettings' \$(omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'WebGui' 'getSettings' | jq -c '.sslcertificateref=\"$_uuid\"')"
 134     _result=$(eval "$_command")
 135
 136     _debug _command "$_command"
 137     _debug _result "$_result"
 138
 139     _info "[OMV deploy-hook] Asking openmediavault to apply changes... (this could take some time, hang in there)"
 140     _command="omv-rpc -u $DEPLOY_OMV_WEBUI_ADMIN 'Config' 'applyChanges' '{\"modules\":[], \"force\": false}'"
 141     _result=$(eval "$_command")
 142
 143     _debug _command "$_command"
 144     _debug _result "$_result"
 145
 146     _info "[OMV deploy-hook] Asking nginx to reload"
 147     _command="nginx -s reload"
 148     _result=$(eval "$_command")
 149
 150     _debug _command "$_command"
 151     _debug _result "$_result"
 152
 153   fi
 154
 155   return 0
 156 }