deploy/truenas.sh

   1 #!/usr/bin/env sh
   2
   3 # Here is a scipt to deploy the cert to your TrueNAS using the REST API.
   4 # https://www.truenas.com/docs/hub/additional-topics/api/rest_api.html
   5 #
   6 # Written by Frank Plass github@f-plass.de
   7 # https://github.com/danb35/deploy-freenas/blob/master/deploy_freenas.py
   8 # Thanks to danb35 for your template!
   9 #
  10 # Following environment variables must be set:
  11 #
  12 # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
  13 #
  14 # The following environmental variables may be set if you don't like their
  15 # default values:
  16 #
  17 # DEPLOY_TRUENAS_HOSTNAME - defaults to localhost
  18 # DEPLOY_TRUENAS_SCHEME - defaults to http, set alternatively to https
  19 #
  20 #returns 0 means success, otherwise error.
  21
  22 ########  Public functions #####################
  23
  24 #domain keyfile certfile cafile fullchain
  25 truenas_deploy() {
  26   _cdomain="$1"
  27   _ckey="$2"
  28   _ccert="$3"
  29   _cca="$4"
  30   _cfullchain="$5"
  31
  32   _debug _cdomain "$_cdomain"
  33   _debug _ckey "$_ckey"
  34   _debug _ccert "$_ccert"
  35   _debug _cca "$_cca"
  36   _debug _cfullchain "$_cfullchain"
  37
  38   _getdeployconf DEPLOY_TRUENAS_APIKEY
  39
  40   if [ -z "$DEPLOY_TRUENAS_APIKEY" ]; then
  41     _err "TrueNAS Api Key is not found, please define DEPLOY_TRUENAS_APIKEY."
  42     return 1
  43   fi
  44   _secure_debug2 DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
  45
  46   # Optional hostname, scheme for TrueNAS
  47   _getdeployconf DEPLOY_TRUENAS_HOSTNAME
  48   _getdeployconf DEPLOY_TRUENAS_SCHEME
  49
  50   # default values for hostname and scheme
  51   [ -n "${DEPLOY_TRUENAS_HOSTNAME}" ] || DEPLOY_TRUENAS_HOSTNAME="localhost"
  52   [ -n "${DEPLOY_TRUENAS_SCHEME}" ] || DEPLOY_TRUENAS_SCHEME="http"
  53
  54   _debug2 DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
  55   _debug2 DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
  56
  57   _api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
  58   _debug _api_url "$_api_url"
  59
  60   _H1="Authorization: Bearer $DEPLOY_TRUENAS_APIKEY"
  61   _secure_debug3 _H1 "$_H1"
  62
  63   _info "Testing Connection TrueNAS"
  64   _response=$(_get "$_api_url/system/state")
  65   _info "TrueNAS System State: $_response."
  66
  67   if [ -z "$_response" ]; then
  68     _err "Unable to authenticate to $_api_url."
  69     _err 'Check your Connection and set DEPLOY_TRUENAS_HOSTNAME="192.168.178.x".'
  70     _err 'or'
  71     _err 'set DEPLOY_TRUENAS_HOSTNAME="<truenas_dnsname>".'
  72     _err 'Check your Connection and set DEPLOY_TRUENAS_SCHEME="https".'
  73     _err "Check your Api Key."
  74     return 1
  75   fi
  76
  77   _savedeployconf DEPLOY_TRUENAS_APIKEY "$DEPLOY_TRUENAS_APIKEY"
  78   _savedeployconf DEPLOY_TRUENAS_HOSTNAME "$DEPLOY_TRUENAS_HOSTNAME"
  79   _savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
  80
  81   _info "Getting active certificate from TrueNAS"
  82   _response=$(_get "$_api_url/system/general")
  83   _active_cert_id=$(echo "$_response" | grep -B2 '"name":' | grep 'id' | tr -d -- '"id: ,')
  84   _active_cert_name=$(echo "$_response" | grep '"name":' | sed -n 's/.*: "\(.\{1,\}\)",$/\1/p')
  85   _param_httpsredirect=$(echo "$_response" | grep '"ui_httpsredirect":' | sed -n 's/.*": \(.\{1,\}\),$/\1/p')
  86   _debug Active_UI_Certificate_ID "$_active_cert_id"
  87   _debug Active_UI_Certificate_Name "$_active_cert_name"
  88   _debug Active_UI_http_redirect "$_param_httpsredirect"
  89
  90   if [ "$DEPLOY_TRUENAS_SCHEME" = "http" ] && [ "$_param_httpsredirect" = "true" ]; then
  91     _info "http Redirect active"
  92     _info "Setting DEPLOY_TRUENAS_SCHEME to 'https'"
  93     DEPLOY_TRUENAS_SCHEME="https"
  94     _api_url="$DEPLOY_TRUENAS_SCHEME://$DEPLOY_TRUENAS_HOSTNAME/api/v2.0"
  95     _savedeployconf DEPLOY_TRUENAS_SCHEME "$DEPLOY_TRUENAS_SCHEME"
  96   fi
  97
  98   _info "Upload new certifikate to TrueNAS"
  99   _certname="Letsencrypt_$(_utc_date | tr ' ' '_' | tr -d -- ':')"
 100   _debug3 _certname "$_certname"
 101
 102   _certData="{\"create_type\": \"CERTIFICATE_CREATE_IMPORTED\", \"name\": \"${_certname}\", \"certificate\": \"$(_json_encode <"$_cfullchain")\", \"privatekey\": \"$(_json_encode <"$_ckey")\"}"
 103   _add_cert_result="$(_post "$_certData" "$_api_url/certificate" "" "POST" "application/json")"
 104
 105   _debug3 _add_cert_result "$_add_cert_result"
 106
 107   _info "Getting Certificate list to get new Cert ID"
 108   _cert_list=$(_get "$_api_url/system/general/ui_certificate_choices")
 109   _cert_id=$(echo "$_cert_list" | grep "$_certname" | sed -n 's/.*"\([0-9]\{1,\}\)".*$/\1/p')
 110
 111   _debug3 _cert_id "$_cert_id"
 112
 113   _info "Activate Certificate ID: $_cert_id"
 114   _activateData="{\"ui_certificate\": \"${_cert_id}\"}"
 115   _activate_result="$(_post "$_activateData" "$_api_url/system/general" "" "PUT" "application/json")"
 116
 117   _debug3 _activate_result "$_activate_result"
 118
 119   _info "Check if WebDAV certificate is the same as the WEB UI"
 120   _webdav_list=$(_get "$_api_url/webdav")
 121   _webdav_cert_id=$(echo "$_webdav_list" | grep '"certssl":' | tr -d -- '"certsl: ,')
 122
 123   if [ "$_webdav_cert_id" = "$_active_cert_id" ]; then
 124     _info "Update the WebDAV Certificate"
 125     _debug _webdav_cert_id "$_webdav_cert_id"
 126     _webdav_data="{\"certssl\": \"${_cert_id}\"}"
 127     _activate_webdav_cert="$(_post "$_webdav_data" "$_api_url/webdav" "" "PUT" "application/json")"
 128     _webdav_new_cert_id=$(echo "$_activate_webdav_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
 129     if [ "$_webdav_new_cert_id" -eq "$_cert_id" ]; then
 130       _info "WebDAV Certificate update successfully"
 131     else
 132       _err "Unable to set WebDAV certificate"
 133       _debug3 _activate_webdav_cert "$_activate_webdav_cert"
 134       _debug3 _webdav_new_cert_id "$_webdav_new_cert_id"
 135       return 1
 136     fi
 137     _debug3 _webdav_new_cert_id "$_webdav_new_cert_id"
 138   else
 139     _info "WebDAV certificate not set or not the same as Web UI"
 140   fi
 141
 142   _info "Check if FTP certificate is the same as the WEB UI"
 143   _ftp_list=$(_get "$_api_url/ftp")
 144   _ftp_cert_id=$(echo "$_ftp_list" | grep '"ssltls_certificate":' | tr -d -- '"certislfa:_ ,')
 145
 146   if [ "$_ftp_cert_id" = "$_active_cert_id" ]; then
 147     _info "Update the FTP Certificate"
 148     _debug _ftp_cert_id "$_ftp_cert_id"
 149     _ftp_data="{\"ssltls_certificate\": \"${_cert_id}\"}"
 150     _activate_ftp_cert="$(_post "$_ftp_data" "$_api_url/ftp" "" "PUT" "application/json")"
 151     _ftp_new_cert_id=$(echo "$_activate_ftp_cert" | _json_decode | sed -n 's/.*: \([0-9]\{1,\}\) }$/\1/p')
 152     if [ "$_ftp_new_cert_id" -eq "$_cert_id" ]; then
 153       _info "FTP Certificate update successfully"
 154     else
 155       _err "Unable to set FTP certificate"
 156       _debug3 _activate_ftp_cert "$_activate_ftp_cert"
 157       _debug3 _ftp_new_cert_id "$_ftp_new_cert_id"
 158       return 1
 159     fi
 160     _debug3 _activate_ftp_cert "$_activate_ftp_cert"
 161   else
 162     _info "FTP certificate not set or not the same as Web UI"
 163   fi
 164
 165   _info "Delete old Certificate"
 166   _delete_result="$(_post "" "$_api_url/certificate/id/$_active_cert_id" "" "DELETE" "application/json")"
 167
 168   _debug3 _delete_result "$_delete_result"
 169
 170   _info "Reload WebUI from TrueNAS"
 171   _restart_UI=$(_get "$_api_url/system/general/ui_restart")
 172   _debug2 _restart_UI "$_restart_UI"
 173
 174   if [ -n "$_add_cert_result" ] && [ -n "$_activate_result" ]; then
 175     return 0
 176   else
 177     _err "Certupdate was not succesfull, please use --debug"
 178     return 1
 179   fi
 180 }