deploy/unifi.sh

   1 #!/usr/bin/env sh
   2
   3 #Here is a script to deploy cert to unifi server.
   4
   5 #returns 0 means success, otherwise error.
   6
   7 #DEPLOY_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
   8 #DEPLOY_UNIFI_KEYPASS="aircontrolenterprise"
   9 #DEPLOY_UNIFI_RELOAD="service unifi restart"
  10
  11 ########  Public functions #####################
  12
  13 #domain keyfile certfile cafile fullchain
  14 unifi_deploy() {
  15   _cdomain="$1"
  16   _ckey="$2"
  17   _ccert="$3"
  18   _cca="$4"
  19   _cfullchain="$5"
  20
  21   _debug _cdomain "$_cdomain"
  22   _debug _ckey "$_ckey"
  23   _debug _ccert "$_ccert"
  24   _debug _cca "$_cca"
  25   _debug _cfullchain "$_cfullchain"
  26
  27   if ! _exists keytool; then
  28     _err "keytool not found"
  29     return 1
  30   fi
  31
  32   DEFAULT_UNIFI_KEYSTORE="/usr/lib/unifi/data/keystore"
  33   _unifi_keystore="${DEPLOY_UNIFI_KEYSTORE:-$DEFAULT_UNIFI_KEYSTORE}"
  34   DEFAULT_UNIFI_KEYPASS="aircontrolenterprise"
  35   _unifi_keypass="${DEPLOY_UNIFI_KEYPASS:-$DEFAULT_UNIFI_KEYPASS}"
  36   DEFAULT_UNIFI_RELOAD="service unifi restart"
  37   _reload="${DEPLOY_UNIFI_RELOAD:-$DEFAULT_UNIFI_RELOAD}"
  38
  39   _debug _unifi_keystore "$_unifi_keystore"
  40   if [ ! -f "$_unifi_keystore" ]; then
  41     if [ -z "$DEPLOY_UNIFI_KEYSTORE" ]; then
  42       _err "unifi keystore is not found, please define DEPLOY_UNIFI_KEYSTORE"
  43       return 1
  44     else
  45       _err "It seems that the specified unifi keystore is not valid, please check."
  46       return 1
  47     fi
  48   fi
  49   if [ ! -w "$_unifi_keystore" ]; then
  50     _err "The file $_unifi_keystore is not writable, please change the permission."
  51     return 1
  52   fi
  53
  54   _info "Generate import pkcs12"
  55   _import_pkcs12="$(_mktemp)"
  56   _toPkcs "$_import_pkcs12" "$_ckey" "$_ccert" "$_cca" "$_unifi_keypass" unifi root
  57   if [ "$?" != "0" ]; then
  58     _err "Oops, error creating import pkcs12, please report bug to us."
  59     return 1
  60   fi
  61
  62   _info "Modify unifi keystore: $_unifi_keystore"
  63   if keytool -importkeystore \
  64     -deststorepass "$_unifi_keypass" -destkeypass "$_unifi_keypass" -destkeystore "$_unifi_keystore" \
  65     -srckeystore "$_import_pkcs12" -srcstoretype PKCS12 -srcstorepass "$_unifi_keypass" \
  66     -alias unifi -noprompt; then
  67     _info "Import keystore success!"
  68     rm "$_import_pkcs12"
  69   else
  70     _err "Import unifi keystore error, please report bug to us."
  71     rm "$_import_pkcs12"
  72     return 1
  73   fi
  74
  75   _info "Run reload: $_reload"
  76   if eval "$_reload"; then
  77     _info "Reload success!"
  78     if [ "$DEPLOY_UNIFI_KEYSTORE" ]; then
  79       _savedomainconf DEPLOY_UNIFI_KEYSTORE "$DEPLOY_UNIFI_KEYSTORE"
  80     else
  81       _cleardomainconf DEPLOY_UNIFI_KEYSTORE
  82     fi
  83     if [ "$DEPLOY_UNIFI_KEYPASS" ]; then
  84       _savedomainconf DEPLOY_UNIFI_KEYPASS "$DEPLOY_UNIFI_KEYPASS"
  85     else
  86       _cleardomainconf DEPLOY_UNIFI_KEYPASS
  87     fi
  88     if [ "$DEPLOY_UNIFI_RELOAD" ]; then
  89       _savedomainconf DEPLOY_UNIFI_RELOAD "$DEPLOY_UNIFI_RELOAD"
  90     else
  91       _cleardomainconf DEPLOY_UNIFI_RELOAD
  92     fi
  93     return 0
  94   else
  95     _err "Reload error"
  96     return 1
  97   fi
  98   return 0
  99
 100 }