From b5d168f2f84619fd062ad7510f5e402199d88a2d Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Fri, 26 Jan 2018 10:41:33 -0700 Subject: [PATCH 1/7] Create edgemax.sh A deployment script for certificates issued to Edgemax routers made by Ubiquiti. --- deploy/edgemax.sh | 80 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 80 insertions(+) create mode 100644 deploy/edgemax.sh diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh new file mode 100644 index 00000000..6e90ee98 --- /dev/null +++ b/deploy/edgemax.sh @@ -0,0 +1,80 @@ +#!/bin/bash + +################################################################ +### +### A script to deploy Let's Encrypt certificate +### on Edgemax routers. +### +################################################################ + +#This file name is "edgemax.sh" +#So, here must be a method edgemax_deploy() +#Which will be called by acme.sh to deploy the cert +#returns 0 means success, otherwise error. + +######## Public functions ##################### +function atexit() { + #closes CLI session + cli-shell-api teardownSession + _debug EXITCODE: $1 + return $1 +} + + +#domain keyfile certfile cafile fullchain +edgemax_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + ### 'lighttpd_pem' - certificate file configured for your Edgemax GUI + + lighttpd_pem=/config/auth/le-cert.pem + + _info "$(__green "EdgeMax Certificate Path: $lighttpd_pem")" + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + _info "Generating PEM file for lighttpd" + sudo sh -c "cat ${_ccert} ${_ckey} > ${lighttpd_pem}" + + _info "$(__green "Checking EdgeMax Config for SSL Settings: $lighttpd_pem")" + vals=$( cli-shell-api returnEffectiveValue service gui cert-file) + certfile=$vals + if [ "$lighttpd_pem" != "$certfile" ]; then + _debug "Current Edgemax Certfile" "$certfile" + _info "Certfile is not set to $lighttpd_pem" + + # Obtain session environment + session_env=$(cli-shell-api getSessionEnv $PPID) + + # Setup the session + cli-shell-api setupSession + + # Verify Session Started + cli-shell-api inSession + if [ $? -ne 0 ]; then + _err "Something went wrong starting CLI Session!" + atexit 1 + fi + SET=${vyatta_sbindir}/my_set + COMMIT=${vyatta_sbindir}/my_commit + SAVE=${vyatta_sbindir}/vyatta-save-config.pl + _info "Setting Certificate parameter." + $SET service gui cert-file /config/auth/le-cert.pem + $COMMIT + $SAVE + else + _info "EdgeMax cert-file already set to $lighttpd_pem" + fi + _info Restarting lighttpd + sudo kill -SIGTERM $(cat /var/run/lighttpd.pid) + sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf + + atexit 0 + +} From 0999d100f8b0e5604e2e645fffb374e3c0c1bbb6 Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Fri, 26 Jan 2018 12:17:58 -0700 Subject: [PATCH 2/7] Update edgemax.sh --- deploy/edgemax.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh index 6e90ee98..2d166013 100644 --- a/deploy/edgemax.sh +++ b/deploy/edgemax.sh @@ -54,7 +54,8 @@ edgemax_deploy() { # Setup the session cli-shell-api setupSession - + eval $session_env + # Verify Session Started cli-shell-api inSession if [ $? -ne 0 ]; then From e0d630d7a9870506cf8da77aea38fc360a48887e Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Fri, 26 Jan 2018 12:21:05 -0700 Subject: [PATCH 3/7] Update edgemax.sh --- deploy/edgemax.sh | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh index 2d166013..c6c0d55b 100644 --- a/deploy/edgemax.sh +++ b/deploy/edgemax.sh @@ -51,11 +51,11 @@ edgemax_deploy() { # Obtain session environment session_env=$(cli-shell-api getSessionEnv $PPID) - + eval $session_env + # Setup the session cli-shell-api setupSession - eval $session_env - + # Verify Session Started cli-shell-api inSession if [ $? -ne 0 ]; then From 2b129b9abafbaff763e7accb0058457ab734c0f6 Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Mon, 29 Jan 2018 11:52:25 -0700 Subject: [PATCH 4/7] Update edgemax.sh fixed formatting and some added some quotation marks to make Travis Happy. --- deploy/edgemax.sh | 64 +++++++++++++++++++++++------------------------ 1 file changed, 32 insertions(+), 32 deletions(-) diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh index c6c0d55b..e75de75e 100644 --- a/deploy/edgemax.sh +++ b/deploy/edgemax.sh @@ -14,10 +14,10 @@ ######## Public functions ##################### function atexit() { - #closes CLI session - cli-shell-api teardownSession - _debug EXITCODE: $1 - return $1 + #closes CLI session + cli-shell-api teardownSession + _debug EXITCODE: "$1" + return "$1" } @@ -28,12 +28,11 @@ edgemax_deploy() { _ccert="$3" _cca="$4" _cfullchain="$5" - ### 'lighttpd_pem' - certificate file configured for your Edgemax GUI lighttpd_pem=/config/auth/le-cert.pem - _info "$(__green "EdgeMax Certificate Path: $lighttpd_pem")" + _info "$(__green "EdgeMax Certificate Path: $lighttpd_pem")" _debug _cdomain "$_cdomain" _debug _ckey "$_ckey" _debug _ccert "$_ccert" @@ -42,40 +41,41 @@ edgemax_deploy() { _info "Generating PEM file for lighttpd" sudo sh -c "cat ${_ccert} ${_ckey} > ${lighttpd_pem}" - _info "$(__green "Checking EdgeMax Config for SSL Settings: $lighttpd_pem")" - vals=$( cli-shell-api returnEffectiveValue service gui cert-file) + _info "$(__green "Checking EdgeMax Config for SSL Settings: $lighttpd_pem")" + vals=$(cli-shell-api returnEffectiveValue service gui cert-file) certfile=$vals if [ "$lighttpd_pem" != "$certfile" ]; then - _debug "Current Edgemax Certfile" "$certfile" - _info "Certfile is not set to $lighttpd_pem" + _debug "Current Edgemax Certfile" "$certfile" + _info "Certfile is not set to $lighttpd_pem" + + vyatta_sbindir="/opt/vyatta/sbin" #overwritten by eval command but needed to pass github checks. + # Obtain session environment + session_env=$(cli-shell-api getSessionEnv $PPID) + eval "$session_env" - # Obtain session environment - session_env=$(cli-shell-api getSessionEnv $PPID) - eval $session_env - - # Setup the session - cli-shell-api setupSession + # Setup the session + cli-shell-api setupSession - # Verify Session Started - cli-shell-api inSession - if [ $? -ne 0 ]; then - _err "Something went wrong starting CLI Session!" - atexit 1 - fi - SET=${vyatta_sbindir}/my_set - COMMIT=${vyatta_sbindir}/my_commit - SAVE=${vyatta_sbindir}/vyatta-save-config.pl - _info "Setting Certificate parameter." - $SET service gui cert-file /config/auth/le-cert.pem - $COMMIT - $SAVE - else + # Verify Session Started + cli-shell-api inSession + if [ $? -ne 0 ]; then + _err "Something went wrong starting CLI Session!" + atexit 1 + fi + SET=${vyatta_sbindir}/my_set + COMMIT=${vyatta_sbindir}/my_commit + SAVE=${vyatta_sbindir}/vyatta-save-config.pl + _info "Setting Certificate parameter." + $SET service gui cert-file /config/auth/le-cert.pem + $COMMIT + $SAVE + else _info "EdgeMax cert-file already set to $lighttpd_pem" - fi + fi _info Restarting lighttpd sudo kill -SIGTERM $(cat /var/run/lighttpd.pid) sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf - atexit 0 + atexit 0 } From 195e7f5a79a64c2627694ccdc39c7d6cf15ab695 Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Mon, 29 Jan 2018 11:57:45 -0700 Subject: [PATCH 5/7] Update edgemax.sh more formatting fixes --- deploy/edgemax.sh | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh index e75de75e..820d5ddf 100644 --- a/deploy/edgemax.sh +++ b/deploy/edgemax.sh @@ -20,7 +20,6 @@ function atexit() { return "$1" } - #domain keyfile certfile cafile fullchain edgemax_deploy() { _cdomain="$1" @@ -73,7 +72,7 @@ edgemax_deploy() { _info "EdgeMax cert-file already set to $lighttpd_pem" fi _info Restarting lighttpd - sudo kill -SIGTERM $(cat /var/run/lighttpd.pid) + sudo kill -SIGTERM "$(cat /var/run/lighttpd.pid)" sudo /usr/sbin/lighttpd -f /etc/lighttpd/lighttpd.conf atexit 0 From 2a8b806661adb01c9a458dfb63df20e73b856821 Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Fri, 23 Feb 2018 03:45:00 -0700 Subject: [PATCH 6/7] Update edgemax.sh --- deploy/edgemax.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh index 820d5ddf..4bfea968 100644 --- a/deploy/edgemax.sh +++ b/deploy/edgemax.sh @@ -13,7 +13,7 @@ #returns 0 means success, otherwise error. ######## Public functions ##################### -function atexit() { +atexit() { #closes CLI session cli-shell-api teardownSession _debug EXITCODE: "$1" From dd5a5e2db9d90efc2cfac4a91069c0f6782e7690 Mon Sep 17 00:00:00 2001 From: Evan Swendsen Date: Wed, 20 Feb 2019 09:49:32 -0700 Subject: [PATCH 7/7] Update edgemax.sh Adding code to check for CRON JOB in router configuration and adding if not already there --- deploy/edgemax.sh | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) diff --git a/deploy/edgemax.sh b/deploy/edgemax.sh index 4bfea968..56316d88 100644 --- a/deploy/edgemax.sh +++ b/deploy/edgemax.sh @@ -40,6 +40,37 @@ edgemax_deploy() { _info "Generating PEM file for lighttpd" sudo sh -c "cat ${_ccert} ${_ckey} > ${lighttpd_pem}" + _info "$(__green "Checking for Cron Job")" + cronval=$(cli-shell-api returnEffectiveValue system task-scheduler task LetsEncrypt executable path) + if [ "$cronval" != "/config/user-data/acme.sh/acme.sh" ]; then + _info "$(__green "Job not found. Adding")" + vyatta_sbindir="/opt/vyatta/sbin" #overwritten by eval command but needed to pass github checks. + # Obtain session environment + session_env=$(cli-shell-api getSessionEnv $PPID) + eval "$session_env" + + # Setup the session + cli-shell-api setupSession + + # Verify Session Started + cli-shell-api inSession + if [ $? -ne 0 ]; then + _err "Something went wrong starting CLI Session!" + atexit 1 + fi + SET=${vyatta_sbindir}/my_set + COMMIT=${vyatta_sbindir}/my_commit + SAVE=${vyatta_sbindir}/vyatta-save-config.pl + _info "Setting CRON job parameter." + $SET system task-scheduler task LetsEncrypt crontab-spec '39 1 * * *' + $SET system task-scheduler task LetsEncrypt executable arguments '--cron --home /config/user-data/acme.sh --config-home /config/user-data/acme.sh' + $SET system task-scheduler task LetsEncrypt executable path /config/user-data/acme.sh/acme.sh + $COMMIT + $SAVE + else + _info "CRON job already set" + fi + _info "$(__green "Checking EdgeMax Config for SSL Settings: $lighttpd_pem")" vals=$(cli-shell-api returnEffectiveValue service gui cert-file) certfile=$vals