From 21878149d6ee356259ef9ab9ebe9c074d71d8a9a Mon Sep 17 00:00:00 2001 From: Ola Thoresen Date: Mon, 5 Jun 2023 12:07:57 +0200 Subject: [PATCH 1/5] Adding opengear.sh --- deploy/opengear.sh | 99 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 deploy/opengear.sh diff --git a/deploy/opengear.sh b/deploy/opengear.sh new file mode 100644 index 00000000..1b8202b6 --- /dev/null +++ b/deploy/opengear.sh @@ -0,0 +1,99 @@ +#!/bin/bash + +#Here is a script to deploy cert to opengear operations manager. + +#returns 0 means success, otherwise error. + + +# Note that SSH must be able to login to remote host without a password... +# The user must have sudo-access without password +# +# SSH Keys must have been exchanged with the remote host. Validate and +# test that you can login to USER@SERVER from the host running acme.sh before +# using this script. + + + +# export OPENGEAR_USER="" # required +# export OPENGEAR_HOST="om1234" # defaults to domain name + + +Le_Deploy_ssh_cmd="ssh" + +#domain keyfile certfile cafile fullchain +opengear_deploy() { + _cdomain="$1" + _ckey="$2" + _ccert="$3" + _cca="$4" + _cfullchain="$5" + + _debug _cdomain "$_cdomain" + _debug _ckey "$_ckey" + _debug _ccert "$_ccert" + _debug _cca "$_cca" + _debug _cfullchain "$_cfullchain" + + + Le_Deploy_og_keyfile="/tmp/$(basename $_ckey)" + Le_Deploy_og_fullchain="/tmp/$(basename $_cfullchain)" + + + # OPENGEAR ENV VAR check + if [ -z "$OPENGEAR_HOST" ]; then + # HOST is not set in environment, check for saved variable + _getdeployconf OPENGEAR_HOST + _opengear_host=$OPENGEAR_HOST + fi + if [ -z "$_opengear_host" ]; then + _info "No host found in saved vars. Defaulting to domain: $_cdomain" + _opengear_host="$_cdomain" + fi + if [ -z "$OPENGEAR_USER" ]; then + _debug "USER not found in ENV variables lets check for saved variables" + _getdeployconf OPENGEAR_USER + _opengear_user=$OPENGEAR_USER + if [ -z "$_opengear_user" ]; then + _err "No user found.. If this is the first time deploying please set OPENGEAR_USER in environment variables. Delete them after you have succesfully deployed certs." + return 1 + else + _debug "Using saved env variables." + fi + else + _debug "Detected ENV variables to be saved to the deploy conf." + _opengear_user="$OPENGEAR_USER" + # Encrypt and save user + _savedeployconf OPENGEAR_USER "$_opengear_user" 1 + _savedeployconf OPENGEAR_HOST "$_opengear_host" 1 + fi + _info "Deploying to $_opengear_host" + + _cmdstr="sudo echo -e \"set services.https.certificate =$(cat $_cfullchain | base64 -w0)\nset services.https.private_key =$(cat $_ckey | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli" + _info "will deploy new certificate" + if ! _ssh_remote_cmd "$_cmdstr"; then + return $_err_code + fi + + return $_err_code +} + + + +#cmd +_ssh_remote_cmd() { + _cmd="$1" + _secure_debug "Remote commands to execute: $_cmd" + _info "Submitting sequence of commands to remote server by ssh" + # quotations in bash cmd below intended. Squash travis spellcheck error + # shellcheck disable=SC2029 + _debug $Le_Deploy_ssh_cmd "$_opengear_user@$_opengear_host" sh -c "'$_cmd'" + $Le_Deploy_ssh_cmd "$_opengear_user@$_opengear_host" sh -c "'$_cmd'" + _err_code="$?" + + if [ "$_err_code" != "0" ]; then + _err "Error code $_err_code returned from ssh" + fi + + return $_err_code +} + From a6fe3fddf6e78cd3747dccbefa0e75c71e849035 Mon Sep 17 00:00:00 2001 From: Ola Thoresen Date: Wed, 7 Jun 2023 09:32:14 +0200 Subject: [PATCH 2/5] Fix Shellcheck --- deploy/opengear.sh | 10 +++------- 1 file changed, 3 insertions(+), 7 deletions(-) diff --git a/deploy/opengear.sh b/deploy/opengear.sh index 1b8202b6..54f40e93 100644 --- a/deploy/opengear.sh +++ b/deploy/opengear.sh @@ -35,10 +35,6 @@ opengear_deploy() { _debug _cfullchain "$_cfullchain" - Le_Deploy_og_keyfile="/tmp/$(basename $_ckey)" - Le_Deploy_og_fullchain="/tmp/$(basename $_cfullchain)" - - # OPENGEAR ENV VAR check if [ -z "$OPENGEAR_HOST" ]; then # HOST is not set in environment, check for saved variable @@ -68,13 +64,13 @@ opengear_deploy() { fi _info "Deploying to $_opengear_host" - _cmdstr="sudo echo -e \"set services.https.certificate =$(cat $_cfullchain | base64 -w0)\nset services.https.private_key =$(cat $_ckey | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli" + _cmdstr="sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli" _info "will deploy new certificate" if ! _ssh_remote_cmd "$_cmdstr"; then - return $_err_code + return "$_err_code" fi - return $_err_code + return "$_err_code" } From 7bc435f8c66550b3a6f8bcaa3637a5c66fd20171 Mon Sep 17 00:00:00 2001 From: Ola Thoresen Date: Wed, 7 Jun 2023 09:38:58 +0200 Subject: [PATCH 3/5] Clean up whitespace --- deploy/opengear.sh | 8 -------- 1 file changed, 8 deletions(-) diff --git a/deploy/opengear.sh b/deploy/opengear.sh index 54f40e93..3d502aef 100644 --- a/deploy/opengear.sh +++ b/deploy/opengear.sh @@ -4,7 +4,6 @@ #returns 0 means success, otherwise error. - # Note that SSH must be able to login to remote host without a password... # The user must have sudo-access without password # @@ -12,12 +11,9 @@ # test that you can login to USER@SERVER from the host running acme.sh before # using this script. - - # export OPENGEAR_USER="" # required # export OPENGEAR_HOST="om1234" # defaults to domain name - Le_Deploy_ssh_cmd="ssh" #domain keyfile certfile cafile fullchain @@ -34,7 +30,6 @@ opengear_deploy() { _debug _cca "$_cca" _debug _cfullchain "$_cfullchain" - # OPENGEAR ENV VAR check if [ -z "$OPENGEAR_HOST" ]; then # HOST is not set in environment, check for saved variable @@ -73,8 +68,6 @@ opengear_deploy() { return "$_err_code" } - - #cmd _ssh_remote_cmd() { _cmd="$1" @@ -92,4 +85,3 @@ _ssh_remote_cmd() { return $_err_code } - From acb7052bee65c43f3b22c0034e373259215575c1 Mon Sep 17 00:00:00 2001 From: Ola Thoresen Date: Tue, 28 Nov 2023 14:53:33 +0100 Subject: [PATCH 4/5] Also deploy to lighthouse - different path to ogconfig-cli --- deploy/opengear.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/deploy/opengear.sh b/deploy/opengear.sh index 3d502aef..15f96a1c 100644 --- a/deploy/opengear.sh +++ b/deploy/opengear.sh @@ -59,7 +59,8 @@ opengear_deploy() { fi _info "Deploying to $_opengear_host" - _cmdstr="sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli" + _cmdstr="sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/bin/ogconfig-cli || \ + sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli" _info "will deploy new certificate" if ! _ssh_remote_cmd "$_cmdstr"; then return "$_err_code" From dd413a914f9218f1c1616bbc3d841006b601e6ce Mon Sep 17 00:00:00 2001 From: Ola Thoresen Date: Tue, 28 Nov 2023 15:21:19 +0100 Subject: [PATCH 5/5] Fix shellcheck --- deploy/opengear.sh | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/deploy/opengear.sh b/deploy/opengear.sh index 15f96a1c..edb7307b 100644 --- a/deploy/opengear.sh +++ b/deploy/opengear.sh @@ -59,8 +59,8 @@ opengear_deploy() { fi _info "Deploying to $_opengear_host" - _cmdstr="sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/bin/ogconfig-cli || \ - sudo echo -e \"set services.https.certificate =$(cat "$_cfullchain" | base64 -w0)\nset services.https.private_key =$(cat "$_ckey" | base64 -w0)\npush\" | /usr/unsupported/bin/ogconfig-cli" + _cmdstr="sudo echo -e \"set services.https.certificate =$(base64 -w0 "$_cfullchain")\nset services.https.private_key =$(base64 -w0 "$_ckey")\npush\" | /usr/bin/ogconfig-cli || \ + sudo echo -e \"set services.https.certificate =$(base64 -w0 "$_cfullchain")\nset services.https.private_key =$(base64 -w0 "$_ckey")\npush\" | /usr/unsupported/bin/ogconfig-cli" _info "will deploy new certificate" if ! _ssh_remote_cmd "$_cmdstr"; then return "$_err_code"