@@ -52,6 +52,39 @@ _ws_call() {
5252 return 0
5353}
5454
55+ # Upload certificate with webclient api
56+ _ws_upload_cert () {
57+
58+ /usr/bin/env python - << EOF
59+
60+ import sys
61+
62+ from truenas_api_client import Client
63+ with Client() as c:
64+
65+ ### Login with API key
66+ print("I:Trying to upload new certificate...")
67+ ret = c.call("auth.login_with_api_key", "${DEPLOY_TRUENAS_APIKEY} ")
68+ if ret:
69+ ### upload certificate
70+ with open('$1 ', 'r') as file:
71+ fullchain = file.read()
72+ with open('$2 ', 'r') as file:
73+ privatekey = file.read()
74+ ret = c.call("certificate.create", {"name": "$3 ", "create_type": "CERTIFICATE_CREATE_IMPORTED", "certificate": fullchain, "privatekey": privatekey, "passphrase": ""}, job=True)
75+ print("R:" + str(ret["id"]))
76+ sys.exit(0)
77+ else:
78+ print("R:0")
79+ print("E:_ws_upload_cert error!")
80+ sys.exit(7)
81+
82+ EOF
83+
84+ return $?
85+
86+ }
87+
5588# Check argument is a number
5689# Usage:
5790#
@@ -129,7 +162,6 @@ _ws_get_job_result() {
129162# 5: WebUI cert error
130163# 6: Job error
131164# 7: WS call error
132- # 10: No CORE or SCALE detected
133165#
134166truenas_ws_deploy () {
135167 _domain=" $1 "
@@ -179,14 +211,8 @@ truenas_ws_deploy() {
179211
180212 _info " Gather system info..."
181213 _ws_response=$( _ws_call " system.info" )
182- _truenas_system=$( printf " %s" " $_ws_response " | jq -r ' ."version"' | cut -d ' -' | tr ' [:lower:]' ' [:upper:]' )
183- _truenas_version=$( printf " %s" " $_ws_response " | jq -r ' ."version"' | cut -d ' -' )
184- _info " TrueNAS system: $_truenas_system "
214+ _truenas_version=$( printf " %s" " $_ws_response " | jq -r ' ."version"' )
185215 _info " TrueNAS version: $_truenas_version "
186- if [ " $_truenas_system " != " SCALE" && [ " $_truenas_system " != " CORE" ; then
187- _err " Cannot gather TrueNAS system. Nor CORE oder SCALE detected."
188- return 10
189- fi
190216
191217 # ######### Gather current certificate
192218
@@ -203,19 +229,26 @@ truenas_ws_deploy() {
203229 _certname=" acme_$( _utc_date | tr -d ' \-\:' | tr ' ' ' _' ) "
204230 _info " New WebUI certificate name: $_certname "
205231 _debug _certname " $_certname "
206- _ws_jobid=$( _ws_call " certificate.create" " {\" name\" : \" ${_certname} \" , \" create_type\" : \" CERTIFICATE_CREATE_IMPORTED\" , \" certificate\" : \" $( _json_encode < " $_file_fullchain " ) \" , \" privatekey\" : \" $( _json_encode < " $_file_key " ) \" , \" passphrase\" : \"\" }" )
207- _debug " _ws_jobid" " $_ws_jobid "
208- if ! _ws_check_jobid " $_ws_jobid " ; then
209- _err " No JobID returned from websocket method."
210- return 3
211- fi
212- _ws_result=$( _ws_get_job_result " $_ws_jobid " )
213- _ws_ret=$?
214- if [ $_ws_ret -gt 0 ]; then
215- return $_ws_ret
216- fi
217- _debug " _ws_result" " $_ws_result "
218- _new_certid=$( printf " %s" " $_ws_result " | jq -r ' ."id"' )
232+ _ws_out=$( _ws_upload_cert " $_file_fullchain " " $_file_key " " $_certname " )
233+
234+ echo " $_ws_out " | while IFS= read -r LINE; do
235+ case " $LINE " in
236+ I:* )
237+ _info " ${LINE# I: } "
238+ ;;
239+ D:* )
240+ _debug " ${LINE# D: } "
241+ ;;
242+ E* )
243+ _err " ${LINE# E: } "
244+ ;;
245+ * ) ;;
246+
247+ esac
248+ done
249+
250+ _new_certid=$( echo " $_ws_out " | grep ' R:' | cut -d ' :' )
251+
219252 _info " New certificate ID: $_new_certid "
220253
221254 # ######### FTP
@@ -231,33 +264,31 @@ truenas_ws_deploy() {
231264
232265 # ######### ix Apps (SCALE only)
233266
234- if [ " $_truenas_system " = " SCALE" ; then
235- _info " Replace app certificates..."
236- _ws_response=$( _ws_call " app.query" )
237- for _app_name in $( printf " %s" " $_ws_response " | jq -r ' .[]."name"' ) ; do
238- _info " Checking app $_app_name ..."
239- _ws_response=$( _ws_call " app.config" " $_app_name " )
240- if [ " $( printf " %s" " $_ws_response " | jq -r ' ."network" | has("certificate_id")' ) " = " true" ; then
241- _info " App has certificate option, setup new certificate..."
242- _info " App will be redeployed after updating the certificate."
243- _ws_jobid=$( _ws_call " app.update" " $_app_name " " {\" values\" : {\" network\" : {\" certificate_id\" : $_new_certid }}}" )
244- _debug " _ws_jobid" " $_ws_jobid "
245- if ! _ws_check_jobid " $_ws_jobid " ; then
246- _err " No JobID returned from websocket method."
247- return 3
248- fi
249- _ws_result=$( _ws_get_job_result " $_ws_jobid " )
250- _ws_ret=$?
251- if [ $_ws_ret -gt 0 ]; then
252- return $_ws_ret
253- fi
254- _debug " _ws_result" " $_ws_result "
255- _info " App certificate replaced."
256- else
257- _info " App has no certificate option, skipping..."
267+ _info " Replace app certificates..."
268+ _ws_response=$( _ws_call " app.query" )
269+ for _app_name in $( printf " %s" " $_ws_response " | jq -r ' .[]."name"' ) ; do
270+ _info " Checking app $_app_name ..."
271+ _ws_response=$( _ws_call " app.config" " $_app_name " )
272+ if [ " $( printf " %s" " $_ws_response " | jq -r ' ."network" | has("certificate_id")' ) " = " true" ; then
273+ _info " App has certificate option, setup new certificate..."
274+ _info " App will be redeployed after updating the certificate."
275+ _ws_jobid=$( _ws_call " app.update" " $_app_name " " {\" values\" : {\" network\" : {\" certificate_id\" : $_new_certid }}}" )
276+ _debug " _ws_jobid" " $_ws_jobid "
277+ if ! _ws_check_jobid " $_ws_jobid " ; then
278+ _err " No JobID returned from websocket method."
279+ return 3
258280 fi
259- done
260- fi
281+ _ws_result=$( _ws_get_job_result " $_ws_jobid " )
282+ _ws_ret=$?
283+ if [ $_ws_ret -gt 0 ]; then
284+ return $_ws_ret
285+ fi
286+ _debug " _ws_result" " $_ws_result "
287+ _info " App certificate replaced."
288+ else
289+ _info " App has no certificate option, skipping..."
290+ fi
291+ done
261292
262293 # ######### WebUI
263294
0 commit comments