Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

change to routeros native script rather than bash multiline commands #2292

Merged
merged 3 commits into from Jun 19, 2019

Conversation

Projects
None yet
2 participants
@cngarrison
Copy link

commented May 25, 2019

I was unable to deploy to RouterOS device due to use of bash in the ssh command. Since RouterOS will only run a single command with each ssh command, a different solution is needed for multi-line commands. This PR uses native RouterOS script instead of bash.

The same RouterOS commands are used to deploy the cert, but the commands are used as source for a RouterOS script which is added via a ssh command. Two subsequent commands run the new script, and then delete the script.

I made a minor change to the /certificate remove command so that it's more robust if the certs don't already exist. (Uses the [ find ... ] syntax rather than hard-coded cert names.)

Charlie Garrison added some commits May 25, 2019

@Neilpang

This comment has been minimized.

Copy link
Owner

commented Jun 2, 2019

please fix the CI errors first.

@cngarrison

This comment has been minimized.

Copy link
Author

commented Jun 3, 2019

I had to read up on shfmt; this one should pass CI. I'll check the test results when done.

@Neilpang

This comment has been minimized.

Copy link
Owner

commented Jun 16, 2019

can you confirm the latest changes works as expected?

@cngarrison

This comment has been minimized.

Copy link
Author

commented Jun 16, 2019

Yes, it works as expected.

Specifically, I tested with the following commands:

export ROUTER_OS_USERNAME=charlie 
export ROUTER_OS_HOST=router.garrison.com.au 
export ROUTER_OS_ADDITIONAL_SERVICES="/ip service set api-ssl certificate=router.garrison.com.au.cer_0"
acme.sh --deploy -d router.garrison.com.au --deploy-hook routeros  --debug

The deploy command printed output (with debug enabled):

[Mon 17 Jun 2019 09:33:39 AEST] Lets find script dir.
[Mon 17 Jun 2019 09:33:39 AEST] _SCRIPT_='/Users/charlie/.acme.sh/acme.sh'
[Mon 17 Jun 2019 09:33:39 AEST] _script='/Users/charlie/.acme.sh/acme.sh'
[Mon 17 Jun 2019 09:33:39 AEST] _script_home='/Users/charlie/.acme.sh'
[Mon 17 Jun 2019 09:33:39 AEST] Using config home:/Users/charlie/.acme.sh
https://github.com/Neilpang/acme.sh
v2.8.2
[Mon 17 Jun 2019 09:33:39 AEST] Using config home:/Users/charlie/.acme.sh
[Mon 17 Jun 2019 09:33:39 AEST] ACME_DIRECTORY='https://acme-v02.api.letsencrypt.org/directory'
[Mon 17 Jun 2019 09:33:39 AEST] DOMAIN_PATH='/Users/charlie/.acme.sh/router.garrison.com.au'
[Mon 17 Jun 2019 09:33:39 AEST] _deployApi='/Users/charlie/.acme.sh/deploy/routeros.sh'
[Mon 17 Jun 2019 09:33:39 AEST] _cdomain='router.garrison.com.au'
[Mon 17 Jun 2019 09:33:39 AEST] _ckey='/Users/charlie/.acme.sh/router.garrison.com.au/router.garrison.com.au.key'
[Mon 17 Jun 2019 09:33:39 AEST] _ccert='/Users/charlie/.acme.sh/router.garrison.com.au/router.garrison.com.au.cer'
[Mon 17 Jun 2019 09:33:39 AEST] _cca='/Users/charlie/.acme.sh/router.garrison.com.au/ca.cer'
[Mon 17 Jun 2019 09:33:39 AEST] _cfullchain='/Users/charlie/.acme.sh/router.garrison.com.au/fullchain.cer'
[Mon 17 Jun 2019 09:33:39 AEST] Trying to push key '/Users/charlie/.acme.sh/router.garrison.com.au/router.garrison.com.au.key' to router
router.garrison.com.au.key                                                                                                                                                                                                                                            100% 1675   774.5KB/s   00:00
[Mon 17 Jun 2019 09:33:40 AEST] Trying to push cert '/Users/charlie/.acme.sh/router.garrison.com.au/fullchain.cer' to router
fullchain.cer                                                                                                                                                                                                                                                         100% 3575     1.8MB/s   00:00
[Mon 17 Jun 2019 09:33:43 AEST] Success

I confirmed the correct cert is installed:

$ openssl s_client -showcerts -connect router.garrison.com.au:443 2>/dev/null | openssl x509 -noout -dates
notBefore=May 25 14:22:29 2019 GMT
notAfter=Aug 23 14:22:29 2019 GMT

And

$ openssl s_client -showcerts -connect router.garrison.com.au:443 2>/dev/null | openssl x509 -noout -subject -issuer
subject= /CN=router.garrison.com.au
issuer= /C=US/O=Let's Encrypt/CN=Let's Encrypt Authority X3

During testing, I also manually ran the contents of the RouterOS script to confirm each command is successful.

Is there any further testing you would like done?

-cng

@Neilpang

This comment has been minimized.

Copy link
Owner

commented Jun 17, 2019

I know it's a deploy hook, please create an issue for reporting future bugs.
example:
https://github.com/Neilpang/acme.sh/wiki/DNS-API-Dev-Guide#10-please-create-a-new-issue-for-future-bugs

@cngarrison

This comment has been minimized.

Copy link
Author

commented Jun 18, 2019

Issue is created: #2344

I have subscribed to notifications.

@Neilpang Neilpang merged commit 06f860c into Neilpang:dev Jun 19, 2019

1 check passed

continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.