99#
1010# Following environment variables must be set:
1111#
12- # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI"
12+ # export DEPLOY_TRUENAS_APIKEY="<API_KEY_GENERATED_IN_THE_WEB_UI> "
1313#
1414# The following environmental variables may be set if you don't like their
1515# default values:
@@ -64,6 +64,20 @@ truenas_deploy() {
6464 _response=$( _get " $_api_url /system/state" )
6565 _info " TrueNAS system state: $_response ."
6666
67+ _info " Getting TrueNAS version"
68+ _response=$( _get " $_api_url /system/version" )
69+
70+ if echo " $_response " | grep -q " SCALE" ; then
71+ _truenas_os=$( echo " $_response " | cut -d ' -' )
72+ _truenas_version=$( echo " $_response " | cut -d ' -' | tr -d ' "' | cut -d ' .' )
73+ else
74+ _truenas_os=" unknown"
75+ _truenas_version=" unknown"
76+ fi
77+
78+ _info " Detected TrueNAS system os: $_truenas_os "
79+ _info " Detected TrueNAS system version: $_truenas_version "
80+
6781 if [ -z " $_response " ; then
6882 _err " Unable to authenticate to $_api_url ."
6983 _err ' Check your connection settings are correct, e.g.'
@@ -115,27 +129,106 @@ truenas_deploy() {
115129
116130 _debug3 _activate_result " $_activate_result "
117131
118- _info " Checking if WebDAV certificate is the same as the TrueNAS web UI"
119- _webdav_list=$( _get " $_api_url /webdav" )
120- _webdav_cert_id=$( echo " $_webdav_list " | grep ' "certssl":' | tr -d -- ' "certsl: ,' )
121-
122- if [ " $_webdav_cert_id " = " $_active_cert_id " ; then
123- _info " Updating the WebDAV certificate"
124- _debug _webdav_cert_id " $_webdav_cert_id "
125- _webdav_data=" {\" certssl\" : \" ${_cert_id} \" }"
126- _activate_webdav_cert=" $( _post " $_webdav_data " " $_api_url /webdav" " " " PUT" " application/json" ) "
127- _webdav_new_cert_id=$( echo " $_activate_webdav_cert " | _json_decode | grep ' "certssl":' | sed -n ' s/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p' )
128- if [ " $_webdav_new_cert_id " -eq " $_cert_id " ; then
129- _info " WebDAV certificate updated successfully"
130- else
131- _err " Unable to set WebDAV certificate"
132- _debug3 _activate_webdav_cert " $_activate_webdav_cert "
132+ _truenas_version_23_10=" 23.10"
133+ _truenas_version_24_10=" 24.10"
134+
135+ _check_version=$( printf " %s\n%s" " $_truenas_version_23_10 " " $_truenas_version " | sort -V | head -n 1)
136+ if [ " $_truenas_os " != " SCALE" || [ " $_check_version " != " $_truenas_version_23_10 " ; then
137+ _info " Checking if WebDAV certificate is the same as the TrueNAS web UI"
138+ _webdav_list=$( _get " $_api_url /webdav" )
139+ _webdav_cert_id=$( echo " $_webdav_list " | grep ' "certssl":' | tr -d -- ' "certsl: ,' )
140+
141+ if [ " $_webdav_cert_id " = " $_active_cert_id " ; then
142+ _info " Updating the WebDAV certificate"
143+ _debug _webdav_cert_id " $_webdav_cert_id "
144+ _webdav_data=" {\" certssl\" : \" ${_cert_id} \" }"
145+ _activate_webdav_cert=" $( _post " $_webdav_data " " $_api_url /webdav" " " " PUT" " application/json" ) "
146+ _webdav_new_cert_id=$( echo " $_activate_webdav_cert " | _json_decode | grep ' "certssl":' | sed -n ' s/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p' )
147+ if [ " $_webdav_new_cert_id " -eq " $_cert_id " ; then
148+ _info " WebDAV certificate updated successfully"
149+ else
150+ _err " Unable to set WebDAV certificate"
151+ _debug3 _activate_webdav_cert " $_activate_webdav_cert "
152+ _debug3 _webdav_new_cert_id " $_webdav_new_cert_id "
153+ return 1
154+ fi
133155 _debug3 _webdav_new_cert_id " $_webdav_new_cert_id "
134- return 1
156+ else
157+ _info " WebDAV certificate is not configured or is not the same as TrueNAS web UI"
158+ fi
159+
160+ _info " Checking if S3 certificate is the same as the TrueNAS web UI"
161+ _s3_list=$( _get " $_api_url /s3" )
162+ _s3_cert_id=$( echo " $_s3_list " | grep ' "certificate":' | tr -d -- ' "certifa:_ ,' )
163+
164+ if [ " $_s3_cert_id " = " $_active_cert_id " ; then
165+ _info " Updating the S3 certificate"
166+ _debug _s3_cert_id " $_s3_cert_id "
167+ _s3_data=" {\" certificate\" : \" ${_cert_id} \" }"
168+ _activate_s3_cert=" $( _post " $_s3_data " " $_api_url /s3" " " " PUT" " application/json" ) "
169+ _s3_new_cert_id=$( echo " $_activate_s3_cert " | _json_decode | grep ' "certificate":' | sed -n ' s/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p' )
170+ if [ " $_s3_new_cert_id " -eq " $_cert_id " ; then
171+ _info " S3 certificate updated successfully"
172+ else
173+ _err " Unable to set S3 certificate"
174+ _debug3 _activate_s3_cert " $_activate_s3_cert "
175+ _debug3 _s3_new_cert_id " $_s3_new_cert_id "
176+ return 1
177+ fi
178+ _debug3 _activate_s3_cert " $_activate_s3_cert "
179+ else
180+ _info " S3 certificate is not configured or is not the same as TrueNAS web UI"
181+ fi
182+ fi
183+
184+ if [ " $_truenas_os " = " SCALE" ; then
185+ _check_version=$( printf " %s\n%s" " $_truenas_version_24_10 " " $_truenas_version " | sort -V | head -n 1)
186+ if [ " $_check_version " != " $_truenas_version_24_10 " ; then
187+ _info " Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required"
188+ if _exists jq; then
189+ _info " Query all chart release"
190+ _release_list=$( _get " $_api_url /chart/release" )
191+ _related_name_list=$( printf " %s" " $_release_list " | jq -r " [.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id ) | .name ] | unique" )
192+ _release_length=$( printf " %s" " $_related_name_list " | jq -r " length" )
193+ _info " Found $_release_length related chart release in list: $_related_name_list "
194+ for i in $( seq 0 $(( _release_length - 1 )) ) ; do
195+ _release_name=$( echo " $_related_name_list " | jq -r " .[$i ]" )
196+ _info " Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name "
197+ # Read the chart release configuration
198+ _chart_config=$( printf " %s" " $_release_list " | jq -r " .[] | select(.name==\" $_release_name \" )" )
199+ # Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress
200+ _updated_chart_config=$( printf " %s" " $_chart_config " | jq " (.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id ) | .scaleCert ) |= $_cert_id | .config.ingress " )
201+ _update_chart_result=" $( _post " {\" values\" : { \" ingress\" : $_updated_chart_config } }" " $_api_url /chart/release/id/$_release_name " " " " PUT" " application/json" ) "
202+ _debug3 _update_chart_result " $_update_chart_result "
203+ done
204+ else
205+ _info " Tool 'jq' does not exists, skip chart release checking"
206+ fi
207+ else
208+ _info " Checking if any app is using the same certificate as TrueNAS web UI. Tool 'jq' is required"
209+ if _exists jq; then
210+ _info " Query all apps"
211+ _app_list=$( _get " $_api_url /app" )
212+ _app_id_list=$( printf " %s" " $_app_list " | jq -r ' .[].name' )
213+ _app_length=$( echo " $_app_id_list " | wc -l)
214+ _info " Found $_app_length apps"
215+ _info " Checking for each app if an update is needed"
216+ for i in $( seq 1 " $_app_length " ) ; do
217+ _app_id=$( echo " $_app_id_list " | sed -n " ${i} p" )
218+ _app_config=" $( _post " \" $_app_id \" " " $_api_url /app/config" " " " POST" " application/json" ) "
219+ # Check if the app use the same certificate TrueNAS web UI
220+ _app_active_cert_config=$( echo " $_app_config " | _json_decode | jq -r " .ix_certificates[\" $_active_cert_id \" ]" )
221+ if [ " $_app_active_cert_config " != " null" ; then
222+ _info " Updating certificate from $_active_cert_id to $_cert_id for app: $_app_id "
223+ # Replace the old certificate id with the new one in path
224+ _update_app_result=" $( _post " {\" values\" : { \" network\" : { \" certificate_id\" : $_cert_id } } }" " $_api_url /app/id/$_app_id " " " " PUT" " application/json" ) "
225+ _debug3 _update_app_result " $_update_app_result "
226+ fi
227+ done
228+ else
229+ _info " Tool 'jq' does not exists, skip app checking"
230+ fi
135231 fi
136- _debug3 _webdav_new_cert_id " $_webdav_new_cert_id "
137- else
138- _info " WebDAV certificate is not configured or is not the same as TrueNAS web UI"
139232 fi
140233
141234 _info " Checking if FTP certificate is the same as the TrueNAS web UI"
@@ -161,50 +254,6 @@ truenas_deploy() {
161254 _info " FTP certificate is not configured or is not the same as TrueNAS web UI"
162255 fi
163256
164- _info " Checking if S3 certificate is the same as the TrueNAS web UI"
165- _s3_list=$( _get " $_api_url /s3" )
166- _s3_cert_id=$( echo " $_s3_list " | grep ' "certificate":' | tr -d -- ' "certifa:_ ,' )
167-
168- if [ " $_s3_cert_id " = " $_active_cert_id " ; then
169- _info " Updating the S3 certificate"
170- _debug _s3_cert_id " $_s3_cert_id "
171- _s3_data=" {\" certificate\" : \" ${_cert_id} \" }"
172- _activate_s3_cert=" $( _post " $_s3_data " " $_api_url /s3" " " " PUT" " application/json" ) "
173- _s3_new_cert_id=$( echo " $_activate_s3_cert " | _json_decode | grep ' "certificate":' | sed -n ' s/.*: \([0-9]\{1,\}\),\{0,1\}$/\1/p' )
174- if [ " $_s3_new_cert_id " -eq " $_cert_id " ; then
175- _info " S3 certificate updated successfully"
176- else
177- _err " Unable to set S3 certificate"
178- _debug3 _activate_s3_cert " $_activate_s3_cert "
179- _debug3 _s3_new_cert_id " $_s3_new_cert_id "
180- return 1
181- fi
182- _debug3 _activate_s3_cert " $_activate_s3_cert "
183- else
184- _info " S3 certificate is not configured or is not the same as TrueNAS web UI"
185- fi
186-
187- _info " Checking if any chart release Apps is using the same certificate as TrueNAS web UI. Tool 'jq' is required"
188- if _exists jq; then
189- _info " Query all chart release"
190- _release_list=$( _get " $_api_url /chart/release" )
191- _related_name_list=$( printf " %s" " $_release_list " | jq -r " [.[] | {name,certId: .config.ingress?.main.tls[]?.scaleCert} | select(.certId==$_active_cert_id ) | .name ] | unique" )
192- _release_length=$( printf " %s" " $_related_name_list " | jq -r " length" )
193- _info " Found $_release_length related chart release in list: $_related_name_list "
194- for i in $( seq 0 $(( _release_length - 1 )) ) ; do
195- _release_name=$( echo " $_related_name_list " | jq -r " .[$i ]" )
196- _info " Updating certificate from $_active_cert_id to $_cert_id for chart release: $_release_name "
197- # Read the chart release configuration
198- _chart_config=$( printf " %s" " $_release_list " | jq -r " .[] | select(.name==\" $_release_name \" )" )
199- # Replace the old certificate id with the new one in path .config.ingress.main.tls[].scaleCert. Then update .config.ingress
200- _updated_chart_config=$( printf " %s" " $_chart_config " | jq " (.config.ingress?.main.tls[]? | select(.scaleCert==$_active_cert_id ) | .scaleCert ) |= $_cert_id | .config.ingress " )
201- _update_chart_result=" $( _post " {\" values\" : { \" ingress\" : $_updated_chart_config } }" " $_api_url /chart/release/id/$_release_name " " " " PUT" " application/json" ) "
202- _debug3 _update_chart_result " $_update_chart_result "
203- done
204- else
205- _info " Tool 'jq' does not exists, skip chart release checking"
206- fi
207-
208257 _info " Deleting old certificate"
209258 _delete_result=" $( _post " " " $_api_url /certificate/id/$_active_cert_id " " " " DELETE" " application/json" ) "
210259
0 commit comments