Commit Graph

304 Commits

Author SHA1 Message Date
Brian Hartvigsen
99d3a283ef
Use POST for login
This allows us to get the cookie and the token (as it appears to be only in the body in DSM 7.)  HTTP_HEADERS is only guarenteed to be output with POST for both wget and curl.
2020-12-09 19:44:14 -07:00
neil
be067466fe
Merge pull request #3132 from jpbede/deploy-cleverreach
Add CleverReach Deploy API
2020-11-29 21:47:05 +08:00
Moritz H
ed01fd4edf uconv as fallback for iconv 2020-11-28 15:22:14 +01:00
neil
7530266330 remove dependency to md5 and awk 2020-11-09 20:14:22 +08:00
neil
97b87d4ce4
Merge pull request #3111 from pashinin/master
Vault deploy hook (using curl)
2020-11-02 22:37:43 +08:00
Sergey Pashinin
e203e98375
Use _savedeployconf 2020-11-02 16:46:09 +03:00
Sergey Pashinin
9fcd104065
Use _getdeployconf for env vars 2020-11-02 13:35:12 +03:00
Jan-Philipp Benecke
1db963361c
Rework based on review from Neilpang 2020-10-28 13:50:40 +01:00
Jan-Philipp Benecke
f7e12b629f
Update CleverReach REST Endpoint 2020-10-01 11:26:29 +02:00
Jan-Philipp Benecke
2a9c56d9e3
Formatting for CI 2020-08-28 11:30:23 +02:00
Jan-Philipp Benecke
39a5688464
Make CI happy 2020-08-28 11:28:06 +02:00
Jan-Philipp Benecke
e4e6173eff
CleverReach Deploy API 2020-08-28 11:21:20 +02:00
Sergey Pashinin
f511a52705
Using _post function 2020-08-24 00:05:21 +03:00
Sergey Pashinin
de692d3dcc
Vault deploy hook 2020-08-18 13:14:00 +03:00
neil
19c4345162 fix shfmt 2020-08-17 22:18:20 +08:00
Brian Hartvigsen
5f5096e1d4
Addressing issues found in DS218+ DSM
DS218+ appears to have a slighly different DSM that sends back headers in lowercase.

Reported by @BartSiwek in #2727
2020-07-25 21:56:18 -06:00
neil
7f33ae3bee
Merge pull request #3059 from andybotting/dev
Fix CI test failure for deploy/openstack.sh
2020-07-16 13:44:40 +08:00
neil
645135bf56
Merge pull request #3051 from szepeviktor/patch-2
Upgrade Travis image
2020-07-16 13:44:02 +08:00
Viktor Szépe
61613bee98
Fix SC2230 2020-07-16 06:13:15 +02:00
Andy Botting
3ce967d8e5 Fix CI test failure for deploy/openstack.sh 2020-07-16 13:53:21 +10:00
Andy Botting
9b23cd6d19 Add OpenStack Barbican deploy support
This provider relies on the the python-openstackclient and
python-designateclient tools be installed and working, with
either password or application credentials loaded in your env.
2020-07-16 09:59:40 +10:00
andrewheberle
01ebb6576d
Use base64 for reload
Ensure that reload command is encoded with base64 so special characters in command do not wreck config on renewals
2020-07-13 09:31:47 +08:00
Tony Gravagno
eca57beec1
Issue #2850 : grammar corrections for "exists" and "exist". 2020-06-29 11:29:10 -07:00
PM Extra
a78a09f594 Support multiple servers for SSH deployment. 2020-05-22 18:15:38 +08:00
neil
341f000b9c
Merge pull request #2947 from kref/patch-1
fix octal escapes for printf %b format
2020-05-19 13:45:42 +08:00
kref
0deea53931
fix octal escapes for printf %b format
Stop it from misinterpreting a following digit as part of the escape sequence
2020-05-19 13:27:00 +08:00
Brian Hartvigsen
694194be2f
Shellcheck fix
SYNO_Certificate gets set by _getdeployconf, so this may be an empty string but that's fine
2020-05-16 02:25:53 -06:00
Brian Hartvigsen
c7f61f8b80
Allow rotating the default certificate which has no description
This means, by default, we will rotate the default certificate that comes with the DSM
2020-05-16 02:02:23 -06:00
Brian Hartvigsen
3a7c7fe4e8
Fix shellcheck issues 2020-05-16 00:19:18 -06:00
Brian Hartvigsen
668967a719
If SYNO_Create is not set here, print the nice message 2020-05-16 00:05:35 -06:00
Brian Hartvigsen
d15c14ab93
Fix support for wget
I'm actually not entirely sure why/how this worked with curl but not wget, but it did.  The short answer is that using a GET does not result in the HTTP_HEADER file being written, instead you must pass in the http_headers param ($2) which will return the HTTP headers as a string.  Luckily, the Token is in both the body and the header.  We need it and the id (and smid if 2fa) cookie to proceed.  So now we parrse the response for that instead of the HTTP_HEADER file.

Interesting side note: wget is fine if the URL contains a \r or \n, but curl will barf on it.  So we need to make sure those are stripped from the token as it will be passed in the URL later.
2020-05-15 23:53:00 -06:00
Brian Hartvigsen
52b81608a1
need to _url_encode anything sent in GET requests
Fixes issue raised by @tatablack
2020-05-15 23:48:50 -06:00
Felix Bünemann
cf5952f508
fix haproxy deploy hook ocsp update
fixes ocsp reponse update failing with `Responder Error: unauthorized (6)`
by removing `-no_nonce` switch from `openssl oscp` command .
2020-05-02 22:14:21 +02:00
neil
b6fbb012ad
Merge pull request #2749 from dkerr64/ssh-deploy
Updates to ssh_deploy hook
2020-04-12 13:58:44 +08:00
ucando
6132af8ecb enable qiniu to deploy more than one domain 2020-03-26 14:59:23 +08:00
Brian Torres-Gil
0453d656d6 fix(deploy/panos): data format improvements
It was discovered in testing that PAN-OS < 9.0 has slightly different
requirements for the multipart/form-data format and requires the `type`
parameter to be passed in the URL. These corrections should work for all
PAN-OS versions.
2020-03-24 20:01:51 -07:00
dkerr64
f38df4df11 Make remote backup directory path user configurable. 2020-03-14 21:51:21 -04:00
dkerr64
554e083f3d For MULTI_CALL default to undefined, deleting entry in config file if set to "no" 2020-03-11 10:58:36 -04:00
Markus Lippert
fd64c20807 store device ID 2020-03-08 20:22:31 +01:00
Markus Lippert
80f1034dd6 add OTP support 2020-03-08 19:49:46 +01:00
dkerr64
8ba573d196 Change variable name to MULTI_CALL so default can be "no" 2020-03-03 13:40:33 -05:00
dkerr64
f73a494407 Remove spaces on blank line to fix travis error 2020-02-22 22:09:28 -05:00
dkerr64
46ee74ed16 Remove variable from info/error printout that could potentially expose login credentials. 2020-02-22 22:05:06 -05:00
dkerr64
806b746fc0 Fix bug where backup and batch_mode yes/no values could not be changed.
Once set to "no" then they could never be set back to "yes"
2020-02-22 21:23:59 -05:00
dkerr64
cc820e97c6 Add support for DEPLOY_SSH_BATCH_MODE with default of yes.
Before this update all remote commands were bunched together and
sent to the remote host in a single SSH command.  This could result
in a very long sequence of commands that might be rejected by a
remote host (example is VMware ESXi that uses busybox sh).
With this update you can set DEPLOY_SSH_BATCH_MODE="no" and
each remote command is sent as a separate SSH call so now we
do not have big long sequence of commands.  Defaults to same
behaviour as before this update.
2020-02-22 21:10:42 -05:00
dkerr64
283b04df73 Move cleanup of backup directory to first step in the function. 2020-02-22 20:43:28 -05:00
dkerr64
6420d1239f Move call to remote system into separate function 2020-02-22 20:31:52 -05:00
dkerr64
3d9608faa0 Move -T parameter into default ssh command variable 2020-02-22 20:09:24 -05:00
xpac1985
e184a1b9e6
haproxy deploy script now compatible with OpenSSL v1.1+
haproxy deploy script now compatible with OpenSSL v1.1+

The OpenSSL OCSP request for haproxy deployment breaks from OpenSSL v1.1.0 on.
The format of the `-header` option has been changed and does now contain a `=` instead of a whitespace.
Other projects have hit the same issue:
https://github.com/nghttp2/nghttp2/issues/742

This commit determines the OpenSSL/LibreSSL version and then adjusts the request accordingly.
Also removed the duplicate command line and added some more debug output.
2020-02-20 23:28:55 +01:00
neil
754f7a7891
Merge pull request #2614 from PaloAltoNetworks/deploy-panos
Adding abillity to deploy cert to Palo Alto Networks Firewall via API.
2020-02-15 20:46:59 +08:00