robbat2 · November 11, 2021 23:06
diff --git a/upload-cert-ogconfig.sh b/upload-cert-ogconfig.sh
 #!/bin/bash
 # This is a helper hack for updating the certs on the new OpenGear "Operations Manager"
 # systems like OM2216.
 #
 # The script should be in the same directory as the key, cert & intermediate CA.
 # Copyright 2020 Gentoo Authors, [email protected]
 cd "$(dirname "$0")"
 HOSTNAME=$1
 DEST="root@${HOSTNAME}"
 SOCK=$(mktemp -p . ssh.XXXXXXXXX.sock )
 CHAIN=$(mktemp -p . "${HOSTNAME}.XXXXXX.crt-chain")
 COMMAND=$(mktemp -p . "${HOSTNAME}.XXXXXX.crt-command")
 rm -f "$SOCK" # make sure it does not exist so SSH creates it
 trap 'rm -f $SOCK $CHAIN $COMMAND' EXIT
 REMOTEKEY=/dev/shm/newkey
 REMOTECRT=/dev/shm/newcert
 REMOTECMD=/dev/shm/rekeycmd

 cat >"${COMMAND}" <<EOF
 set services.https.certificate file://${REMOTECRT}
 set services.https.private_key file://${REMOTEKEY}
 status
 push
 EOF

 cat ${HOSTNAME}.crt ${HOSTNAME}.ca >"${CHAIN}"

 _ssh_setup() {  
        ssh \   
                -4 \
                -n \
                -f \
                -N \
                -M \
                -o "ControlPath=${SOCK}" \
                -o ControlMaster=yes \
                -o ControlPersist=10 \
                -o ExitOnForwardFailure=yes \
                "${DEST}"
 }

 _ssh() {
        ssh -o "ControlPath=${SOCK}" -o BatchMode=yes -n -4 "$@"
 }

 _scp() {
        scp -o "ControlPath=${SOCK}" -o BatchMode=yes -4 "$@"
 }

 if ! _ssh_setup "${DEST}" ; then
        echo "Could not startup SSH session" 1>&2
        exit 1  
 fi

 set -x
 set -e
 _scp ${HOSTNAME}.key "${DEST}":${REMOTEKEY}
 _scp ${CHAIN} "${DEST}":${REMOTECRT}
 _scp "${COMMAND}" "${DEST}":"${REMOTECMD}"
 # OpenGear moved ogconfig-cli from /usr/bin/ to /usr/unsupported/bin/
 _ssh "${DEST}" "/usr/unsupported/bin/ogconfig-cli <${REMOTECMD}"
 _ssh "${DEST}" "/bin/rm -f ${REMOTEKEY} ${REMOTECRT} ${REMOTECMD}"
	#!/bin/bash
	# This is a helper hack for updating the certs on the new OpenGear "Operations Manager"
	# systems like OM2216.
	#
	# The script should be in the same directory as the key, cert & intermediate CA.
	# Copyright 2020 Gentoo Authors, [email protected]
	cd "$(dirname "$0")"
	HOSTNAME=$1
	DEST="root@${HOSTNAME}"
	SOCK=$(mktemp -p . ssh.XXXXXXXXX.sock )
	CHAIN=$(mktemp -p . "${HOSTNAME}.XXXXXX.crt-chain")
	COMMAND=$(mktemp -p . "${HOSTNAME}.XXXXXX.crt-command")
	rm -f "$SOCK" # make sure it does not exist so SSH creates it
	trap 'rm -f $SOCK $CHAIN $COMMAND' EXIT
	REMOTEKEY=/dev/shm/newkey
	REMOTECRT=/dev/shm/newcert
	REMOTECMD=/dev/shm/rekeycmd

	cat >"${COMMAND}" <<EOF
	set services.https.certificate file://${REMOTECRT}
	set services.https.private_key file://${REMOTEKEY}
	status
	push
	EOF

	cat ${HOSTNAME}.crt ${HOSTNAME}.ca >"${CHAIN}"

	_ssh_setup() {
	ssh \
	-4 \
	-n \
	-f \
	-N \
	-M \
	-o "ControlPath=${SOCK}" \
	-o ControlMaster=yes \
	-o ControlPersist=10 \
	-o ExitOnForwardFailure=yes \
	"${DEST}"
	}

	_ssh() {
	ssh -o "ControlPath=${SOCK}" -o BatchMode=yes -n -4 "$@"
	}

	_scp() {
	scp -o "ControlPath=${SOCK}" -o BatchMode=yes -4 "$@"
	}

	if ! _ssh_setup "${DEST}" ; then
	echo "Could not startup SSH session" 1>&2
	exit 1
	fi

	set -x
	set -e
	_scp ${HOSTNAME}.key "${DEST}":${REMOTEKEY}
	_scp ${CHAIN} "${DEST}":${REMOTECRT}
	_scp "${COMMAND}" "${DEST}":"${REMOTECMD}"
	# OpenGear moved ogconfig-cli from /usr/bin/ to /usr/unsupported/bin/
	_ssh "${DEST}" "/usr/unsupported/bin/ogconfig-cli <${REMOTECMD}"
	_ssh "${DEST}" "/bin/rm -f ${REMOTEKEY} ${REMOTECRT} ${REMOTECMD}"