What is the simplest way to remotely trigger an app redeploy via API

ovalek · October 9, 2025, 10:08pm

In CI/CD pipelines I used to remotely restart my apps via now deprecated rest API:

curl --fail --silent -X "POST" -H "accept: application/json" \
            -H "Authorization: Bearer API_TOKEN" \
            -H "Content-Type: application/json" -d "\"appname\"" \
            "https://truenas.url/api/v2.0/app/redeploy" && \
    echo "Redeploy triggered OK"

JSON-RPC over WebSocket significantly complicates the process. I likely can’t use the ubiquitous cURL so I’ve turned to websocat. After several hours of struggling and revoking like five tokens, this approach seems to be working:

set -euo pipefail

out=$({
    echo "{\"id\":1,\"jsonrpc\":\"2.0\",\"method\":\"auth.login_with_api_key\",\"params\":[\"API_TOKEN\"]}"
    sleep 1
    echo '{"id":2,"jsonrpc":"2.0","method":"app.redeploy","params":["appname"]}'
    sleep 1
} | websocat --no-close -t -E "wss://truenas.url/api/current" )

echo "$out"

if grep -q '"result": true' <<<"$out" && grep -q '"id": 2' <<<"$out"; then
    echo "Redeploy triggered."
else
    echo "Redeploy failed!" >&2
    exit 1
fi

Is this truly the most trivial & lightweight way to remotely trigger an app redeploy on 25.04 with forward support?

bacon · October 10, 2025, 10:15am

That does look like the simplest solution that doesn’t require shipping the full python client. I don’t know how long it will work, it is a bit hacky.

The way I have done these things in the past is by using ssh. In the authorized_keys you can restrict clients to a single command only:

command="/mnt/tank/unix_homes/myser/post_deploy.sh",no-port-forwarding,no-X11-forwarding,no-agent-forwarding <pubkey details here>

You can use ssh inside the agent to execute a script on the truenas host. Inside the script (post_deploy.sh in the example above) you can use midclt commands as usual.

Nowadays I just use portainer webhooks.

ovalek · October 11, 2025, 8:44pm

Currently I have disabled ssh service, but this might work for me. It seems more straightforward to use either. However I have a bit of a problem with configuring ssh, since I don’t want my user configurations like ssh keys etc on storage pools, and truenas gui won’t let me configure home folder for user other than in /mnt. The thing is, I want my administrator users to be able to log in and do stuff even if storage pools are out. I could just configure home folders directly in /etc/passwd, but who knows if that would survive restart/updates etc.