fix(sztp): switch web to https

Fixes #24

Signed-off-by: Boris Glimcher <[email protected]>

docker-compose.yml

@@ -144,10 +144,22 @@ services:
     image: docker.io/library/httpd:2.4.57-alpine3.17
     volumes:
       - ./sztp/images:/usr/local/apache2/htdocs
+      - ./sztp/generated-server/my_cert.pem:/usr/local/apache2/conf/server.crt
+      - ./sztp/generated-server/private_key.pem:/usr/local/apache2/conf/server.key
     ports:
-      - 80:80
+      - 443:443
     networks:
       - opi
+    entrypoint: /bin/ash
+    command: |
+        -x -e -c '
+        sed -i \
+        -e "s/^#\(Include .*httpd-ssl.conf\)/\1/" \
+        -e "s/^#\(LoadModule .*mod_ssl.so\)/\1/" \
+        -e "s/^#\(LoadModule .*mod_socache_shmcb.so\)/\1/" \
+        conf/httpd.conf
+        httpd-foreground
+        '
 
   jaeger:
     image: jaegertracing/all-in-one:1.53.0

sztp/generate.sh

@@ -42,6 +42,7 @@ diff template.json generated_config.json || true
 echo ==================================
 echo "Now COPY client files to the remote clients:"
 echo scp ./generated-client/opi*.pem [email protected]:/mnt/
+echo curl -X POST --data @/tmp/input.json -H "Content-Type:application/yang-data+json" --user nvidia-serial-number:my-secret --key /mnt/opi_private_key.pem --cert /mnt/opi_cert.pem --cacert /mnt/opi.pem https://bootstrap:8080/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data
 echo ==================================
 
 # server

sztp/key.sh

@@ -25,17 +25,20 @@ popd
 # copy locally for server
 rm -rf ./generated-server
 mkdir -p ./generated-server
+cp ${MYTMPDIR}/sztpd-simulator/pki/sztpd1/sbi/end-entity/*.pem ./generated-server/
 cp ${MYTMPDIR}/sztpd-simulator/pki/sztpd1/sbi/end-entity/private_key.der ./generated-server/
 cp ${MYTMPDIR}/sztpd-simulator/pki/sztpd1/sbi/end-entity/public_key.der ./generated-server/
 cp ${MYTMPDIR}/sztpd-simulator/cert_chain.cms ./generated-server/
 cp ${MYTMPDIR}/sztpd-simulator/ta_cert_chain.cms ./generated-server/
+chmod -R a+r ./generated-server
 
 # copy remotely for clients
 rm -rf ./generated-client
 mkdir -p ./generated-client
 cp ${MYTMPDIR}/sztpd-simulator/opi.pem ./generated-client/opi.pem
 cp ${MYTMPDIR}/sztpd-simulator/pki/client/end-entity/my_cert.pem ./generated-client/opi_cert.pem
 cp ${MYTMPDIR}/sztpd-simulator/pki/client/end-entity/private_key.pem ./generated-client/opi_private_key.pem
+chmod -R a+r ./generated-client
 
 echo ==================================
 echo "Now COPY client files to the remote clients:"

sztp/template.json

@@ -189,8 +189,8 @@
       {
         "name": "nvidia-boot-image.img",
         "download-uri": [
-          "http://web:80/nvidia-boot-image.img",
-          "ftp://web:82/nvidia-boot-image.img"
+          "https://web:443/nvidia-boot-image.img",
+          "ftps://web:990/nvidia-boot-image.img"
         ],
         "image-verification": [
           {
@@ -202,8 +202,8 @@
       {
         "name": "intel-boot-image.img",
         "download-uri": [
-          "http://web:80/nvidia-boot-image.img",
-          "ftp://web:82/nvidia-boot-image.img"
+          "https://web:443/nvidia-boot-image.img",
+          "ftps://web:990/nvidia-boot-image.img"
         ],
         "image-verification": [
           {
@@ -215,8 +215,8 @@
       {
         "name": "marvell-boot-image.img",
         "download-uri": [
-          "http://web:80/marvell-boot-image.img",
-          "ftp://web:82/marvell-boot-image.img"
+          "https://web:443/marvell-boot-image.img",
+          "ftps://web:990/marvell-boot-image.img"
         ],
         "image-verification": [
           {
@@ -228,8 +228,8 @@
       {
         "name": "amd-boot-image.img",
         "download-uri": [
-          "http://web:80/amd-boot-image.img",
-          "ftp://web:82/amd-boot-image.img"
+          "https://web:443/amd-boot-image.img",
+          "ftps://web:990/amd-boot-image.img"
         ],
         "image-verification": [
           {