diff --git a/docker-compose.yml b/docker-compose.yml index b20c641..498706a 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -144,10 +144,22 @@ services: image: docker.io/library/httpd:2.4.57-alpine3.17 volumes: - ./sztp/images:/usr/local/apache2/htdocs + - ./sztp/generated-server/my_cert.pem:/usr/local/apache2/conf/server.crt + - ./sztp/generated-server/private_key.pem:/usr/local/apache2/conf/server.key ports: - - 80:80 + - 443:443 networks: - opi + entrypoint: /bin/ash + command: | + -x -e -c ' + sed -i \ + -e "s/^#\(Include .*httpd-ssl.conf\)/\1/" \ + -e "s/^#\(LoadModule .*mod_ssl.so\)/\1/" \ + -e "s/^#\(LoadModule .*mod_socache_shmcb.so\)/\1/" \ + conf/httpd.conf + httpd-foreground + ' jaeger: image: jaegertracing/all-in-one:1.53.0 diff --git a/sztp/generate.sh b/sztp/generate.sh index 41fc800..edd60b1 100755 --- a/sztp/generate.sh +++ b/sztp/generate.sh @@ -42,6 +42,7 @@ diff template.json generated_config.json || true echo ================================== echo "Now COPY client files to the remote clients:" echo scp ./generated-client/opi*.pem root@172.22.3.2:/mnt/ +echo curl -X POST --data @/tmp/input.json -H "Content-Type:application/yang-data+json" --user nvidia-serial-number:my-secret --key /mnt/opi_private_key.pem --cert /mnt/opi_cert.pem --cacert /mnt/opi.pem https://bootstrap:8080/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data echo ================================== # server diff --git a/sztp/key.sh b/sztp/key.sh index 1f1524c..466a47b 100755 --- a/sztp/key.sh +++ b/sztp/key.sh @@ -25,10 +25,12 @@ popd # copy locally for server rm -rf ./generated-server mkdir -p ./generated-server +cp ${MYTMPDIR}/sztpd-simulator/pki/sztpd1/sbi/end-entity/*.pem ./generated-server/ cp ${MYTMPDIR}/sztpd-simulator/pki/sztpd1/sbi/end-entity/private_key.der ./generated-server/ cp ${MYTMPDIR}/sztpd-simulator/pki/sztpd1/sbi/end-entity/public_key.der ./generated-server/ cp ${MYTMPDIR}/sztpd-simulator/cert_chain.cms ./generated-server/ cp ${MYTMPDIR}/sztpd-simulator/ta_cert_chain.cms ./generated-server/ +chmod -R a+r ./generated-server # copy remotely for clients rm -rf ./generated-client @@ -36,6 +38,7 @@ mkdir -p ./generated-client cp ${MYTMPDIR}/sztpd-simulator/opi.pem ./generated-client/opi.pem cp ${MYTMPDIR}/sztpd-simulator/pki/client/end-entity/my_cert.pem ./generated-client/opi_cert.pem cp ${MYTMPDIR}/sztpd-simulator/pki/client/end-entity/private_key.pem ./generated-client/opi_private_key.pem +chmod -R a+r ./generated-client echo ================================== echo "Now COPY client files to the remote clients:" diff --git a/sztp/template.json b/sztp/template.json index 130276c..e88506d 100644 --- a/sztp/template.json +++ b/sztp/template.json @@ -189,8 +189,8 @@ { "name": "nvidia-boot-image.img", "download-uri": [ - "http://web:80/nvidia-boot-image.img", - "ftp://web:82/nvidia-boot-image.img" + "https://web:443/nvidia-boot-image.img", + "ftps://web:990/nvidia-boot-image.img" ], "image-verification": [ { @@ -202,8 +202,8 @@ { "name": "intel-boot-image.img", "download-uri": [ - "http://web:80/nvidia-boot-image.img", - "ftp://web:82/nvidia-boot-image.img" + "https://web:443/nvidia-boot-image.img", + "ftps://web:990/nvidia-boot-image.img" ], "image-verification": [ { @@ -215,8 +215,8 @@ { "name": "marvell-boot-image.img", "download-uri": [ - "http://web:80/marvell-boot-image.img", - "ftp://web:82/marvell-boot-image.img" + "https://web:443/marvell-boot-image.img", + "ftps://web:990/marvell-boot-image.img" ], "image-verification": [ { @@ -228,8 +228,8 @@ { "name": "amd-boot-image.img", "download-uri": [ - "http://web:80/amd-boot-image.img", - "ftp://web:82/amd-boot-image.img" + "https://web:443/amd-boot-image.img", + "ftps://web:990/amd-boot-image.img" ], "image-verification": [ {