-
Notifications
You must be signed in to change notification settings - Fork 14
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Signed-off-by: Boris Glimcher <[email protected]>
- Loading branch information
Showing
2 changed files
with
10 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -32,7 +32,7 @@ REDIRECT=$(docker-compose exec -T client cat /var/lib/dhclient/dhclient.leases | | |
| docker-compose exec -T bootstrap curl -i --user [email protected]:my-secret -H "Accept:application/yang-data+json" http://redirecter:7080/restconf/ds/ietf-datastores:running | ||
|
|
||
| # request onboarding info (like a DPU or IPU device would) and see it is redirect | ||
| docker-compose run -T opi-sztp-go-agent curl -X POST --data @/tmp/input.json -H "Content-Type:application/yang-data+json" --user my-serial-number:my-secret --key /private_key.pem --cert /my_cert.pem --cacert /opi.pem "${REDIRECT}" | tee /tmp/post_rpc_input.json | ||
| docker-compose run -T agent curl -X POST --data @/tmp/input.json -H "Content-Type:application/yang-data+json" --user my-serial-number:my-secret --key /private_key.pem --cert /my_cert.pem --cacert /opi.pem "${REDIRECT}" | tee /tmp/post_rpc_input.json | ||
|
|
||
| # parse the redirect reply | ||
| jq -r .\"ietf-sztp-bootstrap-server:output\".\"conveyed-information\" /tmp/post_rpc_input.json | base64 --decode | tail -n +2 | sed '1i {' | jq . | tee /tmp/post_rpc_fixed.json | ||
|
|
@@ -47,13 +47,13 @@ BOOTSTRAP="${REDIRECT//redirecter:8080/$addr:$port}" | |
| docker-compose exec -T bootstrap curl -i --user [email protected]:my-secret -H "Accept:application/yang-data+json" http://bootstrap:7080/restconf/ds/ietf-datastores:running | ||
|
|
||
| # request onboarding info (like a DPU or IPU device would) | ||
| docker-compose run -T opi-sztp-go-agent curl -X POST --data @/tmp/input.json -H "Content-Type:application/yang-data+json" --user my-serial-number:my-secret --key /private_key.pem --cert /my_cert.pem --cacert /opi.pem "${BOOTSTRAP}" | tee /tmp/post_rpc_input.json | ||
| docker-compose run -T agent curl -X POST --data @/tmp/input.json -H "Content-Type:application/yang-data+json" --user my-serial-number:my-secret --key /private_key.pem --cert /my_cert.pem --cacert /opi.pem "${BOOTSTRAP}" | tee /tmp/post_rpc_input.json | ||
|
|
||
| # parse the reply | ||
| jq -r .\"ietf-sztp-bootstrap-server:output\".\"conveyed-information\" /tmp/post_rpc_input.json | base64 --decode | tail -n +2 | sed '1i {' | jq . | tee /tmp/post_rpc_fixed.json | ||
|
|
||
| # send progress | ||
| docker-compose run -T opi-sztp-go-agent curl -X POST --data @/tmp/progress.json -H "Content-Type:application/yang-data+json" --user my-serial-number:my-secret --key /private_key.pem --cert /my_cert.pem --cacert /opi.pem "${BOOTSTRAP//get-bootstrapping-data/report-progress}" | ||
| docker-compose run -T agent curl -X POST --data @/tmp/progress.json -H "Content-Type:application/yang-data+json" --user my-serial-number:my-secret --key /private_key.pem --cert /my_cert.pem --cacert /opi.pem "${BOOTSTRAP//get-bootstrapping-data/report-progress}" | ||
|
|
||
| # check audit log | ||
| docker-compose exec -T bootstrap curl -i -X GET --user [email protected]:my-secret -H "Accept:application/yang-data+json" http://bootstrap:7080/restconf/ds/ietf-datastores:operational/wn-sztpd-1:audit-log | ||
|
|
@@ -76,25 +76,25 @@ jq -r .\"ietf-sztp-conveyed-info:onboarding-information\".\"post-configuration-s | |
| jq -r .\"ietf-sztp-conveyed-info:onboarding-information\".\"boot-image\".\"download-uri\"[] /tmp/post_rpc_fixed.json | ||
| jq -r .\"ietf-sztp-conveyed-info:onboarding-information\".\"boot-image\".\"image-verification\"[] /tmp/post_rpc_fixed.json | ||
|
|
||
| docker-compose run -T opi-sztp-go-agent curl --fail --output /tmp/my-boot-image.tst http://web:80/my-boot-image.img | ||
| docker-compose run -T agent curl --fail --output /tmp/my-boot-image.tst http://web:80/my-boot-image.img | ||
|
|
||
| # actually go and download the image from the web server | ||
| URL=$(jq -r .\"ietf-sztp-conveyed-info:onboarding-information\".\"boot-image\".\"download-uri\"[0] /tmp/post_rpc_fixed.json) | ||
| BASENAME=$(basename "${URL}") | ||
| docker-compose run -T opi-sztp-go-agent curl --output "/tmp/${BASENAME}" --fail "${URL}" | ||
| docker-compose run -T agent curl --output "/tmp/${BASENAME}" --fail "${URL}" | ||
|
|
||
| # Validate signature | ||
| SIGNATURE=$(docker-compose run -T opi-sztp-go-agent ash -c "openssl dgst -sha256 -c \"/tmp/${BASENAME}\" | awk '{print \$2}'") | ||
| SIGNATURE=$(docker-compose run -T agent ash -c "openssl dgst -sha256 -c \"/tmp/${BASENAME}\" | awk '{print \$2}'") | ||
| jq -r .\"ietf-sztp-conveyed-info:onboarding-information\".\"boot-image\".\"image-verification\"[] /tmp/post_rpc_fixed.json | grep "${SIGNATURE}" | ||
|
|
||
| # print for debug | ||
| docker-compose ps | ||
|
|
||
| # test go-code | ||
| name=$(docker-compose ps | grep opi-sztp-go-agent | awk '{print $1}') | ||
| name=$(docker-compose ps | grep agent | awk '{print $1}') | ||
| rc=$(docker wait "${name}") | ||
| if [ "${rc}" != "0" ]; then | ||
| echo "opi-sztp-go-agent failed:" | ||
| echo "agent failed:" | ||
| docker logs "${name}" | ||
| exit 1 | ||
| fi | ||
|
|
||