Took from https://github.com/opiproject/sztp
Start Bootstrap and Web servers from compose:
docker compose up -dAdd SZTP options to your DHCP server config, for example:
$ grep sztp /etc/dhcp/dhcpd.conf
option sztp-redirect-urls code 143 = text;
option sztp-redirect-urls "https://bootstrap:8080/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data";Extract certificates from Bootstrap server:
docker compose cp bootstrap:/opi.pem /tmp/opi.pem
docker compose cp bootstrap:/tmp/sztpd-simulator/pki/client/end-entity/my_cert.pem /tmp/opi_cert.pem
docker compose cp bootstrap:/tmp/sztpd-simulator/pki/client/end-entity/private_key.pem /tmp/opi_private_key.pemCopy extracted certificates to DPUs:
scp /tmp/opi*.pem root@172.22.3.2:/mnt/Add sztp option to the dhcp client, example:
root@bf2:~# grep sztp /etc/dhcp/dhclient.conf
option sztp-redirect-urls code 143 = text;
request subnet-mask, broadcast-address, time-offset, routers, sztp-redirect-urls,Make sure lease file received the correct option:
root@bf2:~# DHCLIENT_LEASE_FILE=/var/lib/NetworkManager/dhclient-aa93b667-6aac-3804-91e9-4958e07fdb2f-oob_net0.lease
root@bf2:~# grep sztp ${DHCLIENT_LEASE_FILE}
option sztp-redirect-urls "https://bootstrap:8080/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data";Add static hostname resolution per certificate dns limitation:
# add hostnames per certificate dns generation
root@bf2:~# grep bootstrap /etc/hosts
172.22.0.1 bootstrap webFinally run SZTP agent/client:
docker run --rm -it --network=host -v /mnt/:/mnt \
--mount type=bind,source=${DHCLIENT_LEASE_FILE},target=/var/lib/dhclient/dhclient.leases \
ghcr.io/opiproject/opi-sztp-client:main \
/opi-sztp-agent daemon --bootstrap-trust-anchor-cert /mnt/opi.pem --device-end-entity-cert /mnt/opi_cert.pem --device-private-key /mnt/opi_private_key.pem