opiproject · glimchb · Jun 20, 2024 · Jun 20, 2024
@@ -202,6 +202,7 @@ services:
     networks:
       - opi
     command: ['/opi-sztp-agent', 'daemon',
+              '--dhcp-lease-file', '/var/lib/dhclient/dhclient.leases',
               '--bootstrap-trust-anchor-cert', '/certs/opi.pem',
               '--device-end-entity-cert', '/certs/third_my_cert.pem',
               '--device-private-key', '/certs/third_private_key.pem',
@@ -210,6 +211,7 @@ services:
   agent2:
     <<: *agent
     command: ['/opi-sztp-agent', 'daemon',
+              '--dhcp-lease-file', '/var/lib/dhclient/dhclient.leases',
               '--bootstrap-trust-anchor-cert', '/certs/opi.pem',
               '--device-end-entity-cert', '/certs/second_my_cert.pem',
               '--device-private-key', '/certs/second_private_key.pem',
@@ -218,6 +220,16 @@ services:
   agent1:
     <<: *agent
     command: ['/opi-sztp-agent', 'daemon',
+              '--dhcp-lease-file', '/var/lib/dhclient/dhclient.leases',
+              '--bootstrap-trust-anchor-cert', '/certs/opi.pem',
+              '--device-end-entity-cert', '/certs/first_my_cert.pem',
+              '--device-private-key', '/certs/first_private_key.pem',
+              '--serial-number', 'first-serial-number']
+
+  agent4:
+    <<: *agent
+    command: ['/opi-sztp-agent', 'daemon',
+              '--bootstrap-url', 'https://redirecter:8080/restconf/operations/ietf-sztp-bootstrap-server:get-bootstrapping-data',
               '--bootstrap-trust-anchor-cert', '/certs/opi.pem',
               '--device-end-entity-cert', '/certs/first_my_cert.pem',
               '--device-private-key', '/certs/first_private_key.pem',

@@ -16,13 +16,14 @@ DOCKER_SZTP_IMAGE=ghcr.io/opiproject/opi-sztp-client:v0.2.0
 ls -l /mnt/
 
 # run docker (not compose) in host network
-DHCLIENT_LEASE_FILE=/var/lib/NetworkManager/dhclient-eth0.lease
-docker run --rm -it --network=host -v /mnt/:/mnt \
+docker run --rm -it --network=host \
+    --mount type=bind,source=/mnt,target=/mnt,readonly \
     --mount type=bind,source=/etc/ssh,target=/etc/ssh,readonly \
     --mount type=bind,source=/etc/os-release,target=/etc/os-release,readonly \
-    --mount type=bind,source=${DHCLIENT_LEASE_FILE},target=/var/lib/dhclient/dhclient.leases,readonly \
+    --mount type=bind,source=/var/lib/NetworkManager,target=/var/lib/NetworkManager,readonly \
     ${DOCKER_SZTP_IMAGE} \
     /opi-sztp-agent daemon \
+    --dhcp-lease-file /var/lib/NetworkManager/dhclient-eth0.lease \
     --bootstrap-trust-anchor-cert /mnt/opi.pem \
     --device-end-entity-cert /mnt/opi_cert.pem \
     --device-private-key /mnt/opi_private_key.pem \

@@ -10,6 +10,7 @@ package cmd
 
 import (
 	"fmt"
+	"net/url"
 	"os"
 
 	"github.com/opiproject/sztp/sztp-agent/pkg/secureagent"
@@ -32,7 +33,20 @@ func NewDaemonCommand() *cobra.Command {
 		Use:   "daemon",
 		Short: "Run the daemon command",
 		RunE: func(c *cobra.Command, _ []string) error {
-			arrayChecker := [4]string{dhcpLeaseFile, devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert}
+			arrayChecker := []string{devicePrivateKey, deviceEndEntityCert, bootstrapTrustAnchorCert}
+			if bootstrapURL != "" && dhcpLeaseFile != "" {
+				return fmt.Errorf("'--bootstrap-url' and '--dhcp-lease-file' are mutualy exclusive")
+			}
+			if bootstrapURL == "" && dhcpLeaseFile == "" {
+				return fmt.Errorf("'--bootstrap-url' or '--dhcp-lease-file' is required")
+			}
+			if dhcpLeaseFile != "" {
+				arrayChecker = append(arrayChecker, dhcpLeaseFile)
+			}
+			if bootstrapURL != "" {
+				_, err := url.ParseRequestURI(bootstrapURL)
+				cobra.CheckErr(err)
+			}
 			for _, filePath := range arrayChecker {
 				info, err := os.Stat(filePath)
 				cobra.CheckErr(err)
@@ -50,8 +64,9 @@ func NewDaemonCommand() *cobra.Command {
 	flags := cmd.Flags()
 	// TODO this options should be retrieved automatically instead of requests in the agent
 	// Opened discussion to define the procedure: https://github.com/opiproject/sztp/issues/2
+	flags.StringVar(&bootstrapURL, "bootstrap-url", "", "Bootstrap server URL. Mutually exclusive with '--dhcp-lease-file'")
 	flags.StringVar(&serialNumber, "serial-number", "", "Device's serial number. If empty, discover via SMBIOS")
-	flags.StringVar(&dhcpLeaseFile, "dhcp-lease-file", "/var/lib/dhclient/dhclient.leases", "Device's dhclient leases file")
+	flags.StringVar(&dhcpLeaseFile, "dhcp-lease-file", "", "Device's dhclient leases file. Mutually exclusive with '--bootstrap-url'")
 	flags.StringVar(&devicePassword, "device-password", "my-secret", "Device's password")
 	flags.StringVar(&devicePrivateKey, "device-private-key", "/certs/private_key.pem", "Device's private key")
 	flags.StringVar(&deviceEndEntityCert, "device-end-entity-cert", "/certs/my_cert.pem", "Device's End Entity cert")

@@ -42,9 +42,12 @@ const (
 
 // RunCommandDaemon runs the command in the background
 func (a *Agent) RunCommandDaemon() error {
-	err := a.getBootstrapURL()
-	if err != nil {
-		return err
+	var err error
+	if a.GetBootstrapURL() == "" {
+		err = a.getBootstrapURL()
+		if err != nil {
+			return err
+		}
 	}
 	err = a.doRequestBootstrapServerOnboardingInfo()
 	if err != nil {