scottk/wlan-ap
1
0
Fork 0
mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-11-01 02:48:18 +00:00
Code Issues Packages Projects Releases 10 Wiki Activity

cloud_discovery: make the reenrollment process more robust

Browse Source 
Signed-off-by: John Crispin <john@phrozen.org>
This commit is contained in:
John Crispin
2025-08-14 11:44:04 +02:00
parent 0735fd8c9a
commit 143d4e3b58
1 changed files with 39 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery
View File

@@ -119,9 +119,10 @@ function gateway_write(data) {
if (new[key] != gateway[key]) if (new[key] != gateway[key])
changed = true; changed = true;
} }
if (changed) if (changed) {
fs.writefile('/etc/ucentral/gateway.json', new); fs.writefile('/etc/ucentral/gateway.json', new);
system('sync'); system('sync');
}
return changed; return changed;
} }
@@ -287,6 +288,36 @@ function interval_handler() {
} }
} }
function trigger_reenroll() {
ulog(LOG_INFO, 'triggering reenroll\n');
if (system('/usr/bin/est_client reenroll')) {
ulog(LOG_INFO, 'reenroll failed\n');
return;
}
ulog(LOG_INFO, 'reenroll succeeded\n');
ulog(LOG_INFO, 'stopping client\n');
system('/etc/init.d/ucentral stop');
set_state(DISCOVER);
}
function expiry_handler() {
let stat = fs.stat('/etc/ucentral/operational.ca');
if (!stat)
return;
let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
if (!ret) {
ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
return;
}
ulog(LOG_INFO, 'certificate will expire soon\n');
trigger_reenroll();
}
let ubus_methods = { let ubus_methods = {
discover: { discover: {
call: function(req) { call: function(req) {
@@ -361,29 +392,15 @@ let ubus_methods = {
}, },
args: {}, args: {},
}, },
reenroll: {
call: function(req) {
trigger_reenroll();
return 0;
},
args: {},
},
}; };
function expiry_handler() {
let stat = fs.stat('/etc/ucentral/operational.ca');
if (!stat)
return;
let ret = system(`openssl x509 -checkend ${timeouts.expiry_threshold} -noout -in /certificates/operational.pem`);
if (!ret) {
ulog(LOG_INFO, 'checked certificate expiry - all ok\n');
return;
}
ulog(LOG_INFO, 'certificate will expire soon\n');
if (system('/usr/bin/est_client reenroll')) {
ulog(LOG_INFO, 'reenroll failed\n');
return;
}
ulog(LOG_INFO, 'reenroll succeeded\n');
ulog(LOG_INFO, '(re)starting client\n');
system('/etc/init.d/ucentral restart');
}
set_cds_server(); set_cds_server();
if (gateway_available()) { if (gateway_available()) {