diff --git a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery index 17bef29bf..608b15c95 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery +++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery @@ -155,7 +155,7 @@ function discover_dhcp() { } function generate_csr() { - if (!fs.stat('/etc/ucentral/csr.nohdr.p10')) { + if (!fs.stat('/rmp/csr.nohdr.p10')) { let pipe = fs.popen('openssl x509 -in /etc/ucentral/cert.pem -noout -subject'); let subject = pipe.read("all"); pipe.close(); @@ -164,14 +164,14 @@ function generate_csr() { subject = replace(subject, ' = ', '='); subject = replace(subject, ', ', '/'); - let ret = system(`openssl req -subj "${subject}" -new -key /etc/ucentral/key.pem -out /etc/ucentral/csr.p10`); + let ret = system(`openssl req -subj "${subject}" -new -key /etc/ucentral/key.pem -out /tmp/csr.p10`); if (ret) { ulog(LOG_INFO, 'Failed to generate CSR\n'); return 1; } - let input = fs.open('/etc/ucentral/csr.p10', 'r'); - let output = fs.open('/etc/ucentral/csr.nohdr.p10', 'w'); + let input = fs.open('/tmp/csr.p10', 'r'); + let output = fs.open('/tmp/csr.nohdr.p10', 'w'); let line; while (line = input.read('line')) { if (substr(line, 0, 4) == '----') @@ -214,14 +214,14 @@ function discover_operational_cert() { if (generate_csr()) return 1; - let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/simpleenroll -d @/etc/ucentral/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /etc/ucentral/operational.nohdr.p7'); + let ret = system('curl -X POST https://qaest.certificates.open-lan.org:8001/.well-known/est/simpleenroll -d @/tmp/csr.nohdr.p10 -H "Content-Type: application/pkcs10" --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.nohdr.p7'); if (ret) { ulog(LOG_INFO, 'Failed to request operational certificate\n'); return 1; } ulog(LOG_INFO, 'EST succeeded\n'); - ret = p7_too_pem('/etc/ucentral/operational.nohdr.p7', '/etc/ucentral/operational.pem'); + ret = p7_too_pem('/tmp/operational.nohdr.p7', '/etc/ucentral/operational.pem'); if (ret) { ulog(LOG_INFO, 'Failed to convert P7 to PEM\n'); return 1; @@ -236,9 +236,9 @@ function discover_operational_ca() { ulog(LOG_INFO, 'Operational CA is present\n'); return 0; } - let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /etc/ucentral/operational.ca.nohdr.p7'); + let ret = system('curl -X GET https://qaest.certificates.open-lan.org:8001/.well-known/est/cacerts --cert /etc/ucentral/cert.pem --key /etc/ucentral/key.pem --cacert /etc/ucentral/insta.pem -o /tmp/operational.ca.nohdr.p7'); if (!ret) - ret = p7_too_pem('/etc/ucentral/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca'); + ret = p7_too_pem('/tmp/operational.ca.nohdr.p7', '/etc/ucentral/operational.ca'); if (ret) { ulog(LOG_INFO, 'Failed to load CA\n'); return 1;