wlan-ap

mirror of https://github.com/Telecominfraproject/wlan-ap.git synced 2025-10-30 01:52:51 +00:00

Author	SHA1	Message	Date
Marek Kwaczynski	460180f42e	cloud_discovery: add blocklist for discovery methods Introduce a blocklist mechanism to avoid retrying failed discovery methods within the same discovery cycle. Each time a method fails validation, it is added to the blacklist. The blacklist is cleared once the device transitions to ONLINE or after all discovery methods have been attempted. This prevents repeated attempts of failing methods and ensures the discovery process progresses more reliably. Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>	2025-09-24 12:48:50 +02:00
Marek Kwaczynski	ed57759824	cloud_discovery: Skip rewriting discovery.state.json when no discovery metho d is set In cases where gateway.json exists, the discovery method may be unset. Writing an empty value to discovery.state.json is not useful, so avoid updating the file in this case. Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>	2025-09-24 12:48:50 +02:00
Marek Kwaczynski	957e3ca997	cloud_discovery: run est_client enroll before discovery process Always obtain EST certificates before starting the discovery process. This ensures certificates are already available from the EST server, since the FQDN may be provided via DHCP discovery or another discovery method, and requires valid certificates to proceed. Fixes: WIFI-15123 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>	2025-09-24 12:48:50 +02:00
wingate5678	741007178f	mount_certs: sonicfi squashfs certifiacte storage improve Fixes: WIFI-15120 Signed-off-by: wingate5678 <wingate.chi@cybertan.com.tw>	2025-09-21 10:20:25 +02:00
Tanya Singh	e9d3e39d5e	netifd: support DHCP options 138 and 224 Fixes: WIFI-14694 Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2025-09-21 10:20:25 +02:00
Arif Alam	c27b015a63	est_client: fix certificate issuer matching Signed-off-by: Arif Alam <arif.alam@netexperience.com>	2025-08-29 22:52:28 -04:00
Arif Alam	02c2e6945b	est_client: cloud_discovery: fixup demo environment Signed-off-by: Arif Alam <arif.alam@netexperience.com>	2025-08-28 21:39:54 -04:00
Tanya Singh	60e9fb2645	cloud_discover: typo fix in DHCP script option 138 Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2025-08-19 07:33:01 +02:00
John Crispin	b995833a03	cloud_discovery: fix typo Signed-off-by: John Crispin <john@phrozen.org>	2025-08-14 16:58:33 +02:00
John Crispin	9866d4a86e	cloud_discovery: update CDS QA endpoint Signed-off-by: John Crispin <john@phrozen.org>	2025-08-14 16:14:42 +02:00
John Crispin	143d4e3b58	cloud_discovery: make the reenrollment process more robust Signed-off-by: John Crispin <john@phrozen.org>	2025-08-14 11:44:04 +02:00
Tanya Singh	c7f9061eee	cloud_discovery: Fix typo in cloud_discovery script Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2025-08-14 07:57:59 +02:00
John Crispin	cd78a832e3	cloud_discovery: use production CDS for migration path Signed-off-by: John Crispin <john@phrozen.org>	2025-08-13 14:35:42 +02:00
John Crispin	f997f8dff0	tip-defaults: add operational OpenLan root CA Signed-off-by: John Crispin <john@phrozen.org>	2025-08-12 19:11:54 +02:00
John Crispin	c4b3eeed81	est_client: switch to production environment Signed-off-by: John Crispin <john@phrozen.org>	2025-08-11 06:36:22 +02:00
Marek Kwaczynski	b982f3f4c2	cloud_discovery: Track and persist discovery method Adds support for recording the method used to discover the cloud controller (e.g. DHCP, FLASH, OpenLAN). The selected method records the current date and time along with the discovery method into "/etc/ucentral/discovery.state.json". The date is stored in epoch format. Fixed: WIFI-14966 Signed-off-by: Marek Kwaczynski <marek@shasta.cloud>	2025-08-11 05:41:36 +02:00
John Crispin	6ba26cba2b	est_client: add a function to validate that the CN is correct cloud_discovery will not start if the CN does not match the devices serial. an error will be written to syslog --- Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: The certificate used has a CN that does not match the serial of the device Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR Wed Aug 6 14:23:23 2025 user.notice root: ERROR --- Signed-off-by: John Crispin <john@phrozen.org>	2025-08-06 16:23:57 +02:00
John Crispin	b5b276bfcc	est_client: check if a cert is present inside the fwtool helper This was causing devices without a birt cert being present from doing a sysupgrade. Signed-off-by: John Crispin <john@phrozen.org>	2025-08-06 11:03:59 +02:00
jackcybertan	b036ba37e3	certificates: Store-PKI2.0-key-for-RAP6x-production Fixes: WIFI-14951 Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>	2025-08-04 08:39:53 +02:00
John Crispin	8c11eb23a3	mt7621: add insta1/2 partitions for yuncore ax820 Signed-off-by: John Crispin <john@phrozen.org>	2025-08-04 08:35:42 +02:00
John Crispin	d1e4c48617	cloud_discovery: add automatic reenrolment of operational certificates The daemon will check the vailidity of the operational certificate once and hour. If the certificate is valid for less than three days, a reenrollment is attempted. Once the reenroll happened the connection to the cloud controller will be restarted. Fixes: WIFI-14900 Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-31 09:48:10 +02:00
jackcybertan	d85dc2a819	certificates: Enhance PKI enrollment on squashfs (SonicFi RAP6* series) The updated flow: - Mount /dev/mtdblock* (the certificates partition) to /mnt - Copy its contents to /certificates - Unmount /mnt - Extract the PKI 2.0 certificates into /certificates Fixes: WIFI-14904 Signed-off-by: jackcybertan <jack.tsai@cybertan.com.tw>	2025-07-30 09:04:52 +02:00
John Crispin	ebdc88ee1f	certificates: improvements * make the code more generic * add udaya a2 support Signed-off-by: John Crispin <john@phrozen.org>	2025-07-28 09:50:22 +02:00
Tanya Singh	5306f7db27	cloud_discovery: Add 'sync' after file generation in Cloud discovery process Fixes: WIFI-14906 Signed-off-by: Tanya Singh <tanya_singh@accton.com>	2025-07-27 17:40:03 +02:00
John Crispin	89a1be09d9	est_client: set 10s as the max timeout when calling the EST server Signed-off-by: John Crispin <john@phrozen.org>	2025-07-21 11:35:47 +02:00
John Crispin	66df8d3946	est_client: properly populate the re-enrolled certificate Fixes: WIFI-14864 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-17 14:40:01 +02:00
John Crispin	20de4fe438	est_client: allow overriding CERT_PREFIX via an env variable Signed-off-by: John Crispin <john@phrozen.org>	2025-07-17 09:50:45 +02:00
John Crispin	f56fb3c0d3	est_client: allow setting the EST_SERVER via an env variable Signed-off-by: John Crispin <john@phrozen.org>	2025-07-17 09:50:45 +02:00
John Crispin	5aca134364	est_client: reduce number of flash writes Signed-off-by: John Crispin <john@phrozen.org>	2025-07-17 09:50:45 +02:00
John Crispin	89ac58b48f	add incremental interval backoff Signed-off-by: John Crispin <john@phrozen.org>	2025-07-17 09:50:45 +02:00
wingate5678	6c4ca10e74	certificates: change Sonicfi RAP7 series certicate type from squashfs to ext4 Fixes: WIFI-14834 Signed-off-by: wingate5678 <wingate.chi@cybertan.com.tw>	2025-07-16 17:00:53 +02:00
John Crispin	a607aac99a	cloud_discovery: set production timeouts Signed-off-by: John Crispin <john@phrozen.org>	2025-07-11 11:08:42 +02:00
John Crispin	f2b69ce972	est_client: fix reenroll call the wrong certificate was being used Signed-off-by: John Crispin <john@phrozen.org>	2025-07-08 09:41:12 +02:00
John Crispin	842b21fb5e	certificates: add an explicit uci commit call Signed-off-by: John Crispin <john@phrozen.org>	2025-07-08 09:40:06 +02:00
Jesse Wu	919fe12372	ipq807x: add EMPLUS WAP380C support Fixes: WIFI-14791 Signed-off-by: Jesse Wu <Jesse.Wu@emplustech.com>	2025-07-08 08:13:39 +02:00
cpchangemplu	f1fc99ccbe	ipq50xx: Add back emplus,wap385c Signed-off-by: cpchangemplu <cp.chang@emplustech.com>	2025-07-03 14:26:46 +02:00
John Crispin	5f8c4d31cc	cloud_discovery: use the correct certificte for CDS Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	aa78f40843	certificates: add support for tar file based certificate storage Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	721fb4cc4d	est_client: fixup typo Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	f75a36f89f	est_client: prevent downgrades to FW not supporting EST Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	a375b9f774	est_client: add reenroll support Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	16d029f10f	cloud_discovery: split EST code out into its own tool Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	bb45e09e8b	cloud_discovery: place intermediate files into the /tmp folder Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	2798088cec	cloud_discovery: rtrim() the extracted subject this removes trailing \n\n characters Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	470703a490	luci-mod-ucentral: update certupdate for insta birth certificates Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	c56d60b2d3	certificates: do not check for cas.pem when mounting certs Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	1178c3b6f1	certificates: set new certs inside UCI Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	0db44ca55b	cloud_discovery: add insta EST support Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	ae5015424b	cloud_discovery: add initial ubus status call Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00
John Crispin	32c7a7ff1d	cloud_discovery: add support for hostname_validation Fixes: WIFI-14694 Signed-off-by: John Crispin <john@phrozen.org>	2025-07-01 07:18:54 +02:00

1 2 3

141 Commits