From 0f979f2b1f2d1aa64344a76027668b15c61e7cc4 Mon Sep 17 00:00:00 2001 From: John Crispin Date: Tue, 25 Nov 2025 07:31:08 +0100 Subject: [PATCH] cloud_discovery: run EST enrollment within DHCP discovery flow Move EST client enrollment to occur immediately after successful DHCP discovery and before starting the ucentral client. This ensures controller-specific certificates are enrolled before attempting to connect. If EST enrollment fails during DHCP discovery, the client will not be started. Adjust interval_handler to call EST enrollment after DHCP discovery attempt rather than before, ensuring proper certificate handling for DHCP-discovered controllers. Signed-off-by: John Crispin --- .../tip/cloud_discovery/files/usr/bin/cloud_discovery | 11 +++++++---- 1 file changed, 7 insertions(+), 4 deletions(-) diff --git a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery index a3195ec80..d7e503c3b 100755 --- a/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery +++ b/feeds/tip/cloud_discovery/files/usr/bin/cloud_discovery @@ -213,8 +213,11 @@ function discover_dhcp() { cert: `/etc/ucentral/${fqdn}.pem`, ca: `/etc/ucentral/${fqdn}.ca` })) { - ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port}\n`); + ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port} - trying EST\n`); fs.writefile('/tmp/discovery.method', DISCOVER_DHCP); + if (system('/usr/bin/est_client enroll')) + return false; + ulog(LOG_INFO, `Discovered cloud via DHCP ${dhcp.dhcp_server}:${dhcp.dhcp_port} - starting client\n`); client_start(); set_state(VALIDATING); } @@ -340,13 +343,13 @@ function interval_handler() { if (!time_is_valid()) return; - if (system('/usr/bin/est_client enroll')) - return; - discovery_method = DISCOVER_DHCP; if (!is_discover_method_blacked() && discover_dhcp()) return; + if (system('/usr/bin/est_client enroll')) + return; + discovery_method = DISCOVER_FLASH; if (!is_discover_method_blacked() && !discover_flash()) return;