fix(ansible): enable draft of sztp on bf-2

Signed-off-by: Boris Glimcher <[email protected]>
opiproject · May 29, 2024 · 3ced072 · 3ced072
1 parent cd84389
commit 3ced072
Showing 1 changed file with 28 additions and 0 deletions.
diff --git a/lab/ansible/setup.yml b/lab/ansible/setup.yml
@@ -349,3 +349,31 @@
     - ansible.builtin.shell: ls -l  /dev/ttyUSB*
 
     # TODO: update FW for Marvell CN106
+
+- name: Secure Zero Touch Provisioning
+  hosts: DPUs
+  become: yes
+  tasks:
+    # TODO: enable this
+    - name: Nvidia | Fix dhcp client config and then run sztp agent container
+      when: inventory_hostname == 'bf123'
+      block:
+        - name: Nvidia | Add sztp option to dhcp client config
+          ansible.builtin.lineinfile: backup=true path=/etc/dhcp/dhclient.conf insertbefore='^option(.*)code(.*)$' line='option sztp-redirect-urls code 143  = text;'
+        - name: Nvidia | Add sztp option to dhcp client
+          ansible.builtin.lineinfile: backup=true path=/etc/dhcp/dhclient.conf regexp=^(request .*) line: \g<1> sztp-redirect-urls,
+        - name: Nvidia | Run sztp agent container on Nvidia BF
+          community.docker.docker_container:
+            name: sztp
+            image: ghcr.io/opiproject/opi-sztp-client:main
+            state: started
+            restart: true
+            detach: true
+            network_mode: host
+            restart_policy: always
+            mounts:
+              - type: bind
+                source: /var/lib/NetworkManager/dhclient-aa93b667-6aac-3804-91e9-4958e07fdb2f-oob_net0.lease
+                target: /var/lib/dhclient/dhclient.leases
+                read_only: true
+            command: /opi-sztp-agent daemon --bootstrap-trust-anchor-cert /mnt/opi.pem --device-end-entity-cert /mnt/opi_cert.pem --device-private-key /mnt/opi_private_key.pem