fix(certs): remove certs from client docker image

Signed-off-by: Boris Glimcher <[email protected]>

docker-compose.yml

@@ -83,6 +83,9 @@ services:
     image: ghcr.io/opiproject/opi-sztp-server:main
     build:
       context: sztp-server
+    depends_on:
+      bootstrap:
+        condition: service_healthy
     volumes:
       - server-certs:/certs/server
       - client-certs:/certs/client
@@ -147,12 +150,20 @@ services:
         condition: service_healthy
       redirecter:
         condition: service_healthy
+      setup-cert:
+        condition: service_completed_successfully
     volumes:
+      - client-certs:/certs
       - dhcp-leases-folder:/var/lib/dhclient/
       - /etc/os-release:/etc/os-release
     networks:
       - opi
-    command: ['/opi-sztp-agent', 'daemon']
+    command: |
+      /opi-sztp-agent daemon \
+      --bootstrap-trust-anchor-cert /certs/opi.pem \
+      --device-end-entity-cert /certs/opi_cert.pem \
+      --device-private-key /certs/opi_private_key.pem \
+      --serial-number nvidia-serial-number
 
   avahi:
     image: docker.io/flungo/avahi:latest

sztp-agent/Dockerfile

@@ -23,12 +23,5 @@ RUN apk add --no-cache --no-check-certificate curl && rm -rf /var/cache/apk/*
 COPY ./*.json /tmp/
 # hadolint ignore=DL3022
 COPY --from=builder /opi-sztp-agent /
-# hadolint ignore=DL3022
-COPY --from=ghcr.io/opiproject/opi-sztp-server:main /opi.pem /certs/
-# hadolint ignore=DL3022
-COPY --from=ghcr.io/opiproject/opi-sztp-server:main /tmp/sztpd-simulator/pki/client/end-entity/my_cert.pem /certs/
-# hadolint ignore=DL3022
-COPY --from=ghcr.io/opiproject/opi-sztp-server:main /tmp/sztpd-simulator/pki/client/end-entity/private_key.pem /certs/
-# TODO: consider generating iDevID certificates using https://github.com/usnistgov/iDevIDCerts
 
 CMD [ "/opi-sztp-agent" ]