ospab
a7ec878518
Changes: 1. ✅ Updated SHA256SUMS with new ostp-server binary 2. ✅ Made oncp-master optional in deploy.sh (two deployment modes) 3. ✅ Added enrollment_token support to ostp-server 4. ✅ Updated config examples with token field Deployment Modes: - Mode 1 (Standalone): Connect to existing master with enrollment token - Mode 2 (Full Stack): Deploy both master + server on one host ostp-server Enrollment Flow: 1. Admin generates token on master: \oncp-master node token --expiry 60\ 2. Node submits enrollment with token in config (psk: 'AUTO') 3. Master validates token (silent drop if invalid - security) 4. Admin approves node: \oncp-master node approve <node-id>\ 5. Node receives PSK + IP from 10.X.0.0/16 pool 6. Update config with PSK, restart server deploy.sh Features: - Interactive mode selection - Conditional oncp-master installation - Automated token generation (full stack mode) - Enrollment submission (standalone mode) Config Examples: - server.json.example: Full stack with local master - server-enrollment.json.example: Standalone with token Security: - Token validation before enrollment acceptance - Silent drop on invalid token (prevents enumeration) - One-time use tokens with expiration - IPAM automatic IP allocation from pool Documentation: - Updated README with deployment modes - Added enrollment workflow explanation - Security features documented - CLI examples for both modes
12 lines
295 B
JSON
12 lines
295 B
JSON
{
|
|
"listen": "0.0.0.0:443",
|
|
"psk": "AUTO",
|
|
"master_node_url": "http://master.example.com:8080",
|
|
"enrollment_token": "PASTE_TOKEN_FROM_MASTER_NODE_HERE",
|
|
"node_name": "node-01",
|
|
"country_code": "US",
|
|
"region": "eu-central",
|
|
"hardware_id": "server-123",
|
|
"max_connections": 1000
|
|
}
|