To set up an airgap repository, your environment must have the prerequisites listed in this section.

Resource Preparation

To set up an airgap server, you must prepare the following resources:
  1. An environment with Internet connectivity with access to the following websites:
  2. An FQDN to assign to the airgap server. Optionally, DNS service can be available for resolving FQDN names if the setup environment is not the target environment.
  3. (Optional) Server certificates. To generate private CA-signed certificates automatically, the VMware Telco Cloud Automation airgap server provides setup scripts. However, you can prepare your own server certificate that is private CA-signed or public CA-signed. For a chained certificate, it must contain all the trusted CA certificates:
    • Self-signed certificate or chained certificate file.
    • Certificate key file.
    • (Optional) CA certificate file for verifying the server certificate. It can be a self-signed certificate or a trusted private root CA file that has signed the certificate chain. For a public-signed server certificate, you need not specify the CA file but ensure that you include the CA certificates in the chained certificate file.
  4. Download the airgap tarball file named VMware-Telco-Cloud-Automation-airgap-files-<release>-<build>.tar.gz from the VMware Customer Connect site. The tarball file is included in the VMware Telco Cloud Automation build.

Deploy Photon OS 3 OVA

A virtual machine with Photon OS 3.0 Rev 3 must be available for providing repository services in the airgap environment. Download the OVA template from here.
  1. Import the OVA template onto the ESXi host in an environment that has Internet connectivity.
    1. Right-click the ESXi host and select Deploy OVF Template.
    2. To complete the deployment, follow the wizard.
  2. Edit the imported airgap virtual machine with the following disk requirements:
    1. Single disk with three partitions. Each partition is assigned to Harbor, Docker, and Photon. This approach is applicable to previous versions (1.9.5.x, 2.0.x) of VMware Telco Cloud Automation. A minimum of 500 GB is recommended for scaling up considerations.
    2. Multiple disks and each disk is configured with a single partition. In the image synchronization phase (setup phase), three disks are required - one for the images, one for Photon, and one for Docker images. After completing the packaging and image synchronization, you must export the airgap server OVA. It is recommended to clear the Docker cache and remove the Docker cache disk to reduce the total size of the OVA to transfer. Multiple disks is the recommended way to configure airgap server. In case the airgap server is connected to the Internet for build-to-build updates and there is no need to export the OVA file, it is still recommended to use multiple disks where each disk can be resized separately on demand. The Docker cache disk can be reserved to accelerate the next synchronization. This is the default mode in the sample setup user input.
      • VM with multiple disks (recommended):
        • CPU - 4
        • RAM - 8 GB
        • NIC - 1. Wire to the network with Internet connectivity.
        • Hard Disks - 4.
          • Hard Disk 1: 16 GB for photon OS.
          • Hard Disk 2: 100 GB for container images of Harbor repository, and Photon repository.
          • Hard Disk 3: 200 GB for photon packages.
          • Hard Disk 4: 200 GB for cached docker images.
      • VM with a single disk:
        • CPU - 4
        • RAM - 8 GB
        • NIC - 1. Wire to the network with Internet connectivity.
        • Hard Disks - 2.
          • Hard Disk 1: 16 GB for photon OS.
          • Hard Disk 2: 500 GB for Docker repository, Harbor repository, and Photon repository.
      Note: When setting up the airgap server, The default CD drive location can display an error while saving the settings. If you face this issue, remove the CD drive from the virtual machine.
  3. Power on the airgap server.
  4. Change the airgap VM root password. The default password is changeme. You must set up a new password on logging in for the first time.