This section describes the procedure to replace existing TCA Airgap appliance with an appliance which is newly setup.
Prerequisites
An existing TCA Airgap Appliance which is configured with FQDN and a certificate that is already used by existing TCA kubernetes clusters.
A newly setup TCA Airgap Appliance which is synchronized or mirrored with all the required artifacts data, including the existing TCA kubernetes clusters.
The newly setup TCA Airgap Appliance is configured with a different FQDN, IP address from the existing TCA Airgap Appliance.
Procedure
- Copy the server certificate and CA certificate.
Login into the existing TCA Airgap appliance using SSH admin account then switch to root with su
. Copy the files to the newly setup TCA Airgap appliance using following commands:
scp -r /etc/docker/certs.d/<fqdn>:8043 admin@<new TCA Airgap Appliance address>:/tmp/
scp /usr/local/airgap/scripts/vars/user-inputs.yml admin@<new TCA Airgap Appliance address>:/tmp/
Log out from the console of the existing TCA Airgap ppliance.
- Prepare the user inputs on the new TCA Airgap appliance.
Log in the existing TCA Airgap appliance using SSH admin account then switch to root with su
.
Edit /usr/local/airgap/scripts/vars/user-inputs.yml
using the following command:
vi -d /usr/local/airgap/scripts/vars/user-inputs.yml /tmp/user-inputs.yml
Copy following settings from /tmp/user-inputs.yml
to /usr/local/airgap/scripts/vars/user-inputs.yml
, the parameter details refers to Agctl CLI Command Reference:
Switch to the window of /tmp/user-inputs.yml
by typing “Ctrl+w” twice, then select block of section #1 and #2 by typing V
, then j
, and k
. Type y
to copy the block.
Switch to the window of /usr/local/airgap/scripts/vars/user-inputs.yml
, by pressing Ctrl+w twice, then select block of section #1 and #2 by typing V
, then j
and k
. Type p
to paste the block.
server_fqdn: <full qualified domain name of the exisitng tca airgap appliance>
ip_family: <same as existing tca airgap appliance>
dhcp: <same as existing tca airgap appliance>
static_ip: <same as existing tca airgap appliance>
default_gw: <same as existing tca airgap appliance>
dns_servers: <same as existing tca airgap appliance>
Edit #3 section to update the certificate:
auto_generate: False
server_cert_path: /tmp/<fqdn>:8043/<fqdn>.cert server_cert_key_path: /tmp/<fqdn>:8043/<fqdn>.key
ca_cert_path: /tmp/<fqdn>:8043/ca.crt
Press ESC then save the files with:wq
.
- Unlink the old TCA Airgap appliance from the network or power it off.
Login to vCenter, navigate to the old TCA Airgap Appliance VM, and launch the Edit settings wizard from Actions and then disconnect Network adapter. Alternatively, you can choose to Power it off.
- Reconfigure the new TCA Airgap appliance.
- Verify the connectivity by runing the following command on the new TCA Airgap appliance console.
curl https://<TCA Airgap Appliance FQDN> -v
It is expected that the output message contains SSL certificate verify ok
and HTTP/1.1 200 OK
. The Server certificate details in the output message are consistent with the provided certificate.