If you have already configured the Airgap server in an Internet-restricted environment in Telco Cloud Automation, deploy a new Airgap server version 2.1 for extra resource requirements and configure it according to your usage.
Prerequisites
Back up the certificates from the existing airgap server to your desktop or jumpbox.
Procedure
- Download and deploy Photon OS 3 OVA as the new Airgap server.
- Edit the Airgap server virtual machine based on the resource requirements (4 CPU, 8GB RAM, and 500 GB Disk) for the Airgap server. See Prerequisites for Setting up the Airgap Repository.
A single 500 GB disk is recommended for the airgap server, which is upgraded for storing multiple versions of repositories.
- Power ON the new Airgap server and configure it as follows:
- Ensure that FQDN and IP address of the new airgap server are the same as the existing airgap server installed in the Telco Cloud Automation environment.
Caution:
After the server boots for the first time, log in with the default credentials (user: root, password: changeme) and change the password when prompted.
For Static IP:
vi /etc/systemd/network/##-eth0-static.network [Match] Name=eth0 [Network] Address=198.51.0.2/24 Gateway=198.51.0.1 DNS=198.51.0.1
For Hostname:
vi /etc/hostname and update it with FQDN. tb1-airgap1.telco.com
- Install the tar package using the
#tdnf install tar -y
command.
- Ensure that FQDN and IP address of the new airgap server are the same as the existing airgap server installed in the Telco Cloud Automation environment.
- Set up the Airgap Server.
- On an Internet-accessible machine, download the
VMware-Telco-Cloud-Automation-airgap-files-2.1.0-<build-number>.tar.gz
file from the VMware Downloads page and extract it to the/root/
folder. - Create a copy of the setup-user-inputs.yml file as user-inputs.yml.
#cd /root/airgap/scripts/vars/ #cp setup-user-inputs.yml user-inputs.yml
- Update the following parameters in the user-inputs.yml file:
#1. General Configurations products: - name: "tca" versions: "2.1.0" server_fqdn: <user Airgap FQDN name> root: /root/airgap/ #2. Additional Disk Configurations single_disk: True #3. Server Certificate Configurations #False: customer bring certificate #True: Playbook will generate a private root CA auto_generate: False server_cert_path: /root/certs/FQDN.cert server_cert_key_path: /root/certs/FQDN.key ca_cert_path: /root/certs/ca.crt #4. Harbor Configurations harbor_password: <Admin user password for Airgap>
- Copy the backed-up certificates of the existing airgap server to the new airgap server under the
/root/certs/
folder. - Prepare the Airgap server and download all the required repositories using the following commands:
#cd /root/airgap/ #scripts/bin/run.sh setup
Depending on the number of repositories you download from the Internet, this command takes 3-6 hours to run.
- On an Internet-accessible machine, download the
- Move the new Airgap server from the Internet-accessible environment to Internet-restricted environment:
- Power OFF and export the Airgap server into the OVA format. See Export and Transfer Airgap Server OVA to Internet-Restricted Environment. Alternatively, if you are using proxy or dual arm network, export of Airgap server VM is not required.
- Deploy the Airgap server from the Airgap OVA.
To prepare the system for the target environment, define the environment-related parameters in the
user-input.yml
file and run the Ansible Playbook.In the deploy phase, use the deploy-user-inputs.yml as a template for storing customization parameters:
Create a copy of the deploy-user-inputs.yml file as user-inputs.yml
root@photon-machine [ ~/airgap/scripts/vars ]# cp deploy-user-inputs.yml user-inputs.yml
Customization parameters include:
#1. General Configurations server_fqdn: FQDN root: /root/airgap/ #2. Network Configurations iface_name: eth0 dhcp: False static_ip: 192.168.2.100/24 default_gw: 192.168.2.1 dns_servers: 192.168.100.100 #3. Server Certificate Configurations #False: customer bring certificate. #True: Playbook will generate a private root CA. auto_generate: False server_cert_path: /root/certs/FQDN.cert server_cert_key_path: /root/certs/FQDN.key ca_cert_path: /root/certs/ca.crt #4. Harbor Configurations # Password must be the same that you specified in the setup-user-inputs.yml file. harbor_password: <Admin user password for Airgap>
- Customize the airgap server by running the following
deploy.yml
file.root@photon-machine [ ~/airgap ]# scripts/bin/run.sh deploy
This command reconfigures the Airgap server with updated details mentioned in Step 5b.