If you have already configured the Airgap server in an Internet-restricted environment in Telco Cloud Automation, deploy a new Airgap server version 2.1 for extra resource requirements and configure it according to your usage.


Back up the certificates from the existing airgap server to your desktop or jumpbox.


  1. Download and deploy Photon OS 3 OVA as the new Airgap server.
  2. Edit the Airgap server virtual machine based on the resource requirements (4 CPU, 8GB RAM, and 500 GB Disk) for the Airgap server. See Prerequisites for Setting up the Airgap Repository.

    A single 500 GB disk is recommended for the airgap server, which is upgraded for storing multiple versions of repositories.

  3. Power ON the new Airgap server and configure it as follows:
    1. Ensure that FQDN and IP address of the new airgap server are the same as the existing airgap server installed in the Telco Cloud Automation environment.

      After the server boots for the first time, log in with the default credentials (user: root, password: changeme) and change the password when prompted.

      For Static IP:

      vi /etc/systemd/network/##-eth0-static.network

      For Hostname:

      vi /etc/hostname and update it with FQDN.
    2. Install the tar package using the #tdnf install tar -y command.
  4. Set up the Airgap Server.
    1. On an Internet-accessible machine, download the VMware-Telco-Cloud-Automation-airgap-files-2.1.0-<build-number>.tar.gz file from the VMware Downloads page and extract it to the /root/ folder.
    2. Create a copy of the setup-user-inputs.yml file as user-inputs.yml.
      #cd /root/airgap/scripts/vars/
      #cp setup-user-inputs.yml user-inputs.yml
    3. Update the following parameters in the user-inputs.yml file:
      #1. General Configurations
        - name: "tca"
          versions: "2.1.0"
      server_fqdn: <user Airgap FQDN name>
      root: /root/airgap/
      #2. Additional Disk Configurations
      single_disk: True
      #3. Server Certificate Configurations 
      #False: customer bring certificate
      #True: Playbook will generate a private root CA
      auto_generate: False
      server_cert_path: /root/certs/FQDN.cert
      server_cert_key_path: /root/certs/FQDN.key
      ca_cert_path: /root/certs/ca.crt
      #4. Harbor Configurations
      harbor_password: <Admin user password for Airgap>
    4. Copy the backed-up certificates of the existing airgap server to the new airgap server under the /root/certs/ folder.
    5. Prepare the Airgap server and download all the required repositories using the following commands:
      #cd /root/airgap/
      #scripts/bin/run.sh setup

      Depending on the number of repositories you download from the Internet, this command takes 3-6 hours to run.

  5. Move the new Airgap server from the Internet-accessible environment to Internet-restricted environment:
    1. Power OFF and export the Airgap server into the OVA format. See Export and Transfer Airgap Server OVA to Internet-Restricted Environment. Alternatively, if you are using proxy or dual arm network, export of Airgap server VM is not required.
    2. Deploy the Airgap server from the Airgap OVA.

      To prepare the system for the target environment, define the environment-related parameters in the user-input.yml file and run the Ansible Playbook.

      In the deploy phase, use the deploy-user-inputs.yml as a template for storing customization parameters:

      Create a copy of the deploy-user-inputs.yml file as user-inputs.yml root@photon-machine [ ~/airgap/scripts/vars ]# cp deploy-user-inputs.yml user-inputs.yml

      Customization parameters include:

      #1. General Configurations
      server_fqdn: FQDN
      root: /root/airgap/
      #2. Network Configurations
      iface_name: eth0
      dhcp: False
      #3. Server Certificate Configurations
      #False: customer bring certificate.
      #True: Playbook will generate a private root CA.
      auto_generate: False
      server_cert_path: /root/certs/FQDN.cert
      server_cert_key_path: /root/certs/FQDN.key
      ca_cert_path: /root/certs/ca.crt
      #4. Harbor Configurations
      # Password must be the same that you specified in the setup-user-inputs.yml file. 
      harbor_password: <Admin user password for Airgap>
    3. Customize the airgap server by running the following deploy.yml file.
      root@photon-machine [ ~/airgap ]# scripts/bin/run.sh deploy

      This command reconfigures the Airgap server with updated details mentioned in Step 5b.

What to do next

Validate the Airgap Server Setup.