Virtual appliance in an air gap environment

This procedure applies only when you install the virtual appliance (.ova file) in an air gap environment.

About this task

The procedure assumes you have a private repository as described in App Hosts and a private repository.

Downloading the files

About this task

Before you install the App Host software, you need to access the Internet from a system outside the air gap environment to download files and access images for your private repository.

Procedure

  1. Download the App Host virtual appliance file from IBM® Support Fix Central.
  2. Download the appropriate k3s-airgap-images .tar file for your repository from the Rancher releases page:
    1. Log in to your App Host system and check the k3s version using the following command:
      rpm -q k3s
      This returns output similar to the following:
      apphost>rpm -q k3s
      k3s-v1.26.14+k3s1-1.x86_64
      apphost>
      where 1.26.14+k3s1 is the k3s version and x86_64 is the CPU architecture.
    2. Go to https://github.com/k3s-io/k3s/releases and select the correct k3s release version.
    3. From the various k3s-airgap-images .tar files, choose the one that is required by your repository.
  3. Copy and tag the App Host images from quay to your private repository. Make sure that the name of the repository is ibmresilient.
    Note: The procedure to copy the images to your repository depends on your private repository.
    The following code is an example that uses docker. In the example, you need to know the version of the App Host software you intend to install.
    docker pull quay.io/ibmresilient/apps-synchronizer:<apphost-version>
    docker pull quay.io/ibmresilient/apps-operator:<apphost-version>
    
    docker tag quay.io/ibmresilient/apps-synchronizer:<apphost-version> <registry-domain-name>/ibmresilient/apps-synchronizer:<apphost-version>
    docker tag quay.io/ibmresilient/apps-operator:<apphost-version> <registry-domain-name>/ibmresilient/apps-operator:<apphost-version>
    
    docker push <registry-domain-name>/ibmresilient/apps-synchronizer:<apphost-version>
    docker push <registry-domain-name>/ibmresilient/apps-operator:<apphost-version>

Installing the files

Procedure

  1. Follow the procedure in Changed in 51.0.0.0 Installing the virtual appliance to install the virtual appliance.
  2. Log in as a privileged user to the system that hosts the App Host software.
  3. Copy the downloaded App Host, k3s-airgap-images, and private repository self-signed cert (domain.crt) files to this system.
  4. Add the private repository self-signed cert (domain.crt) to the trust certificates.
    cp <cert_file> /etc/pki/ca-trust/source/anchors
    update-ca-trust extract
    

    If it is a certificate chain, add the root certificate to trusted certs.

  5. If the DNS name cannot be resolved, add the domain to /etc/hosts.
    192.168.xxx.1 <registry_dns_name>
  6. Place the k3s-airgap-images .tar file in the images directory.
    sudo mkdir -p /var/lib/rancher/k3s/agent/images/
    sudo cp <k3s-airgap-images tar file> /var/lib/rancher/k3s/agent/images/
  7. Create the registries.yaml file.
    sudo vi /etc/rancher/k3s/registries.yaml
    Make sure that there are two mirrors in the registries.yaml file, one for docker.io and another for quay.io. For both mirrors, the endpoint is the private repository URL. See the following example.
    mirrors:
      docker.io:
        endpoint:
          - "<private registry URL>"
      quay.io:
        endpoint:
          - "<private registry URL>"
    configs:
      "<private registry URL>":
        auth:
          username: xxx # this is the registry username
          password: xxx # this is the registry password
        tls: # if needed
          cert_file: # path to the cert file used in the registry
          key_file: # path to the key file used in the registry
          ca_file: # path to the ca file used in the registry
  8. Restart the K3s Kubernetes.
    sudo systemctl restart k3s
  9. Check that all the pods are in the running state.
    sudo kubectl get pods -A
    If the pods are in error state (ImagePullbackOff or ImagePullError), run the following command.
    sudo kubectl rollout restart deployments -n kube-system
  10. Deploy the App Host containers as described in Create an App Host pairing.
  11. Configure the App Host registry to use the private repository. You need to enter the URL to the repository, also called a registry. If the private repository requires authentication, use the --user option to enter the account username; you are prompted for the password.
    sudo manageAppHost registry --registry <registry_URL> --user <username>
  12. Again, verify that all pods are in the running state:
    sudo kubectl get pods -A

Results

The App Host image is successfully installed and configured to use a private repository.

The next step is to deploy App Host instances as described in Create an App Host pairing.