Virtual appliance in an air gap environment

This procedure applies only when you install the virtual appliance (ova file) in an air gap environment.

About this task

The procedure assumes you have a private repository as described in Private repository.

Downloading the files

About this task

Before you install the App Host software, you need to access the Internet from a system outside the air gap environment to download files and access images for your private repository.

Procedure

  1. Download the App Host virtual appliance file from IBM®® Passport Advantage® or IBM Support Fix Central. If you download from IBM Passport Advantage, you need to download the security updates file, apphost-appliance-security-update-<version>.run, from IBM Fix Central.
  2. Download the appropriate k3s-airgap-images .tar file for your repository from the Rancher releases page.
    • The App Host uses the k3 v1.23.6+k3s1 images. When you download the k3 .tar file, make sure to select the v1.23.6+k3s1 release.
    • From the various k3s-airgap-images .tar files, choose the one that is required by your repository.
  3. Copy and tag the App Host images from quay to your private repository. Make sure that the name of the repository is ibmresilient.
    Note: The procedure to copy the images to your repository depends on your private repository.
    The following code is an example that uses docker. In the example, you need to know the version of the App Host software you intend to install.
    docker pull quay.io/ibmresilient/apps-synchronizer:<apphost-version>
docker pull quay.io/ibmresilient/apps-operator:<apphost-version>

docker tag quay.io/ibmresilient/apps-synchronizer:<apphost-version> <registry-domain-name>/ibmresilient/apps-synchronizer:<apphost-version>
docker tag quay.io/ibmresilient/apps-operator:<apphost-version> <registry-domain-name>/ibmresilient/apps-operator:<apphost-version>

docker push <registry-domain-name>/ibmresilient/apps-synchronizer:<apphost-version>
docker push <registry-domain-name>/ibmresilient/apps-operator:<apphost-version>

Installing the files

Procedure

  1. Follow the procedure in Virtual appliance to install the virtual appliance.
  2. Log in as a privileged user to the system that hosts the App Host software.
  3. Copy the downloaded App Host, k3s-airgap-images, and private repository self-signed cert (domain.crt) files to this system.
  4. Add the private repository self-signed cert (domain.crt) to the trust certificates. 
    cp <cert_file> /etc/pki/ca-trust/source/anchors
update-ca-trust extract

    If it is a certificate chain, add the root certificate to trusted certs.

  5. If the DNS name cannot be resolved, add the domain to /etc/hosts. 
    192.168.xxx.1 <registry_dns_name>
  6. Place the k3s-airgap-images .tar file in the images directory. 
    sudo mkdir -p /var/lib/rancher/k3s/agent/images/
sudo cp <k3s-airgap-images tar file> /var/lib/rancher/k3s/agent/images/
  7. Create the registries.yaml file. 
    sudo vi /etc/rancher/k3s/registries.yaml
    Make sure that there are two mirrors in the registries.yaml file, one for docker.io and another for quay.io. For both mirrors, the endpoint is the private repository URL. See the following example.
    mirrors:
  docker.io:
    endpoint:
      - "<private registry URL>"
  quay.io:
    endpoint:
      - "<private registry URL>"
configs:
  "<private registry URL>":
    auth:
      username: xxx # this is the registry username
      password: xxx # this is the registry password
    tls: # if needed
      cert_file: # path to the cert file used in the registry
      key_file: # path to the key file used in the registry
      ca_file: # path to the ca file used in the registry
  8. Restart the K3s Kubernetes. 
    sudo systemctl restart k3s
  9. Check that all the pods are in the running state. 
    sudo kubectl get pods -A
    If the pods are in error state (ImagePullbackOff or ImagePullError), run the following command.
    sudo kubectl rollout restart deployments -n kube-system
  10. Deploy the App Host containers as described in Create a pairing.
  11. Configure the App Host registry to use the private repository. You need to enter the URL to the repository, also called a registry. If the private repository requires authentication, use the --user option to enter the account username; you are prompted for the password. 
    sudo manageAppHost registry --registry <registry_URL> --user <username>
  12. Again, verify that all pods are in the running state: 
    sudo kubectl get pods -A

Results

The App Host image is successfully installed and configured to use a private repository.

The next step is to deploy App Host instances as described in Create a pairing.