Skip to content

Preparing the Assets VM#

The Assets VM will run as a single Virtual Machine inside the Air-Gapped environment. This VM will hold all of the assets and can be used across multiple deployments and EDA versions, containing the assets for multiple versions.

These steps help create the Assets VM from a base Talos VM image for KVM or VMware, rebuild it with the local cache needed to deploy the VM, Kubernetes and the Assets VM Services in the Air-Gapped environment.

Caution

This applies to the Public environment, and is executed in the public tools-system

Preparing to create the Assets VM image#

Before creating the Assets VM Image for a specific environment, the following steps need to be taken:

  1. Go to the correct directory in the edaadm repository.

    In the edaadm repository that you have cloned or downloaded, go to the bundles folder.

    cd path/to/edaadm-repository/bundles

  2. Log in to ghcr.io with docker so the system can pull private images from ghcr.io.

    Log in with a user account that has access to images hosted by Nokia EDA; for example, the nokia-eda-bot user.

    docker login ghcr.io -u nokia-eda-bot
    Getting the password/token for the nokia-eda-bot user

    The token (password) for the nokia-eda-bot user is present in every bundle file in the edaadm repository, where it is twice encoded using base64.

    This token is a read-only token and is not a secret, no sensitive information is accessible using this token.

  3. Prepare the image cache for the Assets VM.

    This step downloads and prepares an image cache from which the Assets VM is built.

     make create-assets-host-bootstrap-image-cache

Creating the KVM Assets VM Image#

Note

This is only needed if you plan to deploy the Assets VM on KVM.

Follow these steps to create the Assets VM Image for KVM. This will generate an ISO file based on the Talos VM base image containing a local cache. This image is different from the base Talos image ISO file that you will use for the EDA Kubernetes VMs, but is based on it.

  1. Go to the correct directory in the edaadm repository.

    In the edaadm repository that you have cloned or downloaded, go to the bundles folder.

    cd path/to/edaadm-repository/bundles

  2. Generate the Assets VM ISO for KVM.

    Execute the following command to generate the KVM Talos ISO for the Assets VM.

    make create-asset-vm-nocloud-boot-iso

    The output should look similar to:

    --> INFO: List of goals: create-asset-vm-nocloud-boot-iso
docker pull ghcr.io/siderolabs/imager:v1.9.2
v1.9.2: Pulling from siderolabs/imager
Digest: sha256:b99d29d04df9eea89d50cb0d13d57e1e035e54cbd9970a26af99b18154e443a9
Status: Image is up to date for ghcr.io/siderolabs/imager:v1.9.2
ghcr.io/siderolabs/imager:v1.9.2
skipped pulling overlay (no overlay)
profile ready:
arch: amd64
platform: nocloud
secureboot: false
version: v1.9.2
input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
    imageRef: ghcr.io/siderolabs/installer:v1.9.2
  imageCache:
    imageRef: ""
    ociPath: /image-cache.oci
output:
  kind: iso
  imageOptions:
    diskSize: 2147483648
  outFormat: raw
skipped initramfs rebuild (no system extensions)
kernel command line: talos.platform=nocloud console=tty1 console=ttyS0 net.ifnames=0 talos.halt_if_installed=1 init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512
ISO ready
output asset path: /out/nocloud-amd64.iso

  3. Rename the KVM Assets VM image.

    Rename the generated image to a convenient name so that you can copy or use it in the future.

    mv eda-cargo/talos-asset-vm-boot-imgs/nocloud-amd64.iso eda-cargo/talos-asset-vm-boot-imgs/eda-asset-vm-nocloud-amd64.iso

Creating the VMware Assets VM Image#

Note

This is only needed if you plan to deploy the Assets VM on VMware vSphere.

Follow these steps to create the Assets VM Image for VMware vSphere. This will generate an ISO file based on the Talos VM base image containing a local cache. This image is different from the base Talos image ISO file that you will use for the EDA Kubernetes VMs, but is based on it.

  1. Go to the correct directory in the edaadm repository.

    In the edaadm repository that you have cloned or downloaded, go to the bundles folder.

    cd path/to/edaadm-repository/bundles

  2. Generate the Assets VM OVA for VMware vSphere.

    Execute the following command to generate the VMware vSphere Talos OVA for the Assets VM.

    make create-asset-vm-vmware-boot-ova

    The output should look similar to:

    --> INFO: List of goals: create-asset-vm-vmware-boot-ova
docker pull ghcr.io/siderolabs/imager:v1.9.2
v1.9.2: Pulling from siderolabs/imager
Digest: sha256:b99d29d04df9eea89d50cb0d13d57e1e035e54cbd9970a26af99b18154e443a9
Status: Image is up to date for ghcr.io/siderolabs/imager:v1.9.2
ghcr.io/siderolabs/imager:v1.9.2
skipped pulling overlay (no overlay)
profile ready:
arch: amd64
platform: vmware
secureboot: false
version: v1.9.2
input:
  kernel:
    path: /usr/install/amd64/vmlinuz
  initramfs:
    path: /usr/install/amd64/initramfs.xz
  baseInstaller:
    imageRef: ghcr.io/siderolabs/installer:v1.9.2
  imageCache:
    imageRef: ""
    ociPath: /image-cache.oci
output:
  kind: image
  imageOptions:
    diskSize: 2147483648
    diskFormat: ova
  outFormat: raw
skipped initramfs rebuild (no system extensions)
kernel command line: talos.platform=vmware talos.config=guestinfo console=tty0 console=ttyS0 earlyprintk=ttyS0,115200 net.ifnames=0 init_on_alloc=1 slab_nomerge pti=on consoleblank=0 nvme_core.io_timeout=4294967295 printk.devkmsg=on ima_template=ima-ng ima_appraise=fix ima_hash=sha512
disk image ready
output asset path: /out/vmware-amd64.ova

  3. Rename the VMware vSphere Assets VM image.

    Rename the generated image to a convenient name so that you can copy or use it in the future.

    mv eda-cargo/talos-asset-vm-boot-imgs/vmware-amd64.ova eda-cargo/talos-asset-vm-boot-imgs/eda-asset-vm-vmware-amd64.ova