Updating Photon-RT Kernel Versions for an Air-gapped Environment
search cancel

Updating Photon-RT Kernel Versions for an Air-gapped Environment

book

Article ID: 325416

calendar_today

Updated On:

Products

VMware Telco Cloud Automation

Issue/Introduction

Telco Cloud Automation (TCA) systems configured in an Internet-restricted or air-gapped environment it is necessary to update the Photon linux-rt kernel versions. These kernel updates address requirements such as enabling kernel config options or additional kernel modules to support partner workloads and bug fixes to resolve issues reported by a partner.
These kernel versions are released by the Photon OS team; TCA needs to allow them, while customizing a node for Network Function onboarding.

Environment

2.x

Resolution

Note: Ensure the TCA system has been enabled with the required Photon-RT kernel versions following the steps in: Enabling Additional Photon-RT Kernel Versions


For air-gapped environments with Internet access:

If the DPDK image is not currently stored on the airg-apped server, it needs to sync the image before attempting the steps in Enabling Additional Photon-RT Kernel Versions

  1. First, run the following commands to sync the DPDK image to the air-gapped server:

docker pull vmwaresaas.jfrog.io/registry/dpdk:imageTag 
docker tag vmwaresaas.jfrog.io/registry/dpdk:imageTag airgapFQDN:8043/registry/dpdk:imageTag 
docker push airgappedFQDN:8043/registry/dpdk:imageTag
docker rmi airgappedFQDN:8043/registry/dpdk:imageTag

Note: Replace imageTag and airgappedFQDN with a valid kernel version imageTag name as well as the actual FQDN for the airg-apped server.

Next, execute the following commands from the air-gapped server's SSH session, to resync the air-gapped server to the remote repo:

tdnf reposync -v --download-metadata --disablerepo=* --enablerepo=photon-updates --delete --download-path /photon-reps/updates 2>&1
tdnf reposync -v --download-metadata --disablerepo=* --enablerepo=photon-telco-updates --delete --download-path /photon-reps/updates 2>&1
chown -R nobody:nogroup /photon-reps

Then, execute the following commands from any Kubernetes node, including a worker node: 

tdnf makecache

 

For Internet-restricted air-gapped environments

  • Update the air-gapped server with the latest images and RPM files
  • Update TCA-M to enable additional Photon-RT kernel versions
  • Update the CSAR package with the newly added kernel version from TCA-M
  1. Download the required images from the VMware repository. You can use any Linux virtual machine that has docker installed and running.
    1. Run the following commands to save the images from the public repository: 
      docker save vmwaresaas.jfrog.io/docker-staging/dpdk:linux-rt-4.19.198-18.ph3 > dpdk:linux-rt-4.19.198-18.ph3.tar.gz
    2. Run this command to check the size of the tar file:  
      du -h vmwaresaas.jfrog.io/docker-staging/dpdk:linux-rt-4.19.198-18.ph3
    3. If issues are encountered with the public repo while saving the file, use the below commands and execute them from the latest air-gapped server: 
      # docker image list | grep -i 198-13
vmwaresaas.jfrog.io/registry/dpdk  linux-rt-4.19.198-18.ph3  51c872b55e0e   3 weeks ago 7.76MB
vmwaresaas.jfrog.io/cnf-airgap-docker-local/dpdk linux-rt-4.19.198-18.ph3 51c872b55e0e 3 weeks ago 7.76MB

# docker save -o /root/dpdk:linux-rt-4.19.198-18.ph3.tar.gz vmwaresaas.jfrog.io/cnf-airgap-docker-local/dpdk
    4. Transfer the file dpdk:linux-rt-4.19.198-18.ph3.tar.gz to the air-gapped server in the isolated environment using WinSCP or scp.
    5. Download and copy the following linux-rt kernel binaries onto the air-gapped server, placing them into the /photon-reps/updates/photon-telco-updates/x86_64 folder:
      linux-rt-docs-4.19.198-18.ph3.x86_64.rpm
      linux-rt-devel-4.19.198-18.ph3.x86_64.rpm
      linux-rt-4.19.198-18.ph3.x86_64.rpm


      Download and copy the following driver sub-packages required by Photon kernel (ice and iavf are required for 198-18 and later):
      linux-rt-drivers-intel-iavf-4.4.2-4.19.198-18.ph3.x86_64.rpm
      linux-rt-drivers-intel-ice-1.6.4-4.19.198-18.ph3.x86_64.rpm

      These files can be downloaded from: https://packages.vmware.com/photon/photon_telco/3.0/photon_updates_3.0_x86_64/x86_64/
    6. Transfer other required files like stalld and tuned to the air-gapped server in the isolated environment and ensure that the files are copied into folder /photon-reps/updates/photon-updates/x86_64. These files can be downloaded from: https://packages.vmware.com/photon/3.0/photon_updates_3.0_x86_64/noarch/
       
  2. Execute the following commands from the air-gapped server which does not have Internet access:
    1. SSH into the air-gapped server node and then navigate to the folder where the above images/RPMs were copied to.
       
    2. Execute the following commands from the air-gapped server's SSH session. In this example tca-ag.telcocloud.local is the air-gapped server's FQDN:  
      docker load < dpdk:linux-rt-4.19.198-18.ph3.tar.gz
docker image list | grep 198.*
docker tag vmwaresaas.jfrog.io/docker-staging/dpdk:linux-rt-4.19.198-18.ph3 tca-ag.telcocloud.local:8043/registry/dpdk:linux-rt-4.19.198-18.ph3
      Ensure that the newly added image is tagged with the air-gapped server's FQDN: 
      docker image list | grep 198.*
docker push tca-ag.telcocloud.local:8043/registry/dpdk:linux-rt-4.19.198-18.ph3
    3. Using a browser, access the air-gapped server's Harbor registry using the air-gapped server's FQDN and ensure that the newly added image is displayed under the registry project.
       
  3. Execute the following commands from the air-gapped server's SSH session to update the newly-added RPM binaries in the air-gapped server: 
    createrepo -po /photon-reps/updates/photon-telco-updates /photon-reps/updates/photon-telco-updates/
createrepo -po /photon-reps/updates/photon-updates /photon-reps/updates/photon-updates
    Ensure the permission for all folders under photon-telco-updates (eg. repodata, x86_64) are set to ownership nobody:nogroup: 
    chown -R nobody:nogroup /photon-reps/updates/photon-telco-updates
    Do the same for all folders under photon-updates: 
    chown -R nobody:nogroup /photon-reps/updates/photon-updates
  4. Execute the following commands from any Kubernetes node, including a worker node: 
    tdnf makecache
    Note: If any issue is observed in the output, please run the previous two chown commands again from the air-gapped server, then re-execute this command from the Kubernetes worker node.
     
  5. Execute this command to verify if the worker node can access the required linuxrt-kernel files from the air-gapped server:  
    sudo tdnf list linux-rt | grep 4.19.198-18
  6. Follow Enabling Additional Photon-RT Kernel Versions or the step-by-step procedure.
  7. If there are any issues while executing the API command to fetch the x-hm-authorization token ID with Postman client, please use the TCA API URL: https://TCA-Ip or FQDN/hybridity/docs/index.html and then click on Platform and use the POST method.
  8. Upload/Onboard the CSAR from the TCA-M UI.
  9. Edit the CSAR and then select the appropriate kernel version by editing the Infrastructure tab.
  10. Add the appropriate packages like stalld, pciutils, tuned and other required packages, including version, under custom packages.
  11. Make any other changes to the CSAR as required.
  12. Instantiate the CNF and monitor the status of node customization.
  13. Once completed, verify node customization from the worker node to ensure all intended settings are applied, packages have been installed, and services are running, as per the applied CSAR.
Powered by Wolken Software