SUSE Edge Airgap Tool created to make the airgap process easier for SUSE Edge for telco deployments.
- Read the info from the airgap manifest file.
- Create a tarball for rke2 release tarball files (required to be used in capi airgap scenarios).
- Upload the helm-charts oci images defined in the release manifest to the private registry .
- Upload the containers images defined in the release manifest to the private registry.
- Helm 3 installed on the machine. You can install it using:
curl https://raw.githubusercontent.com/helm/helm/main/scripts/get-helm-3 | bashClone the repository and build the tool using the following command:
make compile- If your private registry is auth based, create your own registry auth file with the following format:
<username_bas64encoded>:<password_base64encoded>for example you can generate both using
echo -n "myuser" | base64
echo -n "mypassword" | base64
-
If your private registry is using a self-signed certificate, create a CA certificate file and provide the path to the tool.
-
Rancher Apps charts require authentication. Create a Rancher Apps auth file with the same base64
user:passformat described above. See SUSE Storage installation docs.
The following command can be used to mirror the airgap artifacts
Usage:
seactl mirror [flags]
Flags:
-h, --help help for mirror
-i, --input string Release manifest file
-k, --insecure Skip TLS verification in registry
-o, --output string Output directory to store the tarball files
-a, --registry-authfile string Registry Auth file with username:password base64 encoded
--rancher-apps-authfile string Rancher Apps registry auth file with username:password base64 encoded
-c, --registry-cacert string Registry CA Certificate file
-r, --registry-url string Registry URL
-d, --dryrun Dry run mode, only print the actions without executing them
-m, --release-mode string Release mode, can be 'factory' or 'production' (default "factory"). Only used if release-version is provided.
-v, --release-version string Release version, e.g. 3.4.0 (X.Y.Z). Start Binary Mode if provided.
--debug Debug mode with more logs verbosityIn this mode, you provide the release-version and release-mode flags. The tool will download the necessary manifests from the remote release source.
Example:
seactl mirror -v 3.4.0 -m factory -o /tmp/airgap --rancher-apps-authfile rancher-auth.txt -a registry-auth.txt -c /opt/certs/ca.crt -r myregistry:5000In this mode, you omit the release-version flag. The tool expects to find /release_manifest.yaml and /release_images.yaml in the local filesystem root (intended for containerized usage where these files are present).
Example:
seactl mirror -o /tmp/airgap --rancher-apps-authfile rancher-auth.txt -a registry-auth.txt -c /opt/certs/ca.crt -r myregistry:5000Check the installed version:
seactl --versionseactl mirror -v 3.4.0 -m production -o /tmp/airgap --rancher-apps-authfile rancher-auth.txt -a registry-auth.txt -r myregistry:5000 --insecure --debug./seactl mirror -v 3.4.0 -m production -o ./tmp/airgap -r localhost:3000 -d true# This mode assumes /release_manifest.yaml and /release_images.yaml exist locally (e.g. inside the container)
podman run <image id> mirror -o /tmp/airgap --rancher-apps-authfile rancher-auth.txt -a registry-auth.txt -r myregistry:5000 --insecure --debugexport HTTPS_PROXY=http://10.X.X.X:3128
./seactl mirror -v 3.4.0 -m factory -o /tmp/airgap --rancher-apps-authfile rancher-auth.txt -a registry-auth.txt -c /opt/certs/ca.crt -r myregistry:5000- Update the version in the Makefile variable
VERSIONonly. - Build with
make buildormake compileto inject the version into the binary. - Create a git tag with
make tag(usesv$(VERSION)).
Follow semantic versioning for every change:
- Patch: bug fixes, no breaking changes.
- Minor: new features, backward compatible.
- Major: breaking changes.