Airgap policy: Hosts cannot reach the internet but must be able to resolve DNS.
Network and DNS
Hostnames and IPs for all nodes.
VIP for the control plane.
Ensure local DNS or add /etc/hosts entry for the private registry on all nodes.
Size Estimates
Images: ~40 GB
Packages: ~266 MB
Steps to download scripts and package/image lists required for later phases.
Info
The following scripts and lists must be downloaded on the node that has internet access and will be used to create the APT repository and the private image repository.
Script to create an apt repo:
Script to download all the required APT dependencies
Script to push the images to private repo
List of images required
PCD-V images list:
PCD-K images list
DNS Prerequisite for Image and Repo
If the registry hostname is not resolvable in customer DNS, add it to /etc/hosts on each node.
NTP Configuration (Client-Side)
Info
An NTP server must already be available and reachable in the customer’s network.
All nodes must be configured as NTP clients to sync time with this server.
If NTP is not already configured on the client nodes, follow the steps below to point them to the NTP server.
Point node to the existing NTP server:
Restart service:
Verify sync:
Download Required APT Package Dependencies
Download and prepare all required package dependencies on an Ubuntu 22.04 node where your APT repo will run.
Script and Dependency List
The script for downloading the required packages and dependency list should be retrieved as part of the prerequisites.
Steps:
Info
If using HTTPS with a custom CA, install the CA into /usr/local/share/ca-certificates and run update-ca-certificates.
Set Up APT Repository
The script for setting up the APT repo should be retrieved as part of the prerequisites.
Steps to create an APT repo:
Option 1 — HTTP (Insecure)
Initialize the Repository
Add Packages
Configure Clients (on each node)
Option 2 — HTTPS (Secure, Recommended)
Initialize with Self-Signed Cert
OR
Initialize with Custom Cert + Key
Add Packages
Configure Clients (Install CA First If Required)
If the repository was created with a self-signed certificate, the generated cert will be available at:
/etc/nginx/ssl/apt_repo.crt
Copy this certificate to each client node and update the certificate store. If you used your own certificate when creating the APT repo, copy that certificate instead.
Setup Image Repository
Script to setup a Sample Image Repository on a Node:
Testing the Registry Setup (on the same registry node):
Upload Packages to APT Repo
If you’re hosting your own APT repo:
Ensure all packages in dependency_list.txt are present.
Regenerate repo metadata (Packages.gz, Release, InRelease) after any changes.
If using the provided script:
From the repo host, at the repo project root
If your .deb files are in another folder:
The script will:
Copy all .deb files into /var/www/html/my-private-apt-repo/pool/main/
Regenerate Packages.gz and Release
On all the client nodes:
Upload Images to Private Registry
The script used to pull the required images and push them to the custom registry is downloaded as part of the prerequisites. (Note: Docker must be installed for this script to run.)
Additionally, the PCD-V and PCD-K image lists are also downloaded during the prerequisite steps.
Install OpenSSL
On a jumphost with internet access:
Copy to all nodes and install:
Expected output:
OpenSSL 3.0.7 1 Nov 2022 (Library: OpenSSL 3.0.7 1 Nov 2022)
Download Airctl Artifacts
Run on a jumphost with internet access:
Copy all fetched artifacts to one of the master nodes.
Configure and Deploy PCD
Run the installer script:
Create a binary symlink:
Configure Airctl:
Validate configuration:
Deploy components:
Hypervisor Onboarding
Ensure each host has the private APT configured and prerequisites installed.
In the DU, navigate to Infrastructure → Cluster Hosts and click Add Hosts.
