Deploy the Apstra Edge Container
Follow these steps to set up the container environment and install the Edge container using a local image.
This setup process uses Apstra Edge distribution version 0.0.36_1. The version that you download might be a more recent version. For information about DCA compatibility, see Juniper Data Center Assurance Compatibility.
-
Untar the tar.gz file that you downloaded.
This creates the following directory:
apstra-edge-0.0.36.root@user:~# tar -xvzf apstra-edge_4.2.1_0.0.36_1.tar.gz apstra-edge-0.0.36/ apstra-edge-0.0.36/ssl-keys/ apstra-edge-0.0.36/ssl-keys/ep-term.ai.juniper.net.cer apstra-edge-0.0.36/docker-compose-0.0.36.yml apstra-edge-0.0.36/apstra-edge-container-0.0.36.tgz
-
Add the minimum required environment variables to the
docker-compose.ymlfile.root@user:~# cd apstra-edge-0.0.36/ root@user:~# vi docker-compose-0.0.36.yml - REGISTRATION_KEY=<registration-code> - CLOUD_TERM=ep-term.ai.juniper.net
This registration code is retrieved from Step 3 in the Adopt the Apstra Edge section, after adopting the Edge. The registration code registers the Apstra Edge with Data Center Assurance. If this is your first time setting up the Apstra Edge, you might have to create an account. For more information, see User Activation and Login.Note:The Apstra Edge uses the registration code to retrieve unique organization ID, secret, and device ID during Edge installation. These IDs must be stored securely as they cannot be retrieved after the initial setup is complete.
TheCLOUD_TERMis the service that runs in the cloud, which is the entry point for any connectivity for any edge component to communicate with the the cloud.For a list of internal configuration variables and their functions, see Internal Variables for Data Center Assurance Configuration.
Note:These variables are meant for internal use and are not required to set up the Edge component. We do not recommend overriding these variables in production.
-
Create a directory for installing the Edge container and copy the
docker-compose.ymlfile from the tar.gz.root@user:~# mkdir apstra_edge root@user:~# cp apstra-edge-0.0.36/docker-compose-0.0.36.yml apstra_edge/docker-compose.yml
-
Copy the container file into the
apstra_edgedirectory.root@user:~# cp apstra-edge-0.0.36/apstra-edge-container-0.0.36.tgz apstra_edge/ root@user:~/home/apstra-edge-0.0.36$ cd apstra_edge/ root@user:~/home/apstra-edge-0.0.36/apstra_edge$ ls apstra-edge-container-0.0.36.tgz docker-compose.yml
-
Load the Docker image.
root@user:~# cd apstra_edge
root@user:/apstra_edge# docker load < apstra-edge-container-0.0.36.tgz 7429ea606615: Loading layer [==================================================>] 2.56kB/2.56kB 10997ab1dcf0: Loading layer [==================================================>] 19.75MB/19.75MB 8f08153193c2: Loading layer [==================================================>] 3.072kB/3.072kB 447895a64213: Loading layer [==================================================>] 4.608kB/4.608kB 4603e347f9f2: Loading layer [==================================================>] 9.875MB/9.875MB ab9f29f8f678: Loading layer [==================================================>] 9.876MB/9.876MB 545cccdbd988: Loading layer [==================================================>] 3.072kB/3.072kB 33c503d165ee: Loading layer [==================================================>] 6.144kB/6.144kB ecaeb0222eb9: Loading layer [==================================================>] 3.256MB/3.256MB 7c87e1361384: Loading layer [==================================================>] 9.878MB/9.878MB f9979c7efaff: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: apstra-edge:0.0.36
Note:If the
docker load < apstra-edge-container-0.0.36.tgzdoesn't work, you can add the-ioption:docker load -i apstra-edge-container-0.0.36.tgz. -
Verify that the
apstra-edgeimage is loaded.root@user:/apstra_edge# docker images |grep edge apstra-edge 0.0.36 f0fb5593860a 2 weeks ago 242MB
-
We recommend that you replace the Apstra self-signed certificate with a publicly-signed
certificate. To proceed with a publicly-signed certificate, follow the directions at,
Replace the SSL Certificate of Apstra's Nginx Controller.
The Apstra Edge connects to the Apstra controller using the management URL provided in the Data Center Assurance entitlement process. This management URL is configured with an IP address. The Apstra controller requires an SSL certificate with a Subject Alternative Name containing this IP.
-
(Optional) To proceed with the self-signed certificate on the Apstra controller instead
of a publicly-signed certificate, you must add the following line (
- AOS_INSECURE_SKIP_VERIFY=true) to thedocker-compose.ymlfile after the two environment variables that you previously entered (REGISTRATION_KEY=<registration-code>,CLOUD_TERM=ep-term.ai.juniper.net):root@user:~# vi docker-compose.yml - REGISTRATION_KEY=<registration-code> - CLOUD_TERM=ep-term.ai.juniper.net - AOS_INSECURE_SKIP_VERIFY=true
Note:You must perform Steps 9 and 10 regardless of whether you use a self-signed certificate or a publicly-signed certificate for the Apstra controller.
-
Copy the
EP-TermSSL certificate to the correct directory, and add read/write permissions. This enables the Apstra Edge to validate SSL certs for server authentication.root@user:~# cd /etc/ssl/certs root@user:/etc/ssl/certs# sudo cp ~/apstra-edge-0.0.36/ssl-keys/ep-term.ai.juniper.net.cer . root@user:/etc/ssl/certs# sudo chmod 644 ep-term.ai.juniper.net.cer
-
Update the certificates.
root@user:/etc/ssl/certs# sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
-
Spin up the Docker Edge container from the
apstra_edgedirectory.Thedocker compose up -dcommand initializes the services listed indocker-compose.ymlfile. Applying the .yml file also creates a volume namedapstra_edge_apstra_edge_store/. This volume is mounted at/var/lib/docker/volumes/apstra_edge_apstra_edge_store/_data/.Note:You must run the
docker compose up -dcommand from within the same directory where thedocker-compose.ymlis located. The file must also be nameddocker-compose.ymlor the command will not work as intended.Note:Ensure that you back up
/var/lib/docker/volumes/apstra_edge_apstra_edge_store/_data/. The Edge instance uses this mount to restart connectivity in the event of a system crash.root@user:~/home/apstra-edge-0.0.36/apstra_edge$ docker compose up -d [+] Running 2/2 ⠿ Volume "apstra_edge_apstra_edge_store" Created 0.0s ⠿ Container apstra-edge Started 0.3s root@user:~/home/apstra-edge-0.0.36/apstra_edge$
Note:IMPORTANT: During the first boot of the Apstra Edge container, it will perform a one-time registration process using the provided registration code. This process generates a unique
secretnecessary for authentication between the Edge instance and the CLOUD_TERM service.After this initial registration process, the registration code is invalid. Subsequent starts or restarts of the Apstra Edge instance use the
secretto connect to the CLOUD_TERM service. -
Verify that the Apstra Edge is connected to Data Center Assurance.
Note:
This command verifies the following three clients:
AOSHTTPClient - CreationInfostatus should beCreateSuccess.AuthInfoshould showAuthenticated. This is the client that connects to Data Center Assurance through the management URL provided in the UI. If creation statuses are not successful, there is an internal problem, most likely due to incorrect credentials or providing the wrong URL during Edge onboarding. Enter the correct information in the Inventory tab in the UI for your Edge.WebSocketForwarderstatus should beConnectedandAuthenticated. This is the client that connects the Edge instance to the Cloud Term service. If statuses are not correct, possible issues are an incorrect epterm address provided in thedocker-compose.yml, SSL key not installed in the local host, or a hostname mismatch for epterm in the SSL key.StreamsForwarderstatus should beInitorConnected. This client listens to stream messages from thestreaming-config-objectconfigured in the Apstra controller.
root@user:~/home/apstra-edge-0.0.36/apstra_edge$ curl http://localhost:8081/api/status | jq % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 1412 100 1412 0 0 792k 0 --:--:-- --:--:-- --:--:-- 1378k { "AOSHTTPClient": { "CreationInfo": { "status": "CreateSuccess", "err_message": "" }, "AuthInfo": { "status": "Authenticated", "err_message": "" }, "MessageCounters": { "get_requested_count": 5, "get_response_received_count": 5, "post_requested_count": 1, "post_response_received_count": 1, "client_recreated_count": 3163 } }, "AnomaliesForwarder": { "blueprint_received_count": 0, "anomalies_received_count": 0, "anomalies_forwarded_count": 0 }, "BlueprintsForwarder": { "blueprint_received_count": 0, "blueprint_forwarded_count": 0 }, "CloudStatusForwarder": { "messages_received_count": 9497, "messages_sent_count": 9497 }, "ProbesForwarder": { "blueprints_received_count": 0, "probe_received_count": 0, "probe_forwarded_count": 0 }, "ProxyRequestProcessor": { "aos_request_sent_count": 0, "aos_response_received_count": 0, "proxy_request_received_count": 0, "proxy_request_responded_count": 0 }, "StreamsForwarder": { "ConnectionInfo": { "status": "Connected", "err_message": "" }, "MessageCounters": { "messages_received_count": 0, "messages_sent_count": 0 } }, "TransactionManager": { "TransactionAddedCount": 22162, "TransactionsProcessedCount": 22162, "TransactionsRegisteredCount": 22162, "TransactionsUnregisteredCount": 22162, "TransactionNotFoundCount": 0, "TransactionNotAckedCount": 0 }, "WebSocketForwarder": { "ConnectionInfo": { "status": "Connected", "err_message": "" }, "AuthInfo": { "status": "Authenticated", "err_message": "" }, "MessageCounters": { "messages_received_count": 22160, "messages_sent_count": 22162 } } } -
(Optional) Verify that the Docker volume was successfully created.
root@user:~/apstra_edge# docker volume ls | grep apstra_edge local apstra_edge_apstra_edge_store
-
(Optional) View event logs.
root@user:~/apstra_edge# docker logs --tail 10 -f apstra-edge
-
From the UI under the Inventory tab, verify the following statuses:
Note:
If any of these statuses show Disconnected, an error message appears when you hover over the status text.
- Cloud Connectivity is Connected: The connection status between the Apstra Edge container and Data Center Assurance.
- Apstra Connectivity is Connected: The connection status of the Apstra Edge container to the Apstra Edge instance.
-
To stop the container, use the following command:
root@user:~/apstra_edge# docker compose down Stopping apstra-edge ... done Removing apstra-edge ... done
-
To restart a stopped Edge container, run the following command:
root@user:~/apstra_edge# docker compose up -d Creating apstra-edge ... done
For post-setup verification, actions, and troubleshooting, see Apstra Edge Post-Setup: Config Changes and Troubleshooting.