Deploy the Apstra Edge Container

Follow these steps to set up the container environment and install the Edge container using a local image. Note that the latest Apstra Edge version is 0.0.78. This Edge version supports the latest Data Center Assurance features, such as Service Awareness, Impact Analysis, and Dashboard.

Note:

This setup process uses Apstra Edge distribution version 0.0.78. The version that you download might be a more recent version. For information about DCA compatibility, see Data Center Assurance Compatibility.

Untar the tar.gz file that you downloaded.

Note:
You can download and install the Edge file on the same VM as the Apstra Server, or a separate VM. For this example, the Edge file is installed on the same VM as the Apstra Server. The Apstra Edge must have connectivity to both Apstra and DCA.

This creates the following directory: apstra-edge-0.0.78.
Modify the following lines in the docker-compose.yml file. Enter ep-term.ai.juniper.net for the CLOUD_TERM.
This registration code is retrieved from Step 3 in the Adopt the Apstra Edge and Enable Apstra Flow section, after adopting the Edge. The registration code registers the Apstra Edge with Data Center Assurance.

Note:
The Apstra Edge uses the registration code to retrieve unique organization ID, secret, and device ID during Edge installation. These IDs must be stored securely as they cannot be retrieved after the initial setup is complete.

The CLOUD_TERM is the service that runs in the cloud, which is the entry point for any connectivity for any Edge component to communicate with the cloud.

For a list of internal configuration variables and their functions, see Internal Variables for Apstra Edge Cloud Services Configuration.

Note:
These variables are meant for internal use and are not required to set up the Edge component. We do not recommend overriding these variables in production.
Create a directory for installing the Edge container. Copy the docker-compose-0.0.78.yml file from the tar.gz. and rename it to docker-compose.yml.

Copy the container file into the apstra_edge directory.

(Optional) Verify that no existing image is present.

Load the Docker image.

Verify that the apstra-edge image is loaded.

We recommend that you replace the Apstra self-signed certificate with a publicly-signed certificate. To proceed with a publicly-signed certificate, follow the directions at, Replace the SSL Certificate of Apstra's Nginx Controller.

The Apstra Edge connects to the Apstra controller using the management URL provided in the Data Center Assurance entitlement process. This management URL is configured with an IP address. The Apstra controller requires an SSL certificate with a Subject Alternative Name containing this IP.
(Optional) To proceed with the self-signed certificate on the Apstra controller instead of a publicly-signed certificate, you must add the following line (- AOS_INSECURE_SKIP_VERIFY=true) to the docker-compose.yml file after the two environment variables that you previously entered (REGISTRATION_KEY=<registration-code>, CLOUD_TERM=ep-term.ai.juniper.net):
Note:
You must perform Steps 9 and 10 regardless of whether you use a self-signed certificate or a publicly-signed certificate for the Apstra controller.

Copy the EP-Term SSL certificate to the correct directory, and add read/write permissions. This enables the Apstra Edge to validate SSL certs for server authentication.

Update the certificates.

Spin up the Docker Edge container from the apstra_edge directory.
The docker compose up -d command initializes the services listed in docker-compose.yml file. Applying the .yml file also creates a volume named apstra_edge_apstra_edge_store/. This volume is mounted at /var/lib/docker/volumes/apstra_edge_apstra_edge_store/_data/.
Note:
The Data Center Assurance instance supports both docker compose and docker-compose commands.

Note:
You must run the docker compose up -d command from within the same directory where the docker-compose.yml is located. The file must also be named docker-compose.yml or the command will not work as intended.

Note:
Ensure that you back up /var/lib/docker/volumes/apstra_edge_apstra_edge_store/_data/. The Edge instance uses this mount to restart connectivity in the event of a system crash.
Note:
IMPORTANT: During the first boot of the Apstra Edge container, it will perform a one-time registration process using the provided registration code. This process generates a unique secret necessary for authentication between the Edge instance and the CLOUD_TERM service. After this initial registration process, the registration code is invalid. Subsequent starts or restarts of the Apstra Edge instance use the secret to connect to the CLOUD_TERM service.
From the UI, verify the following statuses:

Note:
If any of these statuses show Disconnected, an error message appears when you hover over the status text.
- Cloud Connectivity is Connected: The connection status between the Apstra Edge container and Data Center Assurance.
- Apstra Connectivity is Connected: The connection status of the Apstra Edge container to the Apstra Edge instance.
Verify that Data Center Assurance is querying the new Edge instance with Apstra Flow.
In the DCA UI, a Service Aware and Impact Analysis tab should be visible. Note that these tabs might not appear immediately.

(Optional) Verify that the Docker volume was successfully created.

(Optional) View event logs.

To stop the container, use the following command:

To restart a stopped Edge container, run the following command:
The Apstra Edge container is initialized, and the Edge instance is running. For additional information about the features and operation of the Apstra Edge Instance, see the Data Center Assurance User Guide.
For post-setup verification, actions, and troubleshooting, see Apstra Edge Post-Setup: Config Changes and Troubleshooting.