Deploy the Docker Edge Container
Follow these steps to set up the container environment and install the Edge container using a local image. Note that the latest Apstra Edge version is 0.13.2. This Edge version supports the latest Apstra Cloud Services features, such as Service Awareness, Impact Analysis, VM Visibility, and Service Level Expectations.
If you are using Juniper Apstra 5.1.0 or later, you can launch the Edge from within the Apstra GUI. For more information, see Launch Juniper Apstra Cloud Services Edge Docker Containers in Apstra.
If you are using Juniper Apstra 5.0.0 and earlier, you must follow these steps to set up and launch the Edge.
This setup process uses Juniper Apstra Edge distribution version 0.0.78. The version that you download might be a more recent version. For information about ACS compatibility, see Juniper Apstra Cloud Services Compatibility.
-
Untar the tar.gz file that you downloaded.
Note:
You can download and install the Edge file on the same VM as the Apstra Server, or a separate VM. For this example, the Edge file is installed on the same VM as the Apstra Server. The ACS Edge must have connectivity to both Juniper Apstra and ACS.
This creates the following directory:apstra-edge-0.0.78.root@user:~# tar -xvzf apstra-cloud-services-edge_0.0.78.tar.gz apstra-edge-0.0.78/ apstra-edge-0.0.78/docker-compose-0.0.78.yml apstra-edge-0.0.78/ssl-keys/ apstra-edge-0.0.78/ssl-keys/ep-term.ai.juniper.net.cer apstra-edge-0.0.78/apstra-edge-container-0.0.78.tgz root@user:~#
-
Modify the following lines in the
docker-compose.ymlfile. Enterep-term.ai.juniper.netfor theCLOUD_TERM.root@user:~# vi docker-compose-0.0.78.yml - REGISTRATION_KEY=<registration-code> - CLOUD_TERM=ep-term.ai.juniper.net
This registration code is retrieved from Step 3 in the Adopt the Juniper Apstra Cloud Services Edge and Enable Juniper Apstra Flow section, after adopting the Edge. The registration code registers the Apstra Edge with Juniper Apstra Cloud Services.Note:The Juniper Apstra Edge uses the registration code to retrieve unique organization ID, secret, and device ID during Edge installation. These IDs must be stored securely as they cannot be retrieved after the initial setup is complete.
TheCLOUD_TERMis the service that runs in the cloud, which is the entry point for any connectivity for any Edge component to communicate with the cloud.For a list of internal configuration variables and their functions, see Internal Variables for Juniper Apstra Edge Cloud Services Configuration.
Note:These variables are meant for internal use and are not required to set up the Edge component. We do not recommend overriding these variables in production.
-
Create a directory for installing the Edge container. Copy the
docker-compose-0.0.78.ymlfile from the tar.gz. and rename it todocker-compose.yml.root@user:~# mkdir apstra_edge root@user:~# cp apstra-edge-0.0.78/docker-compose-0.0.78.yml apstra_edge/docker-compose.yml
-
Copy the container file into the
apstra_edgedirectory.root@user:~# cp ~/apstra-edge-0.0.78/apstra-edge-container-0.0.78.tgz ~/apstra_edge
-
(Optional) Verify that no existing image is present.
root@user:~# cd apstra_edge root@user:/apstra_edge# docker images |grep edge
-
Load the Docker image.
root@user:/apstra_edge# docker load < apstra-edge-container-0.0.78.tgz dd3a0446c8dc: Loading layer [==================================================>] 2.048kB/2.048kB 20926e4376db: Loading layer [==================================================>] 19.25MB/19.25MB 91a5e17f426c: Loading layer [==================================================>] 3.072kB/3.072kB 70f18eed95b4: Loading layer [==================================================>] 4.096kB/4.096kB 437b361ffd18: Loading layer [==================================================>] 20.55MB/20.55MB fa960967b411: Loading layer [==================================================>] 20.56MB/20.56MB b2db1e6c6bcd: Loading layer [==================================================>] 2.56kB/2.56kB ed13056991f4: Loading layer [==================================================>] 6.144kB/6.144kB e051cc879cb0: Loading layer [==================================================>] 3.256MB/3.256MB 4c412efeef84: Loading layer [==================================================>] 20.56MB/20.56MB a9547726ed61: Loading layer [==================================================>] 2.56kB/2.56kB Loaded image: apstra-edge:0.0.78
-
Verify that the
apstra-edgeimage is loaded.root@user:/apstra_edge# docker images |grep edge apstra-edge 0.0.78 c183eb098689 8 days ago 273MB
-
We recommend that you replace the Juniper Apstra self-signed certificate with a
publicly-signed certificate. To proceed with a publicly-signed certificate, follow the
directions at, Replace the SSL Certificate of Juniper Apstra's Nginx Controller.
The Juniper Apstra Edge connects to the Juniper Apstra controller using the management URL provided in the Juniper Apstra Cloud Services entitlement process. This management URL is configured with an IP address. The Apstra controller requires an SSL certificate with a Subject Alternative Name containing this IP.
-
(Optional) To proceed with the self-signed certificate on the Apstra controller instead
of a publicly-signed certificate, you must add the following line (
- AOS_INSECURE_SKIP_VERIFY=true) to thedocker-compose.ymlfile after the two environment variables that you previously entered (REGISTRATION_KEY=<registration-code>, CLOUD_TERM=ep-term.ai.juniper.net):root@user:~# vi docker-compose.yml - REGISTRATION_KEY=<registration-code> - CLOUD_TERM=ep-term.ai.juniper.net - AOS_INSECURE_SKIP_VERIFY=true
Note:You must perform Steps 9 and 10 regardless of whether you use a self-signed certificate or a publicly-signed certificate for the Apstra controller.
-
Copy the
EP-TermSSL certificate to the correct directory, and add read/write permissions. This enables the Juniper Apstra Cloud Services Edge to validate SSL certs for server authentication.root@user:~# cd /etc/ssl/certs root@user:/etc/ssl/certs# sudo cp ~/apstra-edge-0.0.78/ssl-keys/ep-term.ai.juniper.net.cer . root@user:/etc/ssl/certs# sudo chmod 644 ep-term.ai.juniper.net.cer
-
Update the certificates.
root@user:/etc/ssl/certs# sudo update-ca-certificates Updating certificates in /etc/ssl/certs... 0 added, 0 removed; done. Running hooks in /etc/ca-certificates/update.d... done.
-
Spin up the Docker Edge container from the
apstra_edgedirectory.Thedocker compose up -dcommand initializes the services listed indocker-compose.ymlfile. Applying the .yml file also creates a volume namedapstra_edge_apstra_edge_store/. This volume is mounted at/var/lib/docker/volumes/apstra_edge_apstra_edge_store/_data/.Note:The Juniper Apstra Cloud Services instance supports both
docker composeanddocker-composecommands.Note:You must run the
docker compose up -dcommand from within the same directory where thedocker-compose.ymlis located. The file must also be nameddocker-compose.ymlor the command will not work as intended.Note:Ensure that you back up
/var/lib/docker/volumes/apstra_edge_apstra_edge_store/_data/. The Edge instance uses this mount to restart connectivity in the event of a system crash.root@user:~/apstra_edge$ docker compose up -d [+] Running 1/1 ⠿ Container apstra-edge Started 0.2s
Note:IMPORTANT: During the first boot of the Juniper Apstra Cloud Services Edge container, it will perform a one-time registration process using the provided registration code. This process generates a unique
secretnecessary for authentication between the Edge instance and the CLOUD_TERM service. After this initial registration process, the registration code is invalid. Subsequent starts or restarts of the Juniper Apstra Cloud Services Edge instance use thesecretto connect to the CLOUD_TERM service. -
From the UI, verify the following statuses:
Note:
If any of these statuses show Disconnected, an error message appears when you hover over the status text.
- Cloud Connectivity is Connected: The connection status between the Juniper Apstra Cloud Services Edge container and Juniper Apstra Cloud Services.
- Apstra Connectivity is Connected: The connection status of the Juniper Apstra Cloud Services Edge container to the Juniper Apstra Edge instance.
-
Verify that Juniper Apstra Cloud Services is querying the new Edge instance with Apstra
Flow.
In the ACS UI, a Service Aware and Impact Analysis tab should be visible. Note that these tabs might not appear immediately.
-
(Optional) Verify that the Docker volume was successfully created.
root@user:~/apstra_edge# docker volume ls | grep apstra_edge local apstra_edge_apstra_edge_store
-
(Optional) View event logs.
root@user:~/apstra_edge# docker logs --tail 10 -f apstra_edge
-
To stop the container, use the following command:
root@user:~/apstra_edge# docker compose down Stopping apstra-edge ... done Removing apstra-edge ... done
-
To restart a stopped Edge container, run the following command:
root@user:~/apstra_edge# docker compose up -d Creating apstra-edge ... done
For post-setup verification, actions, and troubleshooting, see Juniper Apstra Cloud Services Edge Post-Setup: Config Changes and Troubleshooting.