Site planning check list

The purpose of this document is to act as a check list when planning and preparing sites for Avassa Edge Applications. Make sure you have understood each check-box and read corresponding documentation. This will guarantee a smoother site deployment phase. Reach out to Avassa support for guidance if needed.

Plan and design

• Validate host requirements (Linux distribution, kernel options, memory, disc etc)
• Is multi-tenancy required?
  • Design resource profiles
• Which unique key is to be used for host identification?
  • Default is serial number on host
• Validate application requirements
  • Ingress IP: availability of IP addresses on site, DHCP, or pool allocation?
  • Required application mounts? → plan volumes and partitions for your hosts
  • Is Inter application networking needed? (Shared network or ingress IPs)
  • Log retention, log archiving (see configuration on container logs)
  • Host networking required?
  • GPU passthrough required→ nvidia container toolkit is needed on hosts
• Site networking requirements
  • Outgoing ports to reach Control Tower
  • Inter host networking for Edge Enforcers on site
  • Preferred network for Edge Enforcer communication
  • Allow docker to pull from local registries
  • Should a host be allowed to unseal itself without any connection to Control Tower or site Edge Enforcers? “local unseal”

Prepare the golden image for the hosts

The easiest way to get a valid supd.conf is to run the installer on a machine and then copy and modify supd.conf for the golden image.

• Prepare the golden image for hosts

  • Prepare volumes for applications. Note that separate partitions are recommended in most cases.

  • Install nvidia GPU driver if required.

  • General OS configuration, log rotate etc

  • /etc/docker/daemon.json, the below is an example from the default installation.

    {
      "iptables": false,
      "userns-remap": "default",
      "selinux-enabled": false,
      "bridge": "none"
    }

  • /etc/supd.conf (unique hostid for call home)

  • /etc/systemd/system/supd.service (created by installer, and default is in most cases appropriate)

    Can be generated:

    curl -s https://api.demo.my-company.avassa.net/install | sh -s -- --emit-systemd-service > supd.service

  • /usr/sbin/start-supd

    Can be generated:

    curl -s https://api.demo.my-company.avassa.net/install | sh -s -- --emit-start-supd > start-supd

    chmod +x start-supd

  • Create /var/lib/supd/state, this directory and /var/lib/supd should be empty and writable by root

note

/var/lib/supd and /usr/sbin/start-supd must be writable by root.

tip

The location of start-supd and the supd/state can be changed (e.g. in case the above locations are not writable). See the supd.service service file on how to do this.

Configure the sites and hosts in Control Tower

See tutorial on adding a site

• Create sites in Avassa Control Tower
  • Site config for ingress IP, local unseal etc
  • Device and GPU discovery labels
• Add the hosts with correct unique IDs
• Create tenants and resource profiles if multi-tenancy is required