AHR TUI plugin in air-gapped mode

After uploading all AHR dependencies (refer to Uploading AHR artifacts to the air-gapped head node), run the AHR TUI installer. The plugin automatically detects when it is running in an air-gapped environment and adjusts its behavior.

Before running the installer, create a BCM user to deploy the AHR application. Replace <strong-password> with a secure value:

cmsh -c 'user; add mission-control-admin; set password <strong-password>; commit;'

Important

The AHR TUI plugin reads the imageRepository field from the kubeadm-config ConfigMap (kube-system namespace) to detect air-gapped mode. This field must be set to your local registry URL. If it still points to the default registry.k8s.io, the plugin will not recognize the environment as air-gapped. Registry mirroring alone is not sufficient — imageRepository must use the local registry for air-gap detection and image pulls to work correctly.

To verify that imageRepository is correctly set, run:

kubectl get configmap kubeadm-config -n kube-system -o jsonpath='{.data.ClusterConfiguration}' | grep imageRepository

The output should show your local registry URL (for example, imageRepository: master.cm.cluster:5000). If it still shows registry.k8s.io, refer to section 4.2 of the BCM containerization manual for instructions on configuring the Kubernetes cluster for air-gapped operation.

Install the Base View package

Install the cm-base-view-ahr package on the head node. This package is required for AHR installation via the BCM Base View interface.

Note

The cm-base-view-ahr package is included in the bundle produced by the nmc-airgap tool (under bundle/files/), not in the bundle downloaded by download_ahr_dependencies.sh.

dpkg -i bundle/files/cm-base-view-ahr-bcm11*.deb

Ingress-nginx Helm chart

The AHR TUI plugin requires the ingress-nginx Helm chart to be available in the local registry. This chart is normally pushed to the local registry by the BCM air-gap scripts as part of the Kubernetes air-gapped installation. The following manual download and push steps are only needed if the chart is missing from the registry.

1. Check if the chart is already present in the local registry:

   helm show chart oci://master.cm.cluster:5000/helm-charts/ingress-nginx \
     --ca-file /cm/local/apps/containerd/var/etc/certs.d/master.cm.cluster:5000/ca.crt
   

   If the command returns chart metadata, the chart is already available and you can skip the remaining steps.

2. Download the Helm chart on a machine with internet access:

   helm pull ingress-nginx \
     --repo https://kubernetes.github.io/ingress-nginx \
     --version 4.14.3
   

3. Transfer the .tgz file to the air-gapped head node and log in to the local registry:

   module load docker
   helm registry login master.cm.cluster:5000 --insecure --username dummy --password dummy
   

4. Push the chart to the local registry:

   helm push ingress-nginx-4.14.3.tgz \
     oci://master.cm.cluster:5000/helm-charts \
     --ca-file /cm/local/apps/containerd/var/etc/certs.d/master.cm.cluster:5000/ca.crt
   

Running the AHR installation wizard

After completing the preceding steps, follow the AHR installation guide with the following modifications:

1. The cm-mission-control-setup wizard must be invoked with the --skip-packages option (required in air-gapped environments):

   cm-mission-control-setup --skip-packages
   

2. The NGC credential prompt will not be displayed. The plugin automatically detects the air-gapped environment and pulls artifacts from the local registry instead, as long as registry mirroring is configured.

Resolving dependency conflicts during installation

During the InstallAgentOnHeadNode or InstallAgentInSoftwareImages stages, the AHR TUI plugin installs packages from the air-gap bundle. If a dependency conflict occurs (for example, a version mismatch between a bundled package and a package already installed on the system), the installer pauses and waits for you to resolve the conflict manually.

Tip

The air-gap bundle contains the entire dependency tree for every required package. If you need to install or downgrade a conflicting dependency, look for the appropriate .deb file in /cm/local/apps/autonomous-hardware-recovery/var/packages/. You can install it manually with dpkg -i <package>.deb and then retry the stage.

Self-signed TLS certificates

The AHR TUI plugin can generate self-signed TLS certificates for use in air-gapped environments where publicly trusted certificates are not available.

During installation, the TUI prompts whether to use self-signed certificates or to provide publicly trusted certificates:

• If you select self-signed certificates, you are prompted for a base domain URL (default: autonomous-hardware-recovery.local).

• The certificate and key files are written to /cm/local/apps/autonomous-hardware-recovery/etc/certs/.

• AHR agents are automatically configured to trust the self-signed certificate when communicating with the backend.

Note

Note down the app URL and api URL displayed by the TUI installer during installation. You will need them to configure /etc/hosts on your local machine (step 3).

To access the AHR web UI from a local machine when using self-signed certificates:

1. Retrieve the head node IP address.

2. Retrieve the certificate:

   cat /cm/local/apps/autonomous-hardware-recovery/etc/certs/cert.crt
   

3. Add entries to /etc/hosts on your local machine pointing to the head node IP. For example:

   10.0.0.1 mycluster.autonomous-hardware-recovery.local
   10.0.0.1 mycluster-api.autonomous-hardware-recovery.local
   

4. Save the certificate to a local file and configure your browser to trust it.

5. Access the AHR web UI at https://<ahr_base_domain>/home/. For example:

   https://autonomous-hardware-recovery.local/home/
   

Uninstalling Autonomous Hardware Recovery

To uninstall AHR, start the plugin via cm-mission-control-setup and select the Uninstall flow.

Important

The uninstall flow removes the var folder, which stores Helm charts, packages, and runbooks required by the air-gapped installation. Before reinstalling AHR, you must run the upload script again to restore these artifacts. Refer to Uploading AHR artifacts to the air-gapped head node for details.

Tip

Use the --skip-images flag to skip re-pushing images that are already present in the local registry.