Single-Use (SU) EVE-OS installers enable you to securely initialize (bootstrap) edge nodes and connect them to ZEDEDA cloud even when automatic network configuration over DHCP isn't available. They also enable you to securely provide custom initial configs to air-gapped edge nodes.
After you bootstrap an edge node with an SU installer, it will be able to connect to its controller ZEDEDA Cloud. All further updates will then come from ZEDEDA Cloud.
Each SU installer can only be used once because each one contains a unique bootstrap configuration for a particular edge node.
At this time, you can only obtain an SU installer using ZCLI. But first, you need to create an entry for your edge node in ZEDEDA Cloud. The configuration you input during this setup will be the one included in your SU installer.
SU installers vs legacy solutions
It’s possible to bootstrap an edge node by manually creating a JSON-formatted network configuration and either injecting it into a standard EVE installer, or by installing it using a USB drive. However, there are a few problems with this approach.
- Manually writing JSON network configurations is error-prone. Your edge node will reject any configs with errors.
- JSON config files lack signatures, making them susceptible to malicious tampering, which EVE might not detect.
- You’d need to duplicate each edge node’s network config: once in ZEDEDA Cloud and again manually in the JSON file; and these configs must match.
SU installers solve these problems by using bootstrap configs that have been signed by the target edge node's controller, ensuring the installer's trustworthiness to EVE. These bootstrap configs come from ZEDEDA Cloud, and you only have to prepare them once. Moreover, the bootstrap configs in SU installers are in binary format, preventing manual changes.
Prerequisites
- Only EVE-OS versions 8.12 and later support single-use installers.
- You'll need the appropriate role to create, update, and delete edge node entries in your enterprise.
- You'll need access to ZCLI to generate the installer. Single-Use EVE installers can't be obtained through the ZEDEDA GUI.
- You'll need Docker installed.
Create the edge node entry in your enterprise
To create your new edge node's entry in your enterprise, follow these steps.
- Log in to the ZEDEDA Cloud GUI.
- Go to Edge Nodes using the side nav.
- Click Add New.
- Fill in the Identity section's fields.
- Select Generate Single-Use EVE-OS installer from the Identity Type dropdown in the Details section.
- Select a brand.
- Select hardware model.
- Copy the EVE-OS Image Version (in the Details section) and save it somewhere. You'll use it in the following procedure, Generate a single-use EVE-OS installer image.
- Caution: The version number will not be visible after you finish creating this edge node entry.
- Fill in the Port Mappings fields, which appear after you select a brand and hardware model.
- Click Add.
Generate a single-use EVE-OS installer image
- Run a ZCLI session. (This command maps your current directory into /home of the container.)
docker run -it -u0 -v /var/run/docker.sock:/var/run/docker.sock -v $PWD:/home zededa/zcli:latest
- Log in to ZCLI.
- Assign the EVE image version (which you saved in the previous procedure) to your edge node.
zcli edge-node eveimage-update EDGE_NODE_NAME --image=IMAGE_NAME
- Generate your single-use installer.
zcli edge-node gen-single-use-eve-installer EDGE_NODE_NAME
- Verify that you now have an installer.raw file in your working directory.
ls
You can flash your new image to a portable drive using our guide to Flashing an EVE-OS image.