Get a single-use EVE-OS installer

Single-Use (SU) EVE installers enable you to securely initialize (bootstrap) edge nodes and connect them to the cloud even when automatic network configuration over DHCP isn't available. They also enable you to securely provide custom initial configs for air-gap environments.

After you bootstrap an edge node with an SU installer, it will be able to connect to its controller (ZEDEDA Cloud). It will receive all further config updates from its controller.

Because each SU installer contains a unique bootstrap configuration for a particular edge node, each SU installer can only be used once.

At this time, you can only obtain an SU installer using the ZCLI. But first, you need to create an entry for your edge node in ZEDEDA Cloud. The configuration you input during this setup will be the one included in your SU installer.

SU installers vs legacy solutions

It’s possible to bootstrap an edge node by manually creating a JSON-formatted network configuration and either injecting it into a standard EVE installer, or by installing it using a USB drive. However, there are a few problems with this approach.

  • Manually writing JSON network configurations is error-prone. Your edge node will reject any configs with errors.
  • JSON config files lack signatures, making them susceptible to malicious tampering, which EVE might not detect.
  • You’d need to duplicate each edge node’s network config: once in ZEDEDA Cloud and again manually in the JSON file; and these configs must match.

SU installers solve these problems by using bootstrap configs that have been signed by the target edge node's controller, ensuring the installer's trustworthiness to EVE. These bootstrap configs come from ZEDEDA Cloud, and you only have to prepare them once. Moreover, the bootstrap configs in SU installers are in binary format, preventing manual changes.

Prerequisites

  • Only EVE-OS versions 8.12 and later support single-use installers.
  • You'll need the appropriate role to create, update, and delete edge node entries in your enterprise.
  • You'll need access to the ZCLI to generate the installer. Single-Use EVE installers can't be obtained through the ZEDEDA GUI.
  • You'll need Docker installed.

Create an edge node entry in your enterprise

  1. Log in to the ZEDEDA Cloud GUI.
  2. Navigate to the Edge Node view and click Add New.
  3. Configure your edge node, and select Generate Single-Use EVE-OS installer as the Identity Type.
  4. Take note of the EVE-OS Image Version in the Identity section. We'll use it in the following procedure.
  5. Configure port mappings (i.e.: static or wireless network configuration).
  6. Click Add.

Generate a single-use EVE installer image

  1. Run a ZCLI session. (This command maps your current directory into /home of the container.)
    docker run -it -u0 -v /var/run/docker.sock:/var/run/docker.sock -v $PWD:/home zededa/zcli:latest
  2. Log in to the ZCLI.
  3. Assign the EVE image version (which you saved in the previous procedure) to your edge node.
    zcli edge-node eveimage-update EDGE_NODE_NAME --image=IMAGE_NAME
  4. Generate your single-use installer.
    zcli edge-node gen-single-use-eve-installer EDGE_NODE_NAME
  5. Verify that you now have an installer.raw file in your working directory
    ls

You can flash your new image to a portable drive using our guide to Flashing an EVE-OS image.

Was this article helpful?
0 out of 0 found this helpful