Skip to content

How to Deploy SONiC

Joe LeVeque edited this page Feb 23, 2017 · 2 revisions

Prepare for Deployment

  • Clone sonic-mgmt repo from Github
$ git clone https://github.com/Azure/sonic-mgmt

Create Authentication Info

NOTE: Should be performed once on <server>. Username and password should both be admin:

$ mkdir -p /docker/auth  
$ docker run --entrypoint htpasswd registry:2 -Bbn admin admin > /docker/auth/htpasswd

Create Certificates

NOTE: Should only need to be performed once. Server FQDN (common name) should be <server> hostname:

$ mkdir -p /docker/certs
$ openssl req -newkey rsa:4096 -nodes -sha256 -keyout /docker/certs/domain.key -x509 -days 365 -out /docker/certs/domain.crt

Boot ONIE Image

  • Connect to device via serial console
  • Reboot device
  • In GRUB menu choose ONIE
  • If image with different OS is installed, select ONIE Uninstall OS
  • Select ONIE Rescue
  • When boot finishes, copy SONiC image to device:
$ scp <user>@<server>:<path_to_image>/sonic-generic.bin .
  • Run install
$ chmod +x ./sonic-generic.bin
$ ./sonic-generic.bin

Copy certificate to device

  • Login to device:
$ ssh admin@<switch>
  • Once on device, copy certificate:
$ scp <user>@<server>:/docker/certs/domain.crt . 
$ sudo mkdir -p /etc/docker/certs.d/<server>:5000/
$ sudo cp domain.crt /etc/docker/certs.d/<server>:5000/ca.crt

Make Docker Registry Private, Insecure

  • On <server> and on each device add DOCKER_OPTS="${DOCKER_OPTS} --insecure-registry <server>:5000" option to /etc/default/docker file.
  • Restart docker

Run Docker Registry on <server>

  • Verify that Docker registry is running on <server>:
$ docker ps | grep registry
$ 0ccf0f2f9047        registry:2          "/entrypoint.sh /etc/"   23 hours ago        Up 23 hours         0.0.0.0:5000->5000/tcp   registry
  • If Docker registry container is not running run container:
$ docker run -d -p 5000:5000 --restart=always --name registry \
-v /docker/auth:/auth -e `“`REGISTRY_AUTH=htpasswd`”` -e `“`REGISTRY_AUTH_HTPASSWD_REALM=Registry
Realm`”` \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd -v /docker/certs:/certs -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt \
-e REGISTRY_HTTP_TLS_KEY=/certs/domain.key registry:2
  • To restart Docker registry:
$ docker restart registry
  • If restart didn't help:

    • Stop and remove Docker registry
    $ docker stop registry
    $ docker rm registry
    
    • Run Docker registry again

Push Images to Docker Registry on

  • Login to docker registry:
$ docker login <server>:5000
  • Push each docker image from sonic-buildimage/target/ directory to registry:
& docker load -i <image>  
& docker tag -f <image> <server>:5000/<image>  
& docker push <server>:5000/<image>

Add Device Info to Ansible Config Files

  • Add device you want to use to sonic-mgmt/ansible/inventory file:
$ switch\<number\>  ansible_host=<switch_hostname>  sonic_version=v2  sonic_hwsku=HW
Clone this wiki locally