2.5.1 RPM package

This section describes the following items regarding the RPM package, which is a set of files required to configure a relay server.

Prerequisites for installing RPM package
Contents of RPM package
Command scripts for RPM package
Signature file for RPM package

For information on setting up relay servers, see “Setting a relay server”. For downloading RPM packages, see “Control plane management”.

(1) Prerequisites for installing RPM package

The prerequisites for the server on which the RPM package is to be installed are as follows.

(Table) Prerequisites for installing RPM package

Item		Prerequisites
OS
	Linux distribution	RHEL 8.8/8.9/8.10/9.2/9.3/9.4/9.5 Oracle Linux 8.8/8.9/8.10/9.2/9.3/9.4/9.5
	SELinux	disable mode or permissive mode
	Swap	off
	Kernel Params	N/A
	Kernel Modules	N/A
	Package	The tar package must be installed.
	System Services	nm-cloud-setup.service: disabled nm-cloud-setup.timer: disabled
	Network	Ports: Three TCP ports must be enabled. (Default: 21400, 21401, and 21402) The IP address of each node must be unique. Nodes must not belong to the outpost network CIDR^. A default route must be set for the node. Firewall: The outpost network CIDR^ must be added as a trusted zone source.
Hardware
	Memory	4GB+
	CPU	2+ cores
	Disk	20GB+
HTTP Proxy
	Authentication	No certification or basic certification
	CONNECT method	Allowed for Ops I tenant URL domain
Version skew		The agent version must not be newer than the control plane version and the difference of minor versions must be two or less. Example: The control plane version v1.29.x-k3s1-x.x.x can connect to the agent versions v1.27.x-k3s1-x.x.x, v1.28.x-k3s1-x.x.x, and v1.29.x-k3s1-x.x.x.
Agent support policy		The version of the agent provided with an Ops I release is supported for the provided Ops I version and until the next version.

*The outpost network CIDR is the CIDR of the virtual network used by the outpost agent to run the pod. (Default: 10.43.0.0/17). The length of the outpost network CIDR prefix should be less than or equal to 17.

(2) Contents of RPM package

The contents of the RPM package are described below.
The installed files are stored under “/etc/opsi/outpost/”, “/opt/opsi/outpost/”, and “/var/opt/opsi/outpost/”.

(Table) Contents of RPM package

Content		Description
k3s binary data systemd unit file for k3s		-
chisel binary data systemd unit files for chisel		-
shim binary data		systemd launches k3s and chisel via shim. When the agent is launched for the first time, Shim encrypts confidential information (Ops I token, HTTP proxy URL, and agent token) in the user configuration file.
System configuration file		Internal parameters of the agent. Not edited by users.
Template file for the user-configured file		The template file stored in /etc/opsi/outpost/outpost-config.env.template is copied as /etc/opsi/outpost/outpost-config.env for edition.
Container image		-
Command scripts		Command script files for managing and troubleshooting agents. The root privilege is required to run the scripts.
	opsiopctl.sh	Starts, stops, and monitors the status using the subcommands start, stop, and status. For details, see "Command scripts for RPM package".
	sysinfo.sh	Gathers node information for troubleshooting.
Third party software license agreement		Stored in /opt/opsi/outpost/license_set.zip. *Before using the agent, read this document and agree to the terms of use.

(3) Command scripts for RPM package

This section provides examples of executing command scripts for the RPM package.
The installed command files are stored in /opt/opsi/outpost/bin/.

[Starting outpost agent: opsiopctl.sh start]

Starts systemd for chisel and k3s.

Return values
- 0: Succeeded
- 1: Failed

# ./opsiopctl.sh start
Are you sure to proceed? (y/n)
y
Starting Outpost Agent.
Starting chisel.service.
Starting k3s.service.
Started Outpost Agent successfully

[Stopping outpost agent: opsiopctl.sh stop]

Stops systemd for chisel and k3s.

Return values
- 0: Succeeded
- 1: Failed

# ./opsiopctl.sh stop
Are you sure to proceed? (y/n)
y
Stopping Outpost Agent.
Stopping k3s.service.
Stopping chisel.service.
Stopped Outpost Agent successfully

[Monitoring outpost agent status: opsiopctl.sh status]

Checks if systemd for chisel and k3s are active.

Return values
- 0: Active for both chisel and k3s
- 1: Inactive for at least either of them

# ./opsiopctl.sh status
Checking Outpost Agent status.
Checking chisel.service… active
Checking k3s.service… active.
Outpost Agent is active

[Container image management: opsiopctl.sh images]

Optional
- --list, -l: List images
- --prune, -p: Delete all unused images

Return values
- 0: Succeeded
- 1: Failed

# ./opsiopctl.sh images --list
IMAGE                                                                                 TAG            IMAGE ID           SIZE       PINNED
docker.io/dx-tool/dx-iac/quay.io/ansible/awx-ee                  outpost       b9f9a2bbde327   1.74GB   true
docker.io/dx-tool/dx-outposts/rancher/mirrored-pause        3.9-amd64  e6f1816883972   747kB    true
registry.Ops I domain/ops-i-system-engineers/awx-ee  1.0.0           6678656068e5a  478MB   false

# ./opsiopctl.sh images --prune
Deleting unused images…

Deleted: registry.Ops I domain/ops-i-system-eingineers/awx-ee:v1.0.0
Deleted: registry.Ops I domain/ops-i-system-eingineers/awx-ee:v2.0.0

Deleted unused images successfully.

[Gathering information for troubleshooting: sysinfo.sh]

Execution log output: /var/opt/opsi/outpost/logs/sysinfo.log
Result output: /var/opt/opsi/troubleshoot/timestamp.tar.gz

Return values
- 0: Succeeded
- 1: Failed

# ./sysinfo.sh
Collecting system info...
Archiving files into /var/opt/opsi/troubleshoot/20230518162009.tar.gz...
Completed.

(4) Signature file for RPM package

The Signature file for the RPM package consists of the following.

digest.bin
pub.pem

The following command can be used to verify the RPM package.

[Verifying RPM package: openssl dgst]

# openssl dgst --sha256 -verify pub.pem -signature digest.bin opsi-outpost-RPM Package Version.x86_64.rpm