Skip to main content
Version: latest

Edge Installer Configuration Reference

The Edge Installer configuration user data accepts a parameter named stylus. In addition to the stylus parameter, the user data file also supports the use of cloud-init stages and other Kairos-supported parameters. The stylus.site parameter is how you primarily configure the Edge host, but you can also use cloud-init stages to customize the installation. Refer to the Site Parameters for a list of all the parameters supported in the stylus.site parameter block.

info

The #cloud-config value is a required cloud-init header required by the cloud-init standard.

Palette Agent Parameters

These parameters start with the prefix stylus. Palette agent parameters control various aspects of the Edge host's configuration, including networking, logging, services, as well as users and permissions. Parameters in this section are listed in alphabetical order.

ParameterDescriptionDefault
stylus.debugEnable this parameter for debug output. Allowed values are true or false.False
stylus.disablePasswordUpdateDisables the ability to update Operating System (OS) user password from Local UI if set to true. Updating the password through the OS and API is still allowed.False
stylus.includeTuiEnable Palette TUI for initial Edge host configuration. Default value is false. For more information, refer to Initial Edge Host Configuration.false
stylus.installationModeAllowed values are connected and airgap. Default value is connected. connected means that the Edge host has a connection to Palette; airgap means it does not have a connection to Palette.connected
stylus.localUI.portSpecifies the port that Local UI is exposed on.5080
stylus.siteReview Site Parameters for more information.
stylus.enableMultiNodeWhen set to true, the host is allowed to link with other nodes and form a multi-node cluster. For more information, refer to Link Hosts.False
stylus.externalRegistriesUse this parameter to configure multiple external registries and to apply domain re-mapping rules. Review External Registry Parameters for more information.None
stylus.registryCredentialsOnly used when a single external registry in use and no mapping rules are needed. Review Single External Registry for more information.None
stylus.traceEnable this parameter to display trace output. Allowed values are true or false.False

Multiple External Registries

You can configure multiple external registries by using the stylus.externalRegistries parameter object. You can also apply domain mapping rules to map domain names to external registries.

If you are using an external registry and want to use content bundles when deploying your Edge cluster, you must also enable the local Harbor registry. For more information, refer to Build Content Bundles and Enable Local Harbor Registry.

Review the following parameters to configure external registries.

ParameterDescriptionDefault
stylus.externalRegistries.registriesA list of external registries. Refer to Registry Parameters for more details.None
stylus.externalRegistries.registryMappingRulesA list of key-pair rules to map domain names to external registries. Refer to Registry Mapping Rules for more details.None

Registry Parameters

The stylus.externalRegistries.registries block accepts the following parameters.

ParameterDescriptionDefault
domainThe domain of the registry.None
usernameThe username to authenticate with the registry.None
passwordThe password to authenticate with the registry.None
repositoryNameThe name of the repository within the registry.None
certificatesA list of certificates in PEM format to use to access the registry.None
insecureWhether to allow insecure connections to the registry.False
encodedPasswordWhether the password is base64 encoded.False

Below is an example of how to configure an external registry.

stylus:
externalRegistries:
registries:
- domain: "example.registry.com/internal-images"
username: "admin"
password: "***************"
repositoryName: example-repository-private
certificates:
- |
-----BEGIN CERTIFICATE-----
MIIENDCCAxygAwIBAgIUSdnFq4anqjgKf2iRX2RP65LYpkwwDQYJKoZIhvcNAQEL
BQAwfzEpMCcGA1UEAwwgc2hydXRoaS1haXJnYXAyLnNwZWN0cm9jbG91ZC5kZXYx
FTATBgNVBAoMDFNwZWN0cm9DbG91ZDELMAkGA1UECwwCSVQxFDASBgNVBAcMC1Nh
bnRhIENsYXJhMQswCQYDVQQIDAJDQTELMAkGA1UEBhMCVVMwHhcNMjQwMTExMDkz
ODUzWhcNMzQwMTA4MDkzODUzWjB/MSkwJwYDVQQDDCBzaHJ1dGhpLWFpcmdhcDIu
c3BlY3Ryb2Nsb3VkLmRldjEVMBMGA1UECgwMU3BlY3Ryb0Nsb3VkMQswCQYDVQQL
DAJJVDEUMBIGA1UEBwwLU2FudGEgQ2xhcmExCzAJBgNVBAgMAkNBMQswCQYDVQQG
EwJVUzCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBANcPucLatrCHmR+o
h6pIReisVxbJI0jqlVfive+mDp64Z3aXbzlX634chbyjd6G8xmZXH0beIZE91yGD
42atamrqDSADcZRvjUmqGzf/nrm3sOCHOKNMvMFZJ0uGFjwuwxIDf91+Vgj0FZRe
j+nVRI3XQyAdJXP6sls8vu8bHk6RDMLYb+IzMWzFuPGDUv3fU41a3dijVfMxt6hj
MdoUe6wzTr46ylUgm5rB/SKrMcg41ZNFcqYLhHt6KsS/0G8hjrvo7d+BeNcxf6GP
xOWyimdq18suHqFQ82ieCxB8gR2Ig15ch8UG1p95JbVMjzLTi3tgU9EARuftsUK9
spdn2cUCAwEAAaOBpzCBpDAdBgNVHQ4EFgQUDVk6cnlax94aPm3F+fubzHj8vaIw
HwYDVR0jBBgwFoAUDVk6cnlax94aPm3F+fubzHj8vaIwDwYDVR0TAQH/BAUwAwEB
/zA8BgNVHREENTAzgglsb2NhbGhvc3SHBH8AAAGCIHNocnV0aGktYWlyZ2FwMi5z
cGVjdHJvY2xvdWQuZGV2MBMGA1UdJQQMMAoGCCsGAQUFBwMBMA0GCSqGSIb3DQEB
CwUAA4IBAQATfu3drGJkmFD58KvUKuOhAY28TpVquH63W40JchVjhtOmg+WHfPIE
8dvYYKiZtrpFZDUcAVtn/KJIZoNbq51o7mWj/rl6W5pcajBLoqcvlDH0zXzVgF+f
+gj68SMegHwp+EO/dK9LfLp2bxNuBPCnvLj3eMs0HCdmZW1uzVm71YIXTSXwgm/2
nMnI5ELi2kuufCZh5wQxr7km+qZgTteaZI2h+YNU88m/SreRFHfBP8QRfkqTumfW
Sz3rWOQ93KXO/CEk+XySnVFgS+JdGtpmRalOfGeJ0Kk8hraX3h/2KkD0Vd99DIMN
DlN636dYFSJBG3LjGuzyO66kEvbGJAIT
-----END CERTIFICATE-----
registryMappingRules:
"us-east1-docker.pkg.dev/spectro-images/daily": "example.registry.com/internal-images"
"us-docker.pkg.dev/palette-images": "example.registry.com/internal-images"
"grc.io/spectro-dev-public": "example.registry.com/internal-images"
"grc.io/spectro-images-public": "example.registry.com/internal-images"

Registry Mapping Rules

Use registry mapping rules to map a domain name to an external registry. The registryMappingRules parameter accepts a list of key-value pairs where the key is the domain name and the value is URL mapping to the external registry.

Below is an example of registry mapping rules. The registry in the code snippet, example.registry.com/internal-images is assumed to contain the images that are mapped from the external registries.

stylus:
externalRegistries:
registries:
- domain: "example.registry.com/internal-images"
repositoryName: "primary-registry"
username: "admin"
password: "***************"
registryMappingRules:
"us-east1-docker.pkg.dev/spectro-images/daily": "example.registry.com/internal-images"
"us-docker.pkg.dev/palette-images": "example.registry.com/internal-images"
"grc.io/spectro-dev-public": "example.registry.com/internal-images"
"grc.io/spectro-images-public": "example.registry.com/internal-images"
Airgap Environment

In an airgap environment, use the registryMappingRules parameter to map domain names to external registries that were downloaded when creating the content bundle.

info

Palette will automatically update the image path when Harbor Edge-Native Config pack is enabled. For example, if you have a registry mapping rule such as the following.

"us-east1-docker.pkg.dev/spectro-images/daily": "example.registry.com/internal-images"

Then the image tag will be updated with the prefix URL to the Harbor registry, such as https://10.10.100.45:30003/example.registry.com/internal-images. Palette will do this for all registry mapping rules specified in the user data. This allows the Edge host to find and pull images that came from an external registry through the local Harbor registry.

stylus:
installationMode: airgap
externalRegistries:
registryMappingRules:
"us-east1-docker.pkg.dev/spectro-images/daily": "example.registry.com/internal-images"
"us-docker.pkg.dev/palette-images": "example.registry.com/internal-images"
"grc.io/spectro-dev-public": "example.registry.com/internal-images"
"grc.io/spectro-images-public": "example.registry.com/internal-images"

Single External Registry

You can point the Edge Installer to a non-default registry to load content from another source. Use the registryCredentials parameter object to specify the registry configurations. If you have multiple external registries, use the stylus.externalRegistries parameter object instead. Refer to the Multiple External Registries section for more information.

If you are using an external registry and want to use content bundles when deploying your Edge cluster, you must also enable the local Harbor registry. For more information, refer to Build Content Bundles and Enable Local Harbor Registry.

ParameterDescriptionDefault
stylus.registryCredentials.domainThe domain of the registry. You can use an IP address plus the port or a domain name.
stylus.registryCredentials.encodedPasswordSpecifies whether the password as given is base64 encoded.true means that the provided password is base64 encoded and that when using the password to authenticate, the password must be decoded first. false means the password is not encoded and must be used as is to authenticate with the registry.False
stylus.registryCredentials.insecureWhether to allow insecure connections to the registry.False
stylus.registryCredentials.passwordThe password to authenticate with the registry.
#cloud-config
stylus:
registryCredentials:
domain: 10.10.254.254:8000/spectro-images
username: ubuntu
password: <yourPassword>
insecure: true

Site Parameters

The stylus.site blocks accept the following parameters.

ParameterDescriptionDefault
stylus.site.caCertsThe Secure Sockets Layer (SSL) Certificate Authority (CA) certificates. The certificates must be base64-encoded.
stylus.site.clusterIdThe ID of the host cluster the edge host belongs to.
stylus.site.clusterNameThe name of the host cluster the edge host belongs to.
stylus.site.deviceUIDPathsSpecify the file path for reading in product or board serial that can be used to set the device ID. The default file path is /sys/class/dmi/id/product_uuid. Refer to the Device ID (UID) Parameters section to learn more.
stylus.site.edgeHostTokenA token created at the tenant scope that is required for auto registration.
stylus.site.insecureSkipVerifyThis controls whether or not a client verifies the server's certificate chain and hostname.
stylus.site.nameFully qualified domain name of the Edge host.
stylus.site.networkThe network configuration settings. Review the Site Network Parameters below for more details.
stylus.site.paletteEndpointThe URL endpoint that points to Palette. Example: api.spectrocloud.com
stylus.site.prefixA prefix prepended to the Edge device hostname to form the Edge device ID. Only alphanumeric characters and the hyphen-minus character are allowed. By default, this value is set to edge.
stylus.site.projectNameThe name of the project.
stylus.site.projectUidThe ID of the project the Edge host will belong to.
stylus.site.registrationURLThe URL that operators use to register the Edge host with Palette.
stylus.site.tagsA parameter object you use to provide optional key-value pairs. Refer to the Tags section to learn more.
stylus.site.tagsFromFileSpecify tags from a file. Refer to the Tags section to learn more.
stylus.site.tagsFromScriptUse a script to generate the tags. Refer to the Tags section to learn more.
info

If you do not specify a hostname for the Edge host with stylus.site.name , the system will generate one from the serial number of the device. If the Edge Installer cannot identify the serial number, it will generate a random ID instead. In cases where the hardware does not have a serial number, we suggest that you specify a value so there is minimal chance of duplication. Use the value "$random" to generate a random ID. You can also use the DeviceUIDPaths to read in a value from a system file.

Device ID (UID) Parameters

The device ID is generated by a specific priority sequence. The below table outlines the priority order from top to bottom when generating a UID for the Edge host. The UID generation starts with priority one, the device name, followed by attributes within the deviceUIDPAths, and lastly generating a random UUID if all other methods are unsuccessful.

PriorityMethodDescription
1nameThe device name is used as the primary identifier for the Edge host.
2deviceUIDPathsSpecifies the paths and associated regular expressions to extract the UID.
3"$random"Assigns a random UUID as the Edge host ID.

By default, the product UID path is set to /sys/class/dmi/id/product_uuid. To modify this path and use other attributes within the same folder, such as the product or board serial, use the regex parameter. For example, instead of the default path /sys/class/dmi/id/product_uuid, you can use the board Serial Number path /sys/class/dmi/id/board_serial by applying a regex parameter. Refer to the regex syntax reference guide to learn more.

ParameterDescription
stylus.site.deviceUIDPaths[*].nameThe path of the file containing the UID.
stylus.site.deviceUIDPaths[*].regexThe regular expression pattern to match the UID.

You can use the regex parameter to remove unsupported characters from attributes to Refer to the warning box below for a list of unsupported characters.

#cloud-config
stylus:
site:
deviceUIDPaths:
- name: /etc/palette/metadata-regex
regex: "edge.*"
warning

The length of the UID truncates to a maximum allowed length of 128 characters. The following characters are unsupported:

/ ? # & + % , $ ~ ! @ * () {} | = ; : <> ' . ^ "

Site Network Parameters

Use the site network parameters to configure network settings so the edge host can communicate with Palette.

ParameterDescription
stylus.site.network.httpProxyThe URL of the HTTP proxy endpoint.
stylus.site.network.httpsProxyThe URL of the HTTPS proxy endpoint.
stylus.site.network.noProxyThe list of IP addresses or CIDR ranges to exclude routing through the network proxy.
stylus.site.network.interfacesThe network settings respective to the interfaces. This parameter accepts a list of objects with keys as follows in this table.
stylus.site.network.interfaces.[NIC-NAME].ipAddressThe assigned IP address to the network interface.
stylus.site.network.interfaces.[NIC-NAME].maskThe network mask for the assigned IP address.
stylus.site.network.interfaces.[NIC-NAME].typeDefines how the IP address is assigned. Allowed values are dhcp or static. Defaults to dhcp.
stylus.site.network.interfaces.[NIC-NAME].gatewayThe network gateway IP address.
stylus.site.network.interfaces.[NIC-NAME].nameserverThe IP address of the DNS nameserver this interface should route requests to.
stylus.site.network.nameserverThe IP address of the global DNS nameserver that requests should be routed to.

Tags

You can specify tags from a file by using the tagsFromFile parameter object or from a script by using the tagsFromScript parameter.

ParameterDescriptionDefault Value
stylus.site.tagFromFile.fileNameThe path to the file containing the tags.''
stylus.site.tagFromFile.delimiterThe delimiter used to separate the key-value pairs.\n
stylus.site.tagFromFile.separatorThe separator used to separate the key from the value.:
stylus.site.tagFromScript.scriptNameThe path to the script that returns a JSON object.''
stylus.site.tagFromScript.timeoutThe timeout value in seconds.60

With tags from a file, you can specify different delimiters and separators to parse the content of a file depending on how the content is formatted. For example, assume the file /etc/palette/tags.txt contains the following content.

Location:Mumbai,India; Latitude:48.856614; Longitude:2.352221; owner:p78125d

The following configuration can produce these tags: Location: Mumbai,India, Latitude: 48.856614, Longitude:2.352221, owner:p78125d, department: sales.

#cloud-config
stylus:
site:
tags:
department: "sales"
tagsFromFile:
fileName: "/etc/palette/tags.txt"
delimiter: ";"
separator: ":"

You can specify tags from a script by using the tagsFromScript parameter object. The script must be executable and return a JSON object that contains the tags in the following format.

{
"key": "value"
}

For example, if you have a Python script that returns the following JSON output:

{
"department": "sales",
"owner": "p78125d"
}

You can configure stylus.site.tagsFromScript to point to the script, and it will add the tags owner:p78125d and department: sales to the Edge host.

Site Registry Parameters

Palette uses a webhook to redirect image pulls when you have specified an external registry or use a local Harbor registry. If you find this redirect behavior to be limiting, you can disable the webhook. For more information, refer to Disable Webhook to Customize Image Pull Behavior.

ParameterDescriptionDefault
stylus.imageRedirectWebhook.enableWhether to enable the webhook to redirect image pulls.True

Install Parameters

The install block allows you to configure the installer to make bind mounts and disk partitions on the Edge host. In addition, you can specify post-installation behavior, such as instructing the Edge host to power off automatically after installation is complete.

ParameterDescriptionDefault
install.bind_mountsThe list of folders to bind mount from the installer to the Edge hostNone
install.grub_options.extra_cmdlineKernel command-line parameters to add to the installer.None
install.partitions.persistentA persistent partition object. Providing this parameter creates an extra persistent partition on the Edge host. Accepts two parameters as follows in this table.None
install.partitions.persistent.sizeThe size of the persistent partitionNone
install.partitions.persistent.fsThe type of the file system for the persistent partitionNone
install.partitions.extra-partitionsThe list of extra partitions to create. Each list item accepts parameters as follows in this table.None
install.partitions.extra-partitions[*].nameThe name of the extra partitionNone
install.partitions.extra-partitions[*].sizeThe size of the extra partitionNone
install.partitions.extra-partitions[*].fsThe file system of the extra partitionNone
install.partitions.extra-partitions[*].labelThe label of the extra partitionNone
install.poweroffWhether to power off the Edge host after installation is complete.False
install.rebootWhether to reboot the Edge host after installation is completeFalse

Cloud Init Stages

Cloud init stages allow you to automates the initialization of your Edge hosts during various stages of the system boot process. You can perform For more information, refer to Cloud-init Stages.

info

You can configure users during any cloud-init stage. However, we strongly recommend that you use the initramfs stage to configure users, because this is the earliest cloud-init stage.

If you need to debug the Edge host in the event it is unable to progress past a certain stage, you will be able to establish an SSH connection into the Edge host because the users are already there. On the other hand, if you configure users at a later stage and your Edge host is not able to progress to that stage during installation, you will not be able to access your Edge host because there are no users.

ParameterDescriptionDefault
stages.*.usersThe list of users to create at any cloud-init stage. Replace * with the specific stage. Each list item accepts parameters as follows in this table.None
stages.*.users[*].groupsThe list of groups that the user belongs to. Replace * with your username.None
stages.*.users[*].passwdThe password of the user. Replace * with your username.None
stages.initramfsThe initramfs stage during Edge host installation. For more information, refer to Cloud Init Stages.None
stages.rootfsThe rootfs stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.bootThe boot stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.fsThe fs stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.networkThe network stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.reconcileThe reconcile stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.after-installThe after-install stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.after-install-chrootThe after-install-chroot stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.after-resetThe after-reset stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.after-reset-chrootThe after-reset-chroot stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.before-installThe before-install stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.before-upgradeThe before-upgrade stage during Edge host installation. For more information, refer to Cloud Init StagesNone
stages.before-resetThe before-reset stage during Edge host installation. For more information, refer to Cloud Init StagesNone