Cld2labs/airgap#100
Open
HarikaDev296 wants to merge 15 commits into
Open
Conversation
Enables full EI stack deployment (Kubernetes + LLM serving + GenAI Gateway) on internet-blocked machines by routing all dependencies through a local JFrog Artifactory instance. Changes: - Add airgap_enabled / jfrog_url / jfrog_username / jfrog_password vars - Dual-task pattern in all playbooks (internet vs JFrog path) - setup-env.sh: pip, kubespray, ansible collections, apt from JFrog - prereq-check.sh: connectivity check against JFrog ping endpoint - offline.yml: Kubespray binary URLs redirected to JFrog - containerd mirror config for all 5 registries via JFrog - Kubespray hosts.toml.j2 patched to not write skip_verify unless true - inference-tools role: helm, pip, jq installs all JFrog-aware - nri_cpu_balloons role: helm repo and airgap vars wired up - JFrog setup script + README for offline bundle preparation - Air-gap troubleshooting and deployment documentation Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Remove step 3i (Meta-Llama-3.1-8B-Instruct) - Renumber Llama-3.2-3B-Instruct as step 3i - Add step 3j for Qwen/Qwen3.5-0.8B - Add step 3k for Qwen/Qwen3.5-4B Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Replace Llama-3.1-8B with Qwen3.5-0.8B and Qwen3.5-4B - Update HuggingFace credentials section with model table - Update disk space requirement note - Update --hf-token flag description and step-by-step table Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
- Rename Qwen3.5-0.8B -> Qwen3-0.6B and Qwen3.5-4B -> Qwen3-4B throughout (script, README, step headers, HuggingFace repo IDs, JFrog folder names) - Fix SKIP_STEPS loop in should_run: drop erroneous `:-` default expansion that caused an empty-string iteration when no steps were skipped Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…install apt-get install --download-only --reinstall can use apt's in-memory package state and skip the network fetch entirely for already-installed packages like python3-pip, so JFrog never caches the .deb. apt-get download always fetches from the configured sources regardless of install state, reliably triggering the JFrog remote proxy to cache the package. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
grep returns rc=1 when it finds no matches, which Ansible treats as a task failure. Allow rc=0 (matches found) and rc=1 (no matches) as both valid; only fail on real errors like helm not being available. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
….yml all.yml is copied for every deployment (airgap and non-airgap). Having containerd_registries_mirrors with JFROG_HOST placeholders in all.yml causes non-airgap deployments to fail — containerd tries to resolve the literal string JFROG_HOST as a DNS name and image pulls fail. offline.yml is only copied when airgap_enabled=yes, and setup-env.sh substitutes JFROG_HOST with the real JFrog IP before Kubespray runs. Moving mirrors, calico_version, and coredns_version there ensures: - airgap=no: no registry mirrors configured, internet pulls work - airgap=yes: mirrors point to JFrog with real IP substituted Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
If the system still has internet connectivity while airgap mode is enabled, Docker images not cached in JFrog may silently fall through to the internet, breaking the airgap guarantee. Detect this condition early and exit with a clear message directing the user to disable internet access before proceeding. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
…ation - Clarify VM2 network requirement: internet must be disabled before running EI with airgap_enabled=yes; deployment now exits with an error if not - Update step 3f description to reflect apt-get download fix for reliable python3-pip caching in JFrog - Add troubleshooting entry for the internet connectivity exit with instructions on how to disable internet access on VM2 Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Clearly document which models have been tested and validated end-to-end in airgap mode: Llama-3.2-3B-Instruct, Qwen3-0.6B, Qwen3-1.7B, and Qwen3-4B. Includes a note that other models are not supported without manual JFrog uploads and have not been validated. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
JFrog's bundled installer expects db5.3-util to be present on the system but the package was missing from our prerequisites list, causing install.sh to fail when trying to install it from the bundled .deb.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
No description provided.