Installing an Enterprise Nucleus Server
The documentation below focuses on installing and configuring an Enterprise Nucleus Server using Ubuntu 22.04 LTS.
For more information, please refer to the before you begin page and the in-line documentation contained within the nucleus-stack.env
file (included within the installation artifacts.)
Obtaining the Enterprise Nucleus Server Docker Files
After your order for Omniverse Enterprise licenses has been processed, you will receive an order confirmation message from NVIDIA. This confirmation contains information needed to log in and download the required Omniverse Enterprise software from the NVIDIA Licensing Portal.
Downloading the Enterprise Nucleus Server Package
From the NVIDIA Licensing portal, click SOFTWARE DOWNLOADS, and then set product family to Omniverse Enterprise. Locate the latest Omniverse Enterprise Nucleus package and click Download.
Docker Installation
Note
For complete instructions on how to upgrade or downgrade a previously installed version of Docker, please see the Docker website. https://docs.docker.com/engine/install/ubuntu/
Prerequisites
After your Ubuntu 22.04 server is installed, log into the server. Aligning with best practices, ensure the server is fully patched with the latest security updates before proceeding. Before installing Docker, ensure the following helper utilities are installed using the following command:
sudo apt-get install apt-transport-https ca-certificates curl gnupg lsb-release
Installing Docker
Nucleus 2023.2.0 and above
As of the publishing date of this document, Docker 20 is the recommended version for the successful deployment of an Enterprise Nucleus Server. This version also includes Docker Compose as a built-in module and no longer requires additional software to be installed. This document will be updated as newer versions of Docker are validated and approved.
To install Docker on your server, follow the steps listed below:
Run the following commands which add the proper Docker repositories:
sudo mkdir -p /etc/apt/keyrings sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
Run the following command, which adds the Docker repository to your apt sources file:
sudo echo \ "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \ $(lsb_release -cs) stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
Next, run the following command to update all your local apt repositories:
sudo apt-get update
Run the following command to display a list of available Docker versions within the repository. As noted above, the recommended version of Docker is version 20. The latest version of Docker 20 as of this writing is 20.10.24.
sudo apt-cache madison docker-ce | awk '{ print $3 }'
To install the recommended version of Docker, run the following commands:
VERSION_STRING=5:20.10.24~3-0~ubuntu-jammy sudo apt-get install docker-ce=$VERSION_STRING docker-ce-cli=$VERSION_STRING containerd.io docker-compose-plugin
To confirm Docker and the correct version is installed, run the following command:
docker --versionThe expected output is: (This may slightly differ on your system.)
Docker version 20.10.24, build 297e128
Enterprise Nucleus Server Installation
Unpacking software and creating directory structures
Copy the latest nucleus-stack (.tar.gz) package to a local temporary directory (e.g., /tmp) on your server.
Enter the temporary directory:
cd /tmp
Create an install directory (Recommended location: /opt/ove):
sudo mkdir /opt/ove
Extract the nucleus-stack package to your install directory:
sudo tar xzvf nucleus-stack-2023.1.0+mr-26.gitlab.10291385.4b569c9f.tar.gz -C /opt/ove --strip-components=1
Note
The name of the nucleus-stack package downloaded may differ depending on the latest product version available.
The following structure will now be within the /opt/ove
directory:
drwxr-xr-x 7 root root 112 Nov 1 18:32 . drwxr-xr-x 7 root root 98 Nov 1 18:31 .. -rw-rw-rw- 1 root root 2450 Oct 31 05:06 README.md -rw-r--r-- 1 root root 52 Oct 31 05:06 VERSION drwxr-xr-x 6 root root 328 Nov 2 22:16 base_stack drwxr-xr-x 3 root root 67 Nov 1 18:32 navigator drwxr-xr-x 2 root root 39 Nov 1 18:32 ssl drwxr-xr-x 2 root root 68 Nov 1 18:32 sso drwxr-xr-x 2 root root 101 Nov 1 18:32 templatesFor this installation guide, we will focus on configuring
nucleus-stack.env
within thebase_stack
directory.
Editing the Nucleus configuration
Enter the base_stack directory:
cd /opt/ove/base_stack
Using your preferred text editor (nano is used for this example), make the following changes to
nucleus-stack.env
:
sudo nano nucleus-stack.envUncomment Accept EULA:
ACCEPT_EULA=1Uncomment Security Reviewed:
SECURITY_REVIEWED=1Set the IP or Hostname:
SERVER_IP_OR_HOST=myhost.mydomain.comConfigure Nucleus passwords:
MASTER_PASSWORD=MY_NEW_PASSWORD SERVICE_PASSWORD=MY_NEW_PASSWORDSet the location for your Nucleus data:
DATA_ROOT=/var/lib/omni/nucleus-dataConfigure your subnet:
Near the bottom of the
nucleus-stack.env
file, locate the subnet section. If the subnet defined inCONTAINER_SUBNET
conflicts with an existing subnet already present in your network, change it here. IP Addresses for Nucleus Docker containers will be allocated from this subnet.CONTAINER_SUBNET=192.168.2.0/26Note
By default, the
WEB_PORT
is configured to TCP 8080. If using the included NGINX Ingress Router, this is also pre-configured to use TCP 8080. If using an alternate SSL/TLS solution, configure this port to match your requirements.[Optional] Mount Configurations
The following configuration modifications are optional. These changes enable you to configure your Enterprise Nucleus Server to mount a different S3 bucket on or post deployment.
If you choose to rename the mount path from
/NVIDIA
, unmount the original path using Nucleus Navigator prior to stopping the services. This can be achieved by having an admin user right-click the/NVIDIA
mount, and click Unmount.Configure your mount path
Choose to disable or enable reference mount (default=
1
). Disabling will start the Enterprise Nucleus Server without any reference path mounted:REFERENCE_CONTENT_MOUNT_ENABLE=1Choose the mount path within the Enterprise Nucleus Server (default=
/NVIDIA
). The path must start with/
as this is the root of Nucleus:REFERENCE_CONTENT_MOUNT_TARGET=/NVIDIADefine the S3 URL the mount will point to:
REFERENCE_CONTENT_SOURCE="content-production.omniverse.nvidia.com"Define the bucket name for the reference path. While it is common for many S3 URLs to include the bucket name, not all do. Supply the bucket name if the URL does not contain the bucket name and/or Nucleus is unable to connect to it:
REFERENCE_CONTENT_BUCKET=""Choose to enable secure connections (HTTPS) to the S3 bucket (default=
1
):REFERENCE_CONTENT_SECURE=1Configuration using a private bucket is possible, however; additional configuration parameters are required:
# (Must enable and supply all 3 parameters if enabled.) # REFERENCE_CONTENT_USE_CREDENTIALS=0 REFERENCE_CONTENT_SOURCE_REGION="" REFERENCE_CONTENT_BUCKET_ACCESS_KEY_ID="" REFERENCE_CONTENT_BUCKET_SECRET_ACCESS_KEY=""It is possible the S3 compliant storage may not support the full expected schema. This option loosens the requirements on the schema, but it is not recommended to change this unless your storage requires less restrictions:
REFERENCE_CONTENT_NON_COMPLIANT_XML_SCHEMA=0
Once all configuration changes are complete, save the file using
CTRL+O
, then exit the nano editor usingCTRL+X
.
Required Secrets
It is critical to review the Required Secrets section of the nucleus-stack.env
file. The Public-Private key pair act as the root of trust between Nucleus Authentication and Core services.
# For a quick !>INSECURE<! evaluation, a simple shell script generating these # values is provided along with this stack, # # generate-sample-insecure-secrets.sh # ----------------------------------- # # Feel free to use it to arrive at a quick sample set; # but MAKE SURE YOU UNDERSTAND THAT THE SAMPLE SET IS INSECURE. # # For any real environment, we recommend reviewing what # generate-sample-insecure-secrets.sh does, and provisioning the same # *type* of secrets in whichever manner is appropriate for your environment.If you would like to quickly set up a Nucleus instance without generating production-grade secrets, a sample script named
generate-sample-insecure-secrets.sh
is included with the stack.
Enter the base_stack directory.
cd /opt/ove/base_stack
Run the generate-sample-insecure-secrets.sh.
sudo ./generate-sample-insecure-secrets.sh
Warning
generate-sample-insecure-secrets.sh
is not intended to be used in production environments, but rather provided as a sample only.
Please consult your security policies and/or Information Security team for guidance on how to handle production secrets.
Using Docker Compose to Run the Stack
For this guide we are using the nucleus-stack.env
and nucleus-stack-no-ssl.yml
files.
Pull the latest version of the containers. Docker will use the .yml
and .env
file to do this.
This command will pull the containers from the NVIDIA repository:
sudo docker compose --env-file /opt/ove/base_stack/nucleus-stack.env -f /opt/ove/base_stack/nucleus-stack-no-ssl.yml pull
This command will start the stack in foreground:
sudo docker compose --env-file /opt/ove/base_stack/nucleus-stack.env -f /opt/ove/base_stack/nucleus-stack-no-ssl.yml up
It is recommended to watch the logs initially to spot any errors or issues. If none are observed, stop the stack by pressing Ctrl+C
and waiting for it to fully shut down, then restart it in “daemon” mode:
sudo docker compose --env-file /opt/ove/base_stack/nucleus-stack.env -f /opt/ove/base_stack/nucleus-stack-no-ssl.yml up -d
Testing the Installation
Once the stack has been started using the above commands, open a web browser on a workstation and access your Enterprise Nucleus Server using the IP Address or Hostname with the port it’s configured to use. (i.e., http://my-nucleus.example.com:8080
or http://10.54.76.10:8080
.) If configured correctly, Nucleus Navigator should appear.
Congratulations! You have successfully installed and configured your Enterprise Nucleus Server!
Next Steps
To configure your Enterprise Nucleus Server with SSL/TLS and/or Single Sign-On (SSO), refer to the linked documentation.
Additional Docker Compose Command Reference
Additional commands for managing your docker compose
environment:
docker compose --env-file <.env file path> -f <.yml file path> down
- stops the running stackdocker ps
- prints the status of the running containers to the display