Enterprise Nucleus Server Quick Start Tips

About These Tips

Enterprise Nucleus Server quick start tips provide minimal instructions for installing and configuring NVIDIA Omniverse Enterprise Nucleus Server on Ubuntu. If you need complete instructions please refer to the installation methodology and the nucleus-stack.env file (included in the installation package) which contains the majority of the details required for a successful install.

Compose files will pick up various containers for Nucleus components from a docker container registry, access to which is required in addition to obtaining the compose files.

Please contact your NVIDIA representative to obtain access to the above artifacts.

Getting the Enterprise Nucleus Server Docker Files

After your order for NVIDIA Omniverse Nucleus subscription licenses has been processed, you will receive an order confirmation message from NVIDIA. This message contains information that you need for getting NVIDIA Omniverse software from the NVIDIA Licensing Portal. To log in to the NVIDIA Licensing Portal, you must have an NVIDIA Enterprise Account.

Downloading the Enterprise Nucleus Server Package

From the NVIDIA Licensing portal select SOFTWARE DOWNLOADS, set product family to Omniverse Enterprise. Select Download NVIDIA Omniverse Nucleus Enterprise.

../../../_images/nucleus_quickstart_softwareDownload.png

This will download the nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9.tar.gz package.

Note

The name of the nucleus-stack package you download may differ depending on the product version

Docker

Getting Started

For installing Docker CE, follow the official instructions for your supported Linux distribution. For convenience, the documentation below includes instructions on installing Docker on Ubuntu.

Installing on Ubuntu

The following steps can be used to setup NVIDIA Container Toolkit on Ubuntu LTS - 16.04, 18.04, 20.4.

Install Helper Utilities

1
2
3
4
5
6
sudo apt-get install \
  apt-transport-https \
  ca-certificates \
  curl \
  gnupg \
  lsb-release

Setting Up Docker

Docker-CE on Ubuntu can be setup using Docker’s official convenience script:

curl https://get.docker.com | sh \
  && sudo systemctl --now enable docker

Follow the official instructions for more details and post install actions.

Note

Some terminal applications do not support pasting across multiple lines well. If you find that you are getting errors, try editing & pasting each command as one line.

Test Docker Install

Verify your installation worked using the following command:

sudo docker run hello-world
../../../_images/nucleus_quickstart_helloWorld.png

Setting Up Docker Compose

Next, setup Docker’s docker-compose utility:

sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
docker-compose --version

Follow the official Docker Compose instructions for more details

Enterprise Nucleus Server Installation

  • Copy the nucleus-stack package to a local temporary directory (e.g. /tmp) on your linux server.

  • Enter the temporary directory.

cd /tmp
  • Create an install directory (e.g. /opt/ove)

sudo mkdir /opt/ove
  • Extract the nucleus-stack package to your install directory

sudo tar xzvf nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9.tar.gz -C /opt/ove --strip-components=1
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/README.md
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/base_stack/generate-sample-insecure-secrets.sh
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/base_stack/nucleus-stack-no-ssl.yml
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/base_stack/nucleus-stack-ssl.yml
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/base_stack/nucleus-stack.env
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/base_stack/saml/federation.meta.blank.xml
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/ssl/nginx.ingress.router.conf
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/sso/nucleus-sso-gateway.env
nucleus-stack-2021.2.2-2021-10-13-184202-5b7bddf9/sso/nucleus-sso-gateway.yml
  • Within your install directory you will find three directories: base_stack, ssl, and sso.

  • For this quick start we are concerned with configuring nucleus-stack.env within the base_stack directory

  • Enter the base_stack directory

cd /opt/ove/base_stack
  • Using your favorite text editor, make the following changes to nucleus-stack.env

sudo nano nucleus-stack.env

Uncomment Accept EULA

######################################################
# End-User License Agreement (EULA)
######################################################
#Uncomment to indicate your acceptance of EULA
ACCEPT_EULA=1

Change the IP or hostname

#SERVER_IP_OR_HOST=USE_CORRECT_HOSTNAME_OR_IP_HERE
SERVER_IP_OR_HOST=myhost.mydomain.com

Modify default passwords

# Master superuser ('omniverse') user's password
#
# This is the initial setting and you can change this password
# later.
#
# If you change this password using the UI, you will NOT be able to
# reset it from here. The only way to recover it would be to
# delete your accounts' db (that will delete ALL accounts),
# located in ${DATA_ROOT}/local-accounts-db/

MASTER_PASSWORD=MY_NEW_PASSWORD

# Password for built-in service accounts for all services
# shipped with this stack.
#
# Authentication DB will be initialized with this password, and
# all the services will be configured to use it. Our recommendation is
# to configure this once, and not touch it.
#
# If you desire to change service accounts' password,
# use your Superuser (`omniverse`), change
# service accounts' passwords for **all** `*_service` accounts to be
# the same new password, update the value below, and restart your stack.

SERVICE_PASSWORD=MY_NEW_PASSWORD

Set the default mount point

################################################################################
## Data
################################################################################

# Set this variable to where you want Nucleus Data to be.
# Make sure the right kind of disk and adequate amount of disk space is
# available.
#
# It will contain the actual data, as well as logs. File and dir names
# should be self-explanatory.
#
# If running on top of data from an older version of Nucleus, data upgrade
# may be required. Use `nucleus-upgrade-db.yml` stack
# along with this .env file to perform the upgrade.
#
# To validate internal consistency of data, use `nucleus-verify-db.yml`
# along with this .env file to run the verifier tool.
#
# IMPORTANT: Nucleus Stack must be stopped to perform verification and/or
# IMPORTANT: upgrade.

DATA_ROOT=/var/lib/omni/nucleus-data

Remember to uncomment the ACCEPT_EULA=1 in nucleus-stack.env

At the bottom of nucleus-stack.env, find the subnet section. If the subnet defined in CONTAINER_SUBNET conflicts with any existing subnet in your network, then re-define it. IP addresses for Nucleus containers will be allocated from this subnet. If the internal containers’ IPs conflict with your networks’ subnets, things will be broken.

CONTAINER_SUBNET=192.168.2.0/26

Required Secrets

Please review the section of the nucleus-stack.env file titled “Required Secrets” Public-Private keypair to act as the root of trust between the Authentication and Core Nucleus services

# For a quick !>INSECURE<! evaluation, a simple shell script generating these
# values is provided along with this stack,
#
# generate-sample-insecure-secrets.sh
# -----------------------------------
#
# Feel free to use it to arrive at a quick sample set;
# but MAKE SURE YOU UNDERSTAND THAT THE SAMPLE SET IS INSECURE.
#
# For any real environment, we recommend reviewing what
# generate-sample-insecure-secrets.sh does, and provisioning the same
# *type* of secrets in whichever manner is appropriate for your environment.

If you wish to quickly set up a Nucleus instance and not worry about generating production-grade secrets, a useful script called generate-sample-insecure-secrets.sh is included with the Stack.

  • Enter the base_stack directory

cd /opt/ove/base_stack
  • Run the generate-sample-insecure-secrets.sh

sudo ./generate-sample-insecure-secrets.sh

Warning

generate-sample-insecure-secrets.sh is not intended to be used in production environments, but rather as an illustration only. Please consult your security policies and / or Information Security teams to determine how to handle production secrets. For any real environment, we recommend reviewing what the sample does and provision the same type of secrets in the appropriate manner for your environment.

Running Docker Compose to Build the Stack

For this quick start guide we are using nucleus-stack.env and nucleus-stack-no-ssl.yml files. For SSL/TLS. and/or SSO installations please refer to SSL/TLS Configuration and Integrating with SSO documentation for further guidance.

Pull the containers Docker will use the .yml file and the .env to do this.

Change the path to the location of the files before executing the command.

sudo docker-compose --env-file <.env file path> -f <.yml file path> pull
sudo docker-compose --env-file <.env file path> -f <.yml file path> up -d

Example: These are the file paths we created earlier. If you changed the file location please edit these command before running.

This will pull the containers.

sudo docker-compose --env-file /opt/ove/nucleus-stack.env -f /opt/ove/nucleus-stack-no-ssl.yml pull

This will start the stack in foreground.

sudo docker-compose --env-file /opt/ove/nucleus-stack.env -f /opt/ove/nucleus-stack-no-ssl.yml up

We recommend watching the log spew to spot if there are any issues. If everything works fine, you can stop your stack by pressing Ctrl+C and waiting for it to shut down, and then restart it in the “daemonised” mode:

sudo docker-compose --env-file /opt/ove/nucleus-stack.env -f /opt/ove/nucleus-stack-no-ssl.yml up -d

Congratulations! You have now successfully installed Enterprise Nucleus Server.

A Few More Useful Commands

You should be up & running. Here are a few more commands that you might find useful as well:

If you want to see all the information flashing by on the screen run the up command without the -d.

sudo docker-compose --env-file /opt/ove/nucleus-stack.env -f /opt/ove/nucleus-stack-no-ssl.yml up

To stop the containers:

sudo docker-compose --env-file /opt/ove/nucleus-stack.env -f /opt/ove/nucleus-stack-no-ssl.yml down

Verifying Enterprise Nucleus Server is Up.

When running Nucleus for the first time we recommend running docker in the foreground i,e using:

sudo docker-compose --env-file /opt/ove/nucleus-stack.env -f /opt/ove/nucleus-stack-no-ssl.yml up

After about 30 to 60 secs the output on the screen should be stable. If it is not please stop Nucleus and review the steps in this guide.

To see the status of all the containers running Run docker ps to check that all the services are running.

sudo docker ps

This verification command will format nicely if you run it a few times and have a wide terminal window open to view it.