Provision On-Prem VyOS Edge (HyOps Blueprint)¶
Purpose¶
Provision a VyOS edge VM on Proxmox using a state-first template path and deterministic SSH key access.
Scope¶
Blueprint ref: networking/onprem-vyos-edge@v1
Target step state slot: platform/onprem/vyos-edge#vyos_edge_vm
The VyOS edge step is intentionally pinned to state_instance: vyos_edge_vm.
Do not mix:
- non-instance runs (platform/onprem/vyos-edge), and
- instance runs (platform/onprem/vyos-edge#vyos_edge_vm)
for the same VM names in one environment.
Prepare the env-scoped overlay¶
hyops blueprint init --env dev \
--ref networking/onprem-vyos-edge@v1 \
--dest-name onprem-vyos-edge.yml
Edit:
- ssh_keys (real public key, no placeholder)
- template_vm_id / template_name if different in your Proxmox
- interface IP/gateway values
- cloud_init_meta_data.instance-id to match the environment naming policy
Local preflight¶
hyops blueprint preflight --env dev \
--file "$HOME/.hybridops/envs/dev/config/blueprints/onprem-vyos-edge.yml"
Proxmox runner preflight¶
hyops runner blueprint preflight --env dev \
--runner-state-ref platform/linux/ops-runner#onprem_ops_runner_bootstrap \
--file "$HOME/.hybridops/envs/dev/config/blueprints/onprem-vyos-edge.yml"
Clean e2e cycle (destroy then deploy)¶
# clean the active edge instance slot
hyops destroy --env dev \
--module platform/onprem/vyos-edge \
--state-instance vyos_edge_vm \
--inputs "$HOME/.hybridops/envs/dev/config/modules/platform__onprem__vyos-edge/instances/vyos_edge_vm.inputs.yml"
# deploy from Proxmox runner
hyops runner blueprint deploy --env dev \
--runner-state-ref platform/linux/ops-runner#onprem_ops_runner_bootstrap \
--file "$HOME/.hybridops/envs/dev/config/blueprints/onprem-vyos-edge.yml" \
--execute --yes
Verify¶
ssh root@192.168.0.27 'qm list | awk "NR==1 || /edge/"'
ssh -i ~/.ssh/id_ed25519 vyos@10.10.0.20 'hostname && ip -4 -o a s eth0'
jq '.status,.run_id,.outputs.vm_ids' \
"$HOME/.hybridops/envs/dev/state/modules/platform__onprem__vyos-edge/instances/vyos_edge_vm.json"
Expected:
- dev-edge-01 present on Proxmox
- SSH to vyos@10.10.0.20 succeeds with key auth
- instance state is ok
Troubleshooting¶
vm name collision detected across module state slots: destroy the stale slot first (latestor oldstate_instance) and rerun.- runner preflight mismatches local validator behavior:
refresh runner payload by re-applying
platform/linux/ops-runner#onprem_ops_runner_bootstrapfrom current source. - placeholder key validation failure:
replace
CHANGE_ME_*key strings with a real OpenSSH public key.