Merge branch 'main' into 2026-upgrade

Author: soniabha-intc

docs/deployment_guide/on_prem_deployment/on_prem_deployment_profiles/on_prem_oxm_profile.rst

@@ -51,9 +51,9 @@ A sample network topology is presented in the diagram below:
 #. Most of Edge Orchestrator services are accessible via ``TRAEFIK_IP``, a Virtual IP reserved in the local subnet.
 
 #. The Edge Orchestrator must be configured with two more Virtual IPs that are reserved in the local subnet. ``ARGO_IP`` is used to access
-   ArgoCD server, while ``NGINX_IP`` exposes installation artifacts that are downloaded by Edge Nodes during OS provisioning.
+   ArgoCD server, while ``HAPROXY_IP`` exposes installation artifacts that are downloaded by Edge Nodes during OS provisioning.
 
-#. Note that one of ``TRAEFIK_IP``, ``NGINX_IP`` and ``ARGO_IP`` can be same as the physical interface's IP address (``ARGO_IP`` in the example).
+#. Note that one of ``TRAEFIK_IP``, ``HAPROXY_IP`` and ``ARGO_IP`` can be same as the physical interface's IP address (``ARGO_IP`` in the example).
 
 #. Only the PXE server is attached to the host networking and binds to the IP address of the physical network interface to listen to DHCP requests.
 
@@ -156,7 +156,7 @@ Post-installation steps
      .. code-block:: shell
 
         address=/[on.prem.domain.name]/[traefik-external-ip]
-        address=/tinkerbell-nginx.[on.prem.domain.name]/[ingress-nginx-external-ip]
+      address=/tinkerbell-haproxy.[on.prem.domain.name]/[ingress-nginx-external-ip]
 
 #. Retrieve the self-signed Edge Orchestrator certificate and install it to the trust store.
 

docs/deployment_guide/on_prem_deployment/on_prem_get_started/index.rst

@@ -85,7 +85,7 @@ Firewall Configuration
 The following table lists the network endpoints for Edge Orchestrator and edge nodes, which you can use to configure firewall rules tailored to your network environment.
 
 * ArgoCD Admin UI at ``argo.{domain}``. Intel recommends that you restrict the incoming traffic to a subset of known source IPs because this is an administrator interface.
-* BIOS Onboarding accesses ``tinkerbell-nginx.{domain}``.
+* BIOS Onboarding accesses ``tinkerbell-haproxy.{domain}``.
 * You can access all other services from edge nodes agents, UI, and APIs of Edge Orchestrator.
 
 .. list-table:: Network Endpoints for Edge Orchestrator and Edge Nodes
@@ -252,7 +252,7 @@ The following table lists the network endpoints for Edge Orchestrator and edge n
      -  443
      -  Edge infrastructure management
    * -  Edge node
-     -  tinkerbell-nginx.{domain}
+     -  tinkerbell-haproxy.{domain}
      -  TCP
      -  443
      -  BIOS onboarding

docs/deployment_guide/on_prem_deployment/on_prem_get_started/on_prem_install.rst

@@ -103,7 +103,10 @@ Core Deployment Configuration
      - ``registry-rs.edgeorchestration.intel.com``
    * - ``DEPLOY_VERSION``
      - Version of Edge Orchestrator to deploy
-     - ``v2025.2.0``
+     - ``v2026.0.0``
+   * - ``DEPLOY_REPO_BRANCH``
+     - Git tag or branch for deployment repository (overrides default commit)
+     - ``v2026.0.0``
    * - ``ORCH_INSTALLER_PROFILE``
      - Deployment profile for Edge Orchestrator
      - ``onprem``
@@ -144,8 +147,8 @@ Network Configuration
    * - ``TRAEFIK_IP``
      - MetalLB IP address for Traefik
      - (empty)
-   * - ``NGINX_IP``
-     - MetalLB IP address for NGINX
+   * - ``HAPROXY_IP``
+     - MetalLB IP address for HAProxy
      - (empty)
 
 Container Registry Configuration
@@ -787,7 +790,7 @@ An example of the `dnsmasq` config file:
    address=/vnc.[on.prem.domain.name]/[traefik-external-ip]
    address=/web-ui.[on.prem.domain.name]/[traefik-external-ip]
    address=/ws-app-service-proxy.[on.prem.domain.name]/[traefik-external-ip]
-   address=/tinkerbell-nginx.[on.prem.domain.name]/[ingress-nginx-external-ip]
+   address=/tinkerbell-haproxy.[on.prem.domain.name]/[ingress-nginx-external-ip]
    address=/mps.[on.prem.domain.name]/[traefik-external-ip]
    address=/rps.[on.prem.domain.name]/[traefik-external-ip]
    address=/mps-wss.[on.prem.domain.name]/[traefik-external-ip]

docs/deployment_guide/on_prem_deployment/on_prem_how_to/on_prem_upgrade.rst

@@ -1,23 +1,23 @@
 On-Prem Upgrade Guide
 =========================
 
-**Upgrade Path:** EMF On-Prem v3.1.3 → v2025.2.0
+**Upgrade Path:** EMF On-Prem v2025.2.0 → v2026.0.0
 
 **Document Version:** 1.0
 
 Overview
 --------
 
 This document provides step-by-step instructions to upgrade
-On-Prem Edge Manageability Framework (EMF) from version v3.1.3 to v2025.2.0.
+On-Prem Edge Manageability Framework (EMF) from version v2025.2.0 to  v2026.0.0
 
 Prerequisites
 -------------
 
 System Requirements
 ~~~~~~~~~~~~~~~~~~~
 
-- Current EMF On-Prem installation version 3.1.3 or later
+- Current EMF On-Prem installation version v2025.2.0 or later
 - Root/sudo privileges on orchestrator node
 - PostgreSQL service running and accessible
 - Sufficient disk space for backups (~200GB minimum)
@@ -53,7 +53,7 @@ Step 1: Download the Latest On-Prem Upgrade Script
     REGISTRY_URL='registry-rs.edgeorchestration.intel.com'
     RS_PATH='edge-orch/common/files/on-prem'
     ORAS_VERSION='1.1.0'
-    ORCH_VERSION='v2025.2.0'
+    ORCH_VERSION='v2026.0.0'
 
     # Install oras if not already installed
     if ! command -v oras &> /dev/null; then
@@ -135,7 +135,10 @@ Core Deployment Configuration
      - ``registry-rs.edgeorchestration.intel.com``
    * - ``DEPLOY_VERSION``
      - Version of Edge Orchestrator to deploy
-     - ``v2025.2.0``
+     - ``v2026.0.0``
+   * - ``DEPLOY_REPO_BRANCH``
+     - Git tag or branch for edge-manageability-framework deployment repository
+     - ``v2026.0.0``
    * - ``ORCH_INSTALLER_PROFILE``
      - Deployment profile for Edge Orchestrator
      - ``onprem``
@@ -176,10 +179,14 @@ Network Configuration
    * - ``TRAEFIK_IP``
      - MetalLB IP address for Traefik
      - (empty)
-   * - ``NGINX_IP``
-     - MetalLB IP address for NGINX
+   * - ``HAPROXY_IP``
+     - MetalLB IP address for HAProxy
      - (empty)
 
+.. note::
+   In **v2026.0.0 (latest release)**, the ingress controller was **replaced from NGINX to HAProxy**.
+   Please check whether the DNS entry for HAProxy is present after installation .
+
 Container Registry Configuration
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -335,6 +342,7 @@ Update the following sections:
 - **CORE DEPLOYMENT CONFIGURATION:**
   - RELEASE_SERVICE_URL
   - DEPLOY_VERSION
+  - DEPLOY_REPO_BRANCH
   - ORCH_INSTALLER_PROFILE
 
 - **AUTHENTICATION & SECURITY:**
@@ -343,7 +351,7 @@ Update the following sections:
 
 - **NETWORK CONFIGURATION:**
   - CLUSTER_DOMAIN
-  - ARGO_IP, TRAEFIK_IP, NGINX_IP
+  - ARGO_IP, TRAEFIK_IP, HAPROXY_IP
 
 - **CONTAINER REGISTRY:**
   - GITEA_IMAGE_REGISTRY
@@ -367,8 +375,10 @@ Update the following sections:
    kubectl get svc traefik -n orch-gateway
    kubectl get svc ingress-nginx-controller -n orch-boots
 
-   # Set deployment version (replace with your actual upgrade version tag)
-   export DEPLOY_VERSION=v2025.2.0
+  # Set deployment version (replace with your actual upgrade version tag)
+  export DEPLOY_VERSION=v2026.0.0
+  #Set the deploy repo release tag/branch (Gitea commit/tag/branch from EMF repo)
+  export DEPLOY_REPO_BRANCH=v2026.0.0
 
    # Set non-interactive mode to true to skip prompts
    export PROCEED=true
@@ -427,7 +437,7 @@ Before confirming in Terminal 1, open **Terminal 2** and update configurations:
       # Check current LoadBalancer IPs
       kubectl get svc argocd-server -n argocd
       kubectl get svc traefik -n orch-gateway
-      kubectl get svc ingress-nginx-controller -n orch-boots
+      kubectl get svc ingress-haproxy-kubernetes-ingress -n orch-boots
 
       # Verify LB IP configurations are updated
       nano repo_archives/tmp/edge-manageability-framework/orch-configs/clusters/onprem.yaml
@@ -451,7 +461,7 @@ Step 7: Monitor Upgrade Progress
 
 The upgrade process includes:
 
-- Upgrade RKE2 to 1.34.1 versions
+- Upgrade RKE2 to 1.34.4 versions
 - OS Configuration upgrade
 - Gitea upgrade
 - ArgoCD upgrade
@@ -575,8 +585,8 @@ Verify that the ``signed_ipxe.efi`` image is downloaded using the freshly downlo
       # Delete both files before downloading
       rm -rf Full_server.crt signed_ipxe.efi
       export CLUSTER_DOMAIN=cluster.onprem
-      wget https://tinkerbell-nginx.$CLUSTER_DOMAIN/tink-stack/keys/Full_server.crt --no-check-certificate --no-proxy -q -O Full_server.crt
-      wget --ca-certificate=Full_server.crt https://tinkerbell-nginx.$CLUSTER_DOMAIN/tink-stack/signed_ipxe.efi -q -O signed_ipxe.efi
+      wget https://tinkerbell-haproxy.$CLUSTER_DOMAIN/tink-stack/keys/Full_server.crt --no-check-certificate --no-proxy -q -O Full_server.crt
+      wget --ca-certificate=Full_server.crt https://tinkerbell-haproxy.$CLUSTER_DOMAIN/tink-stack/signed_ipxe.efi -q -O signed_ipxe.efi
 
    Once the above steps are successful, the orchestrator (Orch) is ready for onboarding new Edge Nodes (EN).
 

docs/index.rst

@@ -116,6 +116,22 @@ you can find details about the high-level design and submit patches of your own.
         APIs offer Create, Read, Update, and Delete capabilities.
 
 
+Modular Workflows
+-----------------
+Device management workflows from EMF that showcase Intel Architecture capabilities,
+designed to be evaluated independently and seamlessly integrated into partner
+device-management solutions to extend their functionality.
+
+.. grid:: 3
+
+    .. grid-item-card:: Modular Workflows
+        :link: modular_workflows/index
+        :link-type: doc
+        :link-alt: clickable cards
+
+        Explore modular device management workflows that extend partner solutions with Intel Architecture capabilities.
+
+
 .. toctree::
    :hidden:
 
@@ -125,5 +141,6 @@ you can find details about the high-level design and submit patches of your own.
    developer_guide/index
    api/index
    system_requirements/index
+   modular_workflows/index
 
 

docs/modular_workflows/index.rst

@@ -0,0 +1,20 @@
+Modular Workflows
+=================
+
+Device management workflows from EMF that showcase Intel Architecture
+capabilities, designed to be evaluated independently and seamlessly integrated
+into partner device-management solutions to extend their functionality.
+
+.. grid:: 3
+
+    .. grid-item-card:: Modular vPro Workflow
+        :link: vpro-amt-ism/index
+        :link-type: doc
+        :link-alt: clickable cards
+
+        End-to-end activation and device management using Intel® vPro AMT and ISM.
+
+.. toctree::
+   :hidden:
+
+   vpro-amt-ism/index

docs/modular_workflows/vpro-amt-ism/architecture.rst

@@ -0,0 +1,71 @@
+Modular vPro Workflow Architecture
+==================================
+
+Architecture Diagram
+--------------------
+
+The modular vPro workflow makes use of components from the Edge Infrastructure
+Manager to provide an out-of-band (OOB) management pipeline for edge devices.
+The high level architecture of the workflow is shown in the following diagram:
+
+.. figure:: images/modular-vpro-architecture.png
+   :alt: High-Level Architecture of the modular vPro workflow
+
+Key Components
+--------------
+
+To enable the vPro device management for edge devices, the modular workflow
+uses the following Edge Infrastructure Manager services on the orchestrator:
+
+`Inventory <https://github.com/open-edge-platform/infra-core/tree/main/inventory>`_ is the state store
+in Edge Infrastructure Manager. The modular vPro workflow uses the inventory service to store the
+status of edge devices, including the current state of the device as well as the desired state.
+
+`API <https://github.com/open-edge-platform/infra-core/tree/main/apiv2>`_ provides a northbound REST based
+API that users and services can use to access Open Edge Platform services.
+
+`Orchestrator Command Line Interface (CLI) <https://github.com/open-edge-platform/orch-cli>`_ is a utility
+which provides a command line interface that allows users to interact and manage the Orchestrator services
+using the REST API.
+
+`Host Manager <https://github.com/open-edge-platform/infra-managers/tree/main/host>`_ is a service used to
+manager an edge node's hardware information. For the modular vPro workflow, this includes the status of the
+edge node device and the agents running there. The manager stores this information to inventory along with
+other information to identify the edge node.
+
+`Device Management Manager <https://github.com/open-edge-platform/infra-external/tree/main/dm-manager>`_ is a service
+that provides integration between the Intel® vPro™ Active Management Technology (AMT) and Intel® Standard Manageability (ISM)
+on the edge node and the services provided by the Device Management Toolkit outlined below. This includes enabling
+remote management of edge node devices, allowing for remote power management and system configuration.
+
+On the edge node device, the workflow requires the following agents:
+
+`Device Discovery Agent <https://github.com/open-edge-platform/edge-node-agents/tree/main/device-discovery-agent>`_ is an
+agent deployed on the edge node that is responsible for discovering and registering that edge node with the Edge Infrastructure
+Manager during onboarding. This includes collecting system information from the edge node and handling authentication with
+the orchestrator. The agent can be run in either an interactive or non-interactive mode.
+
+`Node Agent <https://github.com/open-edge-platform/edge-node-agents/tree/main/node-agent>`_ is an agent deployed on the edge node
+that is responsible for creating and refreshing any authentication tokens for agents running on the edge node. It also
+monitors the status of the edge node and the agents running on the node which it frequently reports to the Host Manager
+service in the Edge Infrastructure Manager.
+
+`Platform Manageability Agent <https://github.com/open-edge-platform/edge-node-agents/tree/main/platform-manageability-agent>`_ manages
+platform level manageability features on the edge node. It integrates the Remote Provisioning Client service from the Device
+Management Toolkit and Intel® vPro™ to enable OOB device management capabilities on the edge node.
+
+The vPro modular workflow also uses the following components from the `Device Management Toolkit (DMT) <https://device-management-toolkit.github.io/docs/2.31/Reference/architectureOverview/>`_
+on the orchestrator and edge node:
+
+`Management Presence Server (MPS) <https://device-management-toolkit.github.io/docs/2.31/Reference/MPS/configuration/>`_ allows
+edge nodes which have support for Intel® AMT to connect securely to remote manageability services.
+
+`Remote Provisioning Server (RPS) <https://device-management-toolkit.github.io/docs/2.31/Reference/RPS/configuration/>`_ is
+used to remotely connected to the Remote Provisioning Client service on an edge node device which supports Intel® AMT. It
+provides the required configuration profiles and settings needed to enable Intel® AMT for remote manageability of
+the device by MPS.
+
+`Remote Prvosioning Client (RPC) <https://device-management-toolkit.github.io/docs/2.31/Reference/RPC/overview/>`_ is a
+lightweight application written in Go that is installed on the edge node device and interacts directly with
+Intel® AMT. It communicates with the RPS service and activates and manages Intel® AMT based on the
+configuration profiles and settings sent by RPS.