In some situations, the Smartfacts server has no access to the internet. In this case, it is not possible to download the needed software and images. This article describes which options we have to install Smartfacts in such scenarios.

Content

Preparations

Server

Please provide a server that meets the following requirements:

• CPU:

  • x64 / AMD64 processor - ARM based servers will not work

  • Minimum: 6 Cores

• RAM: minimum 32 GB

• Hard disk: minimum 150 GB

  Most of the data will be stored under /var/lib/rancher/k3s

• Operating System: Linux

  All Linux distributions running K3s can be used.

  If you are using a Red Hat / CentOS Linux, please perform these preparations:

  • It is recommended to turn off firewalld:

    systemctl disable firewalld --now

  • If enabled, it is required to disable nm-cloud-setup and reboot the node:

    systemctl disable nm-cloud-setup.service nm-cloud-setup.timer

    reboot

• The user performing the installation will need sudo privileges

• The server must be connected to the internet

DNS

Please define a domain for Smartfacts. Either add a wildcard entry *.<domain-name> to the DNS or enter the required URLs individually:

• smartfacts.<domain-name>

• camp.<domain-name>

• identity.<domain-name>

• genoslc.<domain-name>

• oslc.<domain-name>

Certificates

Please prepare certificates for the server which meet the following requirements:

• It is an X.509 certificate which is suitable for server authentication

• Base64-coded in PEM format

• Hostnames

  • The certificat must be issued on the hostnames

    • smartfacts.<domain-name>

    • camp.<domain-name>

    • identity.<domain-name>

    • genoslc.<domain-name>

    • oslc.<domain-name>

  • Hostnames must also be stored in the "Subject Alternative Name" attribute of the certificate

  • All hostnames and subject alternative names must be written in lower case

• The certificat must be valid (valid from, valid to)

• It is suitable for the provided private key

• The private key may not be password protected

• The certificate should comprise the complete certificate chain where possible

  If this is missing, then an attempt is made to download the missing intermediate and root certificate during installation.

Install the software

Download the software

...

If not done so far please prepare your infrastructure as described in https://smartfacts.atlassian.net/wiki/spaces/SPD/pages/54624257/Installing+Smartfacts+for+Proof+of+Concepts#Prepare-your-infrastructure.

Optional: set up the Kubernetes environment

If you do have a Kubernetes environment at hand, you can install in your on cluster. Otherwise you can install a single node Kubernets on a VM by following these instructions:

Download the software

• Download the latest stable “k3s” and “k3s-airgap-images-amd64.tar.gz” blobs from the “Assets” section “Assets” at of https://github.com/k3s-io/k3s/releases
  

  Image Added

• Download the Helm binaries for Linux amd64 from https://github.com/helm/helm/releases

• Copy the content contents of the K3s install script at https://get.k3s.io into a new text file named called “install.sh”:

  Code Block
  wget https://get.k3s.io./ -O install.sh

• Download the file https://cp.mid.de/releases/smartfacts-air-gapped/install_airgapped_software.sh

  Code Block
  language bash
  wget https://cp.mid.de/releases/smartfacts-air-gapped/install_airgapped_software.sh

Copy the files to the Smartfacts server

• In your home directory, create Create a new directory “download” Create a new directory “software” under “download”with a subdirectory “software” in your home directory:

  Code Block
  language bash
  mkdir -p download/software

• Copy all downloaded files to ~/download/software
  After copying all files, the file structure should look like this:

  Code Block
  download └── software ├── helm-v3.1017.3-linux-amd64.tar.gz ├── install_airgapped_software.sh ├── install_airgapped_software.sh ├── k3s └── k3s-airgap-images-amd64.tar.gz

Execute the installation script

In the directory ~/download/software make the install script executeable and execute it:

chmod u+x install_airgapped_software.sh

and execute it:

./install_airgapped_software.sh

Download the Smartfacts Helm

...

chart

• Log with the provided credential into the Smartfacts Chart Registry using the credentials provided and download the latest chart version that does not have contain the postfix “-dev”.

• Copy the downloaded helm chart to your home directory on the Smartfacts server

• Extract the helm chart with using the command

  Code Block
  tar -xvzfxf smartfacts-*.tgz

Create the deployment configuration

Provide Certificates and Key as Base64 String

The Prerequisite is: The complete certificate chain is available in a file as base64-encoded x509 certificates. The certificates are contained in the file in the correct order (server certificate at the top, root certificate at the bottom). See Section “Certificates” above in this article.

Save the certificate chain as a base64-encoded string:

cat <your certificate chain.crt> | base64 -w0 > chain.crt.base64

Save certificate key as a base64-encoded string:

cat <your certificate key.key> | base64 -w0 > key.base64

Customize Values File

• Change to the home directory of your user 's home directory on the server and create a new text file values.yaml with the following content:

  Code Block

  global: domainregistry: "<your-domain> private registry>" instancedomain: "smartfacts<your-pocdomain>" registryinstance: "librarysmartfacts-poc" cert: crtFullChain: "<FULL-CHAIN-CERT-BASE64>" key: "<CERT-KEY-BASE64>" ingress: enabled: true # Smartfacts supports Traefik and nginx as Ingress Controller. # The default is Traefik. # If you use nginx as ingress controller please comment in this line: #ingressClassType: "nginx" genoslc: enabled: true env: trsEnabled: false # Set to true if you use Smartfacts as data source for a link index configuration: # Give a list of up to 5 usernames of users which will have the administration right to change settings in Smartfacts. # At leas one administrator user must be stated here. administrators: - acm # replace this value with the username of the person who should configure the oauth10a information for the OSLC Connector for Smartfacts # key used to encrypt the oauth10a configuration data oauth10aEncryptionKey: "" # define the key which is used to encrypt the oauth10a information in the database spa: cspConf: externalUrls: "" # space separated list of your tool urls (IBM Jazz, Jama, Codebeamer) plugin: importPlugins: true # "true" for first installation, "false" for minor updates will speed up the update process a lot mailservice: enabled: false genoslccamp: enabled: false kafka: enabled: false

• Replace the value of the domain property property registry with the name of your private registry

• Replace the value of the property domain with your domain name.

• Replace the placeholder of the property crtFullChain property with the content of the file chain.crt.base64.

• Replace the placeholder of the property key property with the content of the key.base64 file.

• Save the file values.yaml file.

Provide the container images

The Kubernetes environment at the Smartfacts server needs to must have access to the Smartfacts container images of Smartfacts.

The recommended way of providing to gain access to the container images is to add the Smartfacts registry https://repo.mid.de to an existing container registry at in your company which organisation that has access to the internet. This registry works serves as a proxy registry , so that the air gapped Smartfacts server can load the Smartfacts images through that this proxy registry. Follow the instructions in section

Provide container images with a proxy container

...

registry

...

If it is not possible to use a proxy repository, the container images can be loaded directly into the container service at the Smartfacts server. To do this follow the instructions in section Provide container images without a container registry.

Expand
title Provide container images with a proxy container registry
Provide container images with a proxy container registry Please contact your administrators to add the Smartfacts registry https://repo.mid.de to the proxy registry. Add login data to the proxy registry To connect to your proxy registry you must insert the login information of the proxy registry in your values.yaml file. To do so, replace the placeholder in the following text and insert it into a file “registrylogin.txt” on the Smartfacts server. Code Block { "auths": { "<proxy registry name>" : { "username":"<username>", "password":"<password>" } } } Replace the placehoder <proxy registry name> with the name of your proxy registry without a protocoll (e.g. write “repo.yourcompany.com”, not “https://repo.yourcompany.com”) Replace the value of the fields “username” an “password” with the credentials for your proxy registry Save the file with filename “registrylogin.txt” convert the login info to base64 Code Block cat registrylogin.txt | base64 -w0 > registrylogin.base64 In the file “values.yaml” add a new line below the line starting with “instance” with the content Code Block repologin: "<content of file registrylogin.base64>" Replace the placehoder “<content of file registrylogin.txt>“ with the content of the file “registrylogin.base64” Make sure that the indentation at the begin of the line is exact the same as in the line above delet the files “registrylogin.txt” and “registrylogin.base64”

Expand
title Provide container images without a container registry
Provide container images without a container registry In this scenario you will download the container images manually and copy it to the server. Enter the web page for downloading the container images. The link of the web page contains the chart version. It has the following format: https://cp.mid.de/releases/smartfacts-air-gapped/smartfacts_air_gapped_<HELM_CHART_VERSION>.html Make shure to replace <HELM_CHART_VERSION> with the version of the helm chart you have downloaded. You should now see the download page. Image Removed Download all files to your client PC create a new directory ~/download/smartfacts on the Smartfacts server copy the downloaded files to ~/download/smartfacts on the Smartfacts server Download the script for loading the images from https://cp.mid.de/releases/smartfacts-air-gapped/loadimages.sh and copy it to ~/download/smartfacts on the Smartfacts server Load the container images into k3s On the Smartfacts server Change into the directory ~/download/smartfacts make the script “loadimages.sh” executeable and execute it Code Block chmod u+x loadimages.sh ./loadimages.sh The script will check if all files are present and correct. If this is the case it will load the container images from the files.

Install Smartfacts

...

to add repo.mid.de to the proxy registry, you can push the images from repo.mid.de and pull them into your private registry.

Get a list of all necessary images

1. change into the directory of the helm chart

2. for this procedure, you need to temporarily change the registry in your customized values.yaml to the official MID registry:

   Code Block
   global: registry: "repo.mid.de"

3. Run the following command:

   Code Block
   helm template smartfacts mid-smartfacts/smartfacts -f values.yaml | grep "image:" | sed 's/^[[:space:]]*image:[[:space:]]*"\?\([^"]*[^[:space:]]\)"\?/\"\1/'

   The output is a list of images with tags.

4. Make sure to change the registry back to your private registry before performing the deployment.

Push the images to your local registry

You can automate the pull and push of the images using this script:

#!/bin/bash
# target_registry: Your private registry. Make sure that you are already logged in into your registry.
target_registry="<your private registry to push to>"

# List of source images
images=(
<insert the list of images here, one entry per line, including the quotes>
)

# Loop through each image
for image in "${images[@]}"; do
  # Pull the image
  sudo docker pull "$image"
  # Extract the repository name and tag
  repo_tag="${image##*/}"
  echo "repo_tag: $repo_tag"
  # Construct the target image name
  target_image="$target_registry/$repo_tag"
  echo "target_image: target_image"
  # Tag the image with the target registry
  sudo docker tag "$image" "$target_image"
  # Push the image to the target registry
  sudo docker push "$target_image"
done

1. Save the script as copy_images.sh.

2. Make sure that you are already logged in to your private registry prior to invoking this script

3. Run the script on a machine that has

   • Docker installed

   • connectivity to the Internet

   • connectivity to your private registry

     Code Block
     bash copy_images.sh

Add login data to your private registry

1. Create the namespace Smartfacts, if not already present in your cluster:

   Code Block
   sudo kubectl create namespace smartfacts

2. Create the registry secret in the smartfacts namespace.

   Code Block
   sudo kubectl create secret docker-registry regcred --docker-server=<private registry name> --docker-username=<username> --docker-password=<password> -n smartfacts

   • replace the placeholders with the values for your private image registry

Install Smartfacts

Execute the installation

In the user's home directory, enter the following command to execute the Installation:

sudo helm upgrade --install --timeout 15m0s smartfacts ./smartfacts -f values.yaml -n smartfacts --create-namespace

Watch

...

deployment events (in a new

...

session)

Open a second session on the server and enter the following command:

sudo watch kubectl get alldeployments -n smartfacts

...

Enter the following command to show the Smartfacts URLs:URLs (please make sure to prefix it with “https://” in your browser):

sudo kubectl get ingress -n smartfacts

Prepare the Smartfacts Model Warehouse

A note on Smartfacts PoC Test Users

For the Smartfacts PoC you can use the generated test users “poc1”…”poc50”. All poc-users have the same password “poc”. For managing the test users in the CAMP use the account administrator user “acm” which has the password “acm”.

Create a Smartfacts Model Warehouse

1. Open the Smartfacts URL in your browser: https://smartfacts.<yoursmartfactsdomain> and log-in with the account manager credentials (user “acm”, password “acm”).

2. You will now be asked to create a Model Warehouse.

   1. Click on CREATE A NEW MODEL WAREHOUSE.

   2. In the create dialog, first select the previously created account.

   3. Provide a name for the Model Warehouse.

   4. Optionally, activate the check box Create Demo Models if you want some demo content to be added to the Model Warehouse.

Model Warehouse creation is the final step in the Smartfacts platform set-up process.

Install the Plug-Ins

It depends on which tools you want to use in connection with Smartfacts. Smartfacts provides a plug-in for every tool which is supported. You can download the plug-ins from the main menu via the command Get Plug-ins.

Troubleshooting

Display events

If the deployments don`t get healthy, you can display the event messages of the installation:

sudo kubectl get events -n smartfacts

These events show some common error conditions (e.g. Images are not found; insufficient ressources)

How to Move k3s data to another partition or disk