Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 18 Next »

In some situations, the Smartfacts server has no access to the internet. In this case, it is not possible to download the needed software and images. This article describes which options we have to install Smartfacts in such scenarios.

Content

Preparations

Server

Please provide a server that meets the following requirements:

  • CPU:

    • x64 / AMD64 processor - ARM based servers will not work

    • Minimum: 6 Cores

  • RAM: minimum 32 GB

  • Hard disk: minimum 150 GB

    Most of the data will be stored under /var/lib/rancher/k3s

  • Operating System: Linux

    All Linux distributions running K3s can be used.

    If you are using a Red Hat / CentOS Linux, please perform these preparations:

    • It is recommended to turn off firewalld:

      systemctl disable firewalld --now

    • If enabled, it is required to disable nm-cloud-setup and reboot the node:

      systemctl disable nm-cloud-setup.service nm-cloud-setup.timer

      reboot

  • The user performing the installation will need sudo privileges

  • The server must be connected to the internet

DNS

Please define a domain for Smartfacts. Either add a wildcard entry *.<domain-name> to the DNS or enter the required URLs individually:

  • smartfacts.<domain-name>

  • camp.<domain-name>

  • identity.<domain-name>

  • genoslc.<domain-name>

  • oslc.<domain-name>

Certificates

Please prepare certificates for the server which meet the following requirements:

  • It is an X.509 certificate which is suitable for server authentication

  • Base64-coded in PEM format

  • Hostnames

    • The certificat must be issued on the hostnames

      • smartfacts.<domain-name>

      • camp.<domain-name>

      • identity.<domain-name>

      • genoslc.<domain-name>

      • oslc.<domain-name>

    • Hostnames must also be stored in the "Subject Alternative Name" attribute of the certificate

    • All hostnames and subject alternative names must be written in lower case

  • The certificat must be valid (valid from, valid to)

  • It is suitable for the provided private key

  • The private key may not be password protected

  • The certificate should comprise the complete certificate chain where possible

    If this is missing, then an attempt is made to download the missing intermediate and root certificate during installation.

Install the software

Download the software

Copy the files to the server

  • In your home directory, create a new directory “download”

  • Create a new directory “software” under “download”

  • Copy all downloaded files to ~/download/software
    After copying all files, the file structure should look like this:

    download
    └── software
        ├── helm-v3.10.3-linux-amd64.tar.gz
        ├── install.sh
        ├── install_airgapped_software.sh
        ├── k3s
        └── k3s-airgap-images-amd64.tar.gz

Execute the installation script

In the directory ~/download/software make the install script executeable and execute it:

chmod u+x install_airgapped_software.sh
./install_airgapped_software.sh

Download the Smartfacts Helm Chart

  • Log with the provided credential into the Smartfacts Chart Registry and download the latest chart version that does not have the postfix “-dev”.

  • Copy the downloaded helm chart to your home directory on the Smartfacts server

  • Extract the helm chart with the command

    tar -xvzf smartfacts-*.tgz

Create the deployment configuration

Provide Certificates and Key as Base64 String

Prerequisite: The complete certificate chain is in a file as base64-encoded x509 certificates. The certificates are contained in the file in the correct order (server certificate at the top, root certificate at the bottom). See Section “Certificates” above in this article.

Save certificate chain as a base64 string:

cat <your certificate chain.crt> | base64 -w0 > chain.crt.base64

Save certificate key as base64 string:

cat <your certificate key.key> | base64 -w0 > key.base64

Customize Values File

  • Change to your user's home directory on the server and create a new text file values.yaml with the following content:

    global:
      domain: "<your-domain>"
      smartfactsVersionOverride: "<downloaded common version>" #Syntax example: "2022.11.3" or "2022.12"
      commonVersionOverride: "<downloaded common version>"
      genoslcVersionOverride: "<downloaded common version>"
      instance: "smartfacts-poc"
      registry: "library"
      cert:
        crtFullChain: "<FULL-CHAIN-CERT-BASE64>"
        key: "<CERT-KEY-BASE64>"
      ingress:
        enabled: true
    mailservice:
      enabled: false
    genoslc:
      enabled: false
  • Replace the value of the domain property with your domain name.

  • Replace the value of the properties “smartfactsVersionOverride”, “commonVersionOverride“ and “genoslcVersionOverride“ with the exact versions of the images. You will see these versions by visiting the page https://cp.mid.de/releases/smartfacts-air-gapped/smartfacts_air_gapped_<HELM_CHART_VERSION>.html, where <HELM_CHART_VERSION> is the exact version of the Helm chart downloaded.
    If for example the helm chart version 3.12.14 is downloaded you will find the versions to insert here:

  • Replace the placeholder of the crtFullChain property with the content of the file chain.crt.base64.

  • Replace the placeholder of the key property with the content of the key.base64 file.

  • Save the values.yaml file.

Provide the container images

The Kubernetes environment at the Smartfacts server needs to have access to the container images of Smartfacts.

The recommended way of providing access to the container images is to add the Smartfacts registry https://repo.mid.de to an existing container registry at your company which has access to the internet. This registry works as a proxy registry, so the air gapped Smartfacts server can load the Smartfacts images through that proxy registry. Follow the instructions in section Provide container images with a proxy container registry if you can use a proxy registry.

If it is not possible to use a proxy repository, the container images can be loaded directly into the container service at the Smartfacts server. To do this follow the instructions in section Provide container images without a container registry.

 Provide container images with a proxy container registry

Provide container images with a proxy container registry

Please contact your administrators to add the Smartfacts registry https://repo.mid.de to the proxy registry.

Add login data to the proxy registry

To connect to your proxy registry you must insert the login information of the proxy registry in your values.yaml file.

To do so, replace the placeholder in the following text and insert it into a file “registrylogin.txt” on the Smartfacts server.

{
  "auths":
  {
    "<proxy registry name>" :
    {
      "username":"<username>",
      "password":"<password>"
    }
  }
}
  • Replace the placehoder <proxy registry name> with the name of your proxy registry without a protocoll (e.g. write “repo.yourcompany.com”, not “https://repo.yourcompany.com”)

  • Replace the value of the fields “username” an “password” with the credentials for your proxy registry

  • Save the file with filename “registrylogin.txt”

  • convert the login info to base64

    cat registrylogin.txt | base64 -w0 > registrylogin.base64
  • In the file “values.yaml” add a new line below the line starting with “instance” with the content

      repologin: "<content of file registrylogin.base64>"
    • Replace the placehoder “<content of file registrylogin.txt>“ with the content of the file “registrylogin.base64”

    • Make sure that the indentation at the begin of the line is exact the same as in the line above

  • delet the files “registrylogin.txt” and “registrylogin.base64”

 Provide container images without a container registry

Provide container images without a container registry

In this scenario you will download the container images manually and copy it to the server.

  • Enter the web page for downloading the container images. The link of the web page contains the chart version. It has the following format:
    https://cp.mid.de/releases/smartfacts-air-gapped/smartfacts_air_gapped_<HELM_CHART_VERSION>.html

    • Make shure to replace <HELM_CHART_VERSION> with the version of the helm chart you have downloaded. You should now see the download page.

  • Download all files to your client PC

  • create a new directory ~/download/smartfacts on the Smartfacts server

  • copy the downloaded files to ~/download/smartfacts on the Smartfacts server

  • Download the script for loading the images from https://cp.mid.de/releases/smartfacts-air-gapped/loadimages.sh and copy it to ~/download/smartfacts on the Smartfacts server

Load the container images into k3s

On the Smartfacts server

  • Change into the directory ~/download/smartfacts

  • make the script “loadimages.sh” executeable and execute it

    chown u+x loadimages.sh
    ./loadimages.sh

The script will check if all files are present and correct. If this is the case it will load the container images from the files.

Install Smartfacts

Execute the Installation

Enter the following command to execute the Installation:

sudo helm upgrade --install smartfacts ./smartfacts -f values.yaml -n smartfacts --create-namespace

Watch Deployment (in a new Session)

Open a second session on the server and enter the following command:

sudo watch kubectl get all -n smartfacts

Show Smartfacts URLs

Enter the following command to show the Smartfacts URLs:

sudo kubectl get ingress -n smartfacts
  • No labels

0 Comments

You are not logged in. Any changes you make will be marked as anonymous. You may want to Log In if you already have an account.