In some situations, the Smartfacts server has no access to the internet. In this case, it is not possible to download the needed software and images. This article describes which options we have to install Smartfacts in such scenarios.
Content
Preparations
Server
Please provide a server that meets the following requirements:
CPU:
x64 / AMD64 processor - ARM based servers will not work
Minimum: 6 Cores
RAM: minimum 32 GB
Hard disk: minimum 150 GB
Most of the data will be stored under
/var/lib/rancher/k3s
Operating System: Linux
All Linux distributions running K3s can be used.
If you are using a Red Hat / CentOS Linux, please perform these preparations:
It is recommended to turn off firewalld:
systemctl disable firewalld --now
If enabled, it is required to disable nm-cloud-setup and reboot the node:
systemctl disable nm-cloud-setup.service nm-cloud-setup.timer
reboot
The user performing the installation will need sudo privileges
The server must be connected to the internet
DNS
Please define a domain for Smartfacts. Either add a wildcard entry *.<domain-name>
to the DNS or enter the required URLs individually:
smartfacts.<domain-name>
camp.<domain-name>
identity.<domain-name>
genoslc.<domain-name>
oslc.<domain-name>
Certificates
Please prepare certificates for the server which meet the following requirements:
It is an X.509 certificate which is suitable for server authentication
Base64-coded in PEM format
Hostnames
The certificat must be issued on the hostnames
smartfacts.<domain-name>
camp.<domain-name>
identity.<domain-name>
genoslc.<domain-name>
oslc.<domain-name>
Hostnames must also be stored in the "Subject Alternative Name" attribute of the certificate
All hostnames and subject alternative names must be written in lower case
The certificat must be valid (valid from, valid to)
It is suitable for the provided private key
The private key may not be password protected
The certificate should comprise the complete certificate chain where possible
If this is missing, then an attempt is made to download the missing intermediate and root certificate during installation.
Install the software
Download the software
Download “k3s” and “k3s-airgap-images-amd64.tar.gz” from the section “Assets” at https://github.com/k3s-io/k3s/releases
Download the Helm binaries for Linux amd64 from https://github.com/helm/helm/releases
Copy the content of the K3s install script at https://get.k3s.io into a new text file named “install.sh”
Download the file https://cp.mid.de/releases/smartfacts-air-gapped/install_airgapped_software.sh
Copy the files to the server
In your home directory, create a new directory “download”
Create a new directory “software” under “download”
Copy all downloaded files to ~/download/software
After copying all files, the file structure should look like this:download └── software ├── helm-v3.10.3-linux-amd64.tar.gz ├── install.sh ├── install_airgapped_software.sh ├── k3s └── k3s-airgap-images-amd64.tar.gz
Execute the installation script
In the directory ~/download/software make the install script executeable and execute it:
chmod u+x install_airgapped_software.sh ./install_airgapped_software.sh
Download the Smartfacts Helm Chart
Log with the provided credential into the Smartfacts Chart Registry and download the latest chart version that does not have the postfix “-dev”.
Copy the downloaded helm chart to your home directory on the Smartfacts server
Extract the helm chart with the command
tar -xvzf smartfacts-*.tgz
Create the deployment configuration
Provide Certificates and Key as Base64 String
Prerequisite: The complete certificate chain is in a file as base64-encoded x509 certificates. The certificates are contained in the file in the correct order (server certificate at the top, root certificate at the bottom). See Section “Certificates” above in this article.
Save certificate chain as a base64 string:
cat <your certificate chain.crt> | base64 -w0 > chain.crt.base64
Save certificate key as base64 string:
cat <your certificate key.key> | base64 -w0 > key.base64
Customize Values File
Change to your user's home directory on the server and create a new text file
values.yaml
with the following content:global: domain: "<your-domain>" smartfactsVersionOverride: "<downloaded common version>" #Syntax example: "2022.11.3" or "2022.12" commonVersionOverride: "<downloaded common version>" genoslcVersionOverride: "<downloaded common version>" instance: "smartfacts-poc" cert: crtFullChain: "<FULL-CHAIN-CERT-BASE64>" key: "<CERT-KEY-BASE64>" ingress: enabled: true mailservice: enabled: false
Replace the value of the domain property with your domain name.
Replace the value of the properties “smartfactsVersionOverride”, “commonVersionOverride“ and “genoslcVersionOverride“ with the exact versions of the downloaded images.
Replace the placeholder of the crtFullChain property with the content of the file
chain.crt.base64
.Replace the placeholder of the key property with the content of the
key.base64
file.Save the
values.yaml
file.
Provide the container images
The Kubernetes environment at the Smartfacts server needs to have access to the container images of Smartfacts.
The recommended way of providing access to the container images is to add the Smartfacts registry https://repo.mid.de to an existing container registry at your company which has access to the internet. This registry works as a proxy registry, so the air gapped Smartfacts server can load the Smartfacts images through that proxy registry. Follow the instructions in section Provide container images with a proxy container registry if you can use a proxy registry.
If it is not possible to use a proxy repository, the container images can be loaded directly into the container service at the Smartfacts server. To do this follow the instructions in section Provide container images without a container registry.
Install Smartfacts
Execute the Installation
Enter the following command to execute the Installation:
sudo helm upgrade --install smartfacts ./smartfacts -f values.yaml -n smartfacts --create-namespace
Watch Deployment (in a new Session)
Open a second session on the server and enter the following command:
sudo watch kubectl get all -n smartfacts
Show Smartfacts URLs
Enter the following command to show the Smartfacts URLs:
sudo kubectl get ingress -n smartfacts
Add Comment