Air gap installation

This topic provides guidance for installing Anaconda Team Edition in an air-gapped environment.

Note

To successfully install Team Edition in an air-gapped environment, you must have already prepared your environment according to the Air gap environment preparation topic.


System validation checks

Run the following commands to gain information on your system and validate that it is ready for a Team Edition install.

Display what type of processor your system is running, including the number of CPUs present:

$cat /proc/cpuinfo

Report the amount of free and used memory (both physical and swap) on the system, as well as the shared memory and buffers used by the kernel:

$cat /proc/meminfo

A standard Unix command used to display the amount of available disk space for file systems on which the invoking user has appropriate read access:

$df -h

Displays the operating system name as well as the system node name, operating system release, operating system version, hardware name, and processor type:

$uname -a

Displays the operating system identification data:

$cat /etc/os-release

Docker verification check:

$docker-compose --version

Installing Anaconda Team Edition

Obtain the Team Edition installer and your Team Edition license from your Anaconda representative before proceeding.

Download Anaconda Team Edition:

# Replace <ATE-AIRGAP-INSTALL-URL> with the installer .sh file
$ curl -O \ <ATE-AIRGAP-INSTALL-URL>

Make it executable:

$ chmod 700 te-installer-6.1.5-airgap-3d840d9.sh

Install Team Edition and providing ability to view the output file:

# Replace <IP ADDRESS OR DOMAIN> with your IP address/FQDN
$ ./ate-installer.sh --keep -- --domain <IP ADDRESS OR DOMAIN> --default-user anaconda 2 > &1 | ate.install.output

Note

Keep an eye out for the admin credentials generated during the install. You’ll need these usernames and passwords later.

The credentials will look like the following:

User anaconda created, realm=dev, roles=admin
password: <anaconda_pw_here>
User admin created, realm=master, roles=admin
password: <admin_pw_here>

Example output:

net.ipv4.conf.all.forwarding = 1
Loading Repo images ...
Loaded image: nginx:6.1.5
Loaded image: keycloak:6.1.5
Loaded image: redis-ubi:6.1.5
Loaded image: postgres:9.6
Loaded image: prom/prometheus:v2.15.2
Loaded image: repo:6.1.5
Loaded image: repo-proxy:6.1.5
Successfully loaded images
Installing into /opt/anaconda/repo
Generated secret for repo-service
secret=978kb2M2BcrWR812PxY8yCvp62906C20
realm role=view-users
Generated secret for repo-account-sync
secret=h4ZkM1892p9gK95W8A68T4T0TA4aK5Z7
# Usernames and passwords below:
User anaconda created, realm=dev, roles=admin
password: T2206u7iNFS0226Qy2ro0lX1
User admin created, realm=master, roles=admin
password: 6kd01Rmqz46849gRh8U78Uu3

Installing packages and CVEs in Team Edition

After downloading the zip files during air gap environment preparation, move them to the desired location. We have used /repo/airgap/ in the following example:

mv conda_main_airgap.zip /opt/anaconda/repo/airgap/
mv cve.zip /opt/anaconda/repo/airgap/

In the Team Edition base directory, update REPO_CVE_DEFAULT_MIRROR in the .env file to the following:

REPO_CVE_DEFAULT_MIRROR=file://opt/anaconda/repo/airgap/cve.zip

Restarting and logging in to Team Edition as admin

In your base Team Edition directory, run the following commands:

docker-compose stop
docker-compose up -d
docker ps  # to make sure all processes are up

Log in to Team Edition, either at http://<DNS> or http://<your instance public IP address>.

Use the following credentials when logging in:

Username: anaconda

Password: your generated password from when you installed Team Edition

On your very first login, you will be redirected to Keycloak to authenticate your access.

Administering Team Edition in Keycloak

Once you’ve been redirected to Keycloak upon login, you can begin setting up your keycloak.

Log in using the following credentials:

Username: admin

Password: your generated password from when you installed Team Edition


Once you have logged in to Keycloak, you will see the main page, as shown below. On the left-hand side, navigate to Users.

Click on the blue hyperlink in the ID column to take you to the admin profile.

../_images/kc_ID.png

From the Details tab, you can make changes to the profile.

../_images/kc_details.png

From the Credentials tab, you can change the password.

../_images/kc_credentials.png

From the Role Mappings tab, you can add or remove permissions.

../_images/kc_rolemap.png

Once you have made your changes, you can log in to your Anaconda Team Edition instance. You will be prompted to enter your license to continue. This is the license you obtained from your Anaconda representative.

Using Team Edition

Log in to your Team Edition instance as administrator with the generated ID and password.

Creating a channel

There are a few key things to note when creating a channel:

  • If a channel name is already in use, create a new channel with a different name. That channel can then be set as the default channel on the Settings page under My Account.

  • If an email is used as a username, the portion of the email before the “@” symbol (also known as the “local-part”) will be used as the username. Because channel names are restricted to a limited set of characters (a-z 0-9 - _), some characters may be replaced with _. For example, if the email address annie.anaconda@website.com is used as a username, the channel annie_anaconda will be created.

  • If you don’t see any way of creating a channel (as shown in the following section), you may be lacking the permission to do so. Ask your administrator about modifying your permissions to allow you to create channels.

  1. Click on the My account button in the top right, and then click Create a Channel. You can also create a channel by clicking the green Create Channel button from your channel page.

    ../_images/createchan1.png

  2. Fill in a name and description when prompted.

    ../_images/airgap-createchannel.png

Creating a mirror

In the new channel, create a new mirror by clicking the green Mirror button in the channel.

Ensure Passive is selected at the top.

Note

Mirroring passively reduces the storage space used. You will still get the packages you need, as they are already stored in the Team Edition instance.

In the field External Source Channel, enter the file path to the conda_main_airgap.zip file.

../_images/airgap-mirror.png

Once you have created the mirror, you are all set to use Team Edition!