Air gap installation

This topic provides guidance for installing Anaconda Server in an air-gapped environment.

Note

To successfully install Anaconda Server in an air-gapped environment, you must have already prepared your environment according to the Air gap environment preparation topic.


Installing Anaconda Server

Obtain the Anaconda Server installer location and your Anaconda Server license from your Anaconda representative before proceeding.

  1. Download Anaconda Server:

    # Replace <INSTALLER_LOCATION> with the provided installer location
    curl -O <INSTALLER_LOCATION>
    
  2. Make it executable:

    # Replace <INSTALLER> with the installer you just downloaded
    chmod +x <INSTALLER>
    
  3. Run the installation command:

HTTP Installation

If you have root access, run this command to install Anaconda Server:

# Replace <INSTALLER> with the installer you just downloaded
# Replace <FQDN> with the fully qualified domain name of your Anaconda Server instance
bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda 2>&1 | tee as.install.output

HTTPS Installation

If you are using TLS/SSL certificates, run this command to install Anaconda Server:

# Replace <INSTALLER> with the installer you just downloaded
# Replace <FQDN> with the fully qualified domain name of your Anaconda Server instance
# Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
# Replace <PATH_TO_KEY> with the path to your TLS/SSL key
bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> --default-user anaconda 2>&1 | tee as.install.output

During installation, login credentials will be generated and displayed in the terminal for two separate roles:

  • anaconda - for administration in Anaconda Server UI

  • admin - for administration in Keycloak

Caution

You’ll need the user names and passwords shown to log in to your instance of Anaconda Server and Keycloak. Make sure you save them!

Example output:

User anaconda created, realm=dev, roles=admin
password: J86j193PwaH92tjIN5J78m67 # This will be your password for logging into Anaconda Server
User admin created, realm=master, roles=admin
password: 79g2X1Zx02iY9RKe729MP38Y # This will be your password for logging into your Keycloak instance

The installer file directory contains both the installation script (install.sh), and the docker-compose.yml file, which define how the Anaconda Server services are run.

Installing with External Postgres and Redis

Before you begin installation, make sure you are using Postgres version 9.6 or later and Redis version 6.0 or later, then perform the following steps:

  1. Install postgresql.

    yum install postgresql
    
  2. Download the installer.

    # Replace <INSTALLER_LOCATION> with the provided installer location
    curl -O <INSTALLER_LOCATION>
    
  3. Modify the downloaded file to make it executable, then run the installation command:

    # Replace <INSTALLER> with the installer file you just downloaded
    # Replace <FQDN> with the fully qualified domain name of your Anaconda Server instance
    # Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
    # Replace <PATH_TO_KEY> with the path to your TLS/SSL key
    # Replace <EXTERNAL_PS/RD_INSTANCE_IP4> with your external instance IP4 address in both locations
    # Replace <ASSIGNED_PORT> with the port used for communication
    # Replace <POSTGRES_USERID> with your postgres user ID
    # Replace <POSTGRES_PASSWORD> with your postgres password
    chmod +x <INSTALLER>
    bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> -e redis://<EXTERNAL_PS/RD_INSTANCE_IP4> -h <EXTERNAL_PS/RD_INSTANCE_IP4> -p <ASSIGNED_PORT> -u <POSTGRES_USERID> -pw <POSTGRES_PASSWORD> --default-user anaconda -y 2>&1 | tee as.install.output
    

Installing packages and CVEs in Anaconda Server

In a standard installation, Anaconda Server would be pointed to a web URL that contains artifacts for your users to view or download. However, on an air-gapped network, you’ll need to provide network directory folder locations for Anaconda Server to look in when searching for artifacts, and populate those folders with artifacts.

The .zip files you downloaded during environment preparation will be the source of your packages for Anaconda Server. Move these files to the correct folders by running the following commands:

mv conda_main.zip /opt/anaconda/repo/airgap/
mv cve.zip /opt/anaconda/repo/airgap/

With the files in place, you’ll now need to instruct Anaconda Server to create a mirror using the cve.zip file as a source of data. Open your installer file directory, where the docker-compose.yml file is located.

# Replace <INSTALLER> with the installer file you just downloaded
cd <INSTALLER>

Tip

You can run the command ls -la to show a list of files contained in your installer file directory. You should see the docker-compose.yml and .env files here.

Open your .env file using your preferred file editor and add the following:

REPO_CVE_DEFAULT_MIRROR=file://opt/anaconda/repo/airgap/cve.zip

Save your work, then restart your instance of Anaconda Server by running the following commands:

# Stop and restart your instance of Anaconda Server
docker-compose stop
docker-compose up -d
# Verify all processes are up
docker ps

Log in to Anaconda Server as admin

Navigate to your instance of Anaconda server in a web browser by visiting https://<FQDN>.

Use the following credentials when logging in:

Username: anaconda

Password: Use the password generated during installation of Anaconda Server.

On your very first login, you will be redirected to Keycloak to authenticate your access.

Administering Anaconda Server in Keycloak

Once you’ve been redirected to Keycloak, log in using the following credentials:

Username: admin

Password: Use the password generated during installation of Anaconda Server.


Once you have logged in to Keycloak, you will see the main page, as shown below. On the left-hand side, navigate to Users.

Click on the blue hyperlink in the ID column to take you to the admin profile.

../_images/kc_ID.png

From the Details tab, you can make changes to the profile.

../_images/kc_details.png

From the Credentials tab, you can change the password.

../_images/kc_credentials.png

From the Role Mappings tab, you can add or remove permissions.

../_images/kc_rolemap.png

Once you have made your changes, you can log in to your Anaconda Server instance. You will be prompted to enter your license to continue. This is the license you obtained from your Anaconda representative.

Using Anaconda Server

Log in to your Anaconda Server instance as administrator with the generated ID and password.

Creating a channel

There are a few key things to note when creating a channel:

  • If a channel name is already in use, create a new channel with a different name. That channel can then be set as the default channel on the Settings page under My Account.

  • If an email is used as a username, the portion of the email before the “@” symbol (also known as the “local-part”) will be used as the username. Because channel names are restricted to a limited set of characters (a-z 0-9 - _), some characters may be replaced with _. For example, if the email address annie.anaconda@website.com is used as a username, the channel annie_anaconda will be created.

  • If you don’t see any way of creating a channel (as shown in the following section), you may be lacking the permission to do so. Ask your administrator about modifying your permissions to allow you to create channels.

  1. Click on the My account button in the top right, and then click Create a Channel. You can also create a channel by clicking the green Create Channel button from your channel page.

    ../_images/createchan1.png
  2. Fill in a name and description when prompted.

    ../_images/airgap-createchannel.png

Creating a mirror

In the new channel, create a new mirror by clicking the green Mirror button in the channel.

Ensure Passive is selected at the top.

Note

Mirroring passively reduces the storage space used. You will still get the packages you need, as they are already stored in the Anaconda Server instance.

In the field External Source Channel, enter the file path to the conda_main_airgap.zip file.

../_images/airgap-mirror.png


Once you have created the mirror, you are all set to use Anaconda Server!

Accessing Anaconda Server hosted installers

Access installers for your company’s use through Anaconda Server.

Note

You must log in to the VPN provided by Anaconda to access the hosted installer files.

Get a valid installers.zip file from the s3 bucket:

curl -O https://anaconda-airgap-te.s3.amazonaws.com/installers.zip

Move the installers.zip file to the airgap folder of Anaconda Server repository. The default path to this folder is /opt/anaconda/repo/airgap:

cp `/installers.zip /opt/anaconda/repo/airgap/`

Open the Anaconda Server docker-compose.yml file in the Anaconda Server installation directory.

Verify that the docker has access to the airgap folder contained in the volumes section. For example:

${BASE_INSTALL_DIR}/airgap:${BASE_INSTALL_DIR}/airgap

Add this line to the environments section of the .yml file:

REPO_MINICONDA_INSTALLERS_ZIP_PATH=/opt/anaconda/repo/airgap/installers.zip

Go to the main page of your Anaconda Server instance to download an available installer.