Air gap environment preparation¶
This topic provides guidance for preparing an air-gapped environment and installing an air-gapped environment system for a straightforward installation of Anaconda Server, as detailed in Air gap installation.
The installer is a self-extracting binary (ate-x.x.x-installer.sh, where x.x.x is the version number) that contains the necessary components to run Anaconda Server.
The following tools and components are required to install Anaconda Server in your air-gapped environment:
Any Linux variant capable of supporting Docker (RHEL 7.x/CentOS)
If SELinux is enabled, it cannot be in enforcing mode
Use FQDN(Fully Qualified Domain Name) or Hostname
If you are not using DNS: you will use the public IP address of your instance
- 1.5TB storage space
Conda_air gap zip file is~ 700GB
CVE zip file is ~20MB
Installing packages and CVE files¶
Artifact download authorization
In order to pull down the conda packages and CVEs, you will need to provide the IP address of the server you are going to store the packages and CVEs on. This enables us to grant you access to the S3 bucket where we store the packages and CVEs.
This will need to be completed prior to scheduling your implementation with Anaconda. The download will take several hours.
If you prefer not to use a hostname, the public IP address of your environment will be required.
Installing packages and CVEs
In this section, you will install Anaconda Server packages, move those packages to your air-gapped repository, and configure the
.env file to point to the location of the CVEs.
Downloading the Anaconda Server Packages may take several hours.
Run the following commands to install the air gap and cve packages:
curl -O https://anaconda-airgap-te.s3.amazonaws.com/conda_main.zip curl -O https://anaconda-airgap-te.s3.amazonaws.com/conda_msys2.zip curl -O https://anaconda-airgap-te.s3.amazonaws.com/conda_r.zip curl -O https://anaconda-airgap-te.s3.amazonaws.com/cve.zip
Do not unzip the air gap or cve files.
DNS and TLS/SSL certificate requirements¶
Anaconda Server can use certificates to provide transport layer security for the cluster. It is required to have your TLS/SSL certs prior to installation; otherwise, self-signed certificates can be generated during the initial installation. You can configure the platform to use organizational TLS/SSL certificates after completing the installation.
You may purchase certificates commercially, use Let’s Encrypt, or generate them using your organization’s internal public key infrastructure (PKI) system. When using an internal PKI-signed setup, the CA certificate is stored on the file system. You will need to make sure the root certificate of your certificate authority is trusted by the server running the application and the workstations used by users of the application.
You must provide the SSL cert for the hostname your Anaconda Server instance is running on.
These are ports that allow access outside of the server. It is important to protect all services running on the node from outside access. The exceptions are as shown below. These ports need to be open to allow access to Anaconda Server via browser and (optionally) via SSH:
:80nginx - only if you are using HTTP
:443nginx - only if you are using HTTPS
:22ssh - optional; only if you need SSH
These are ports that allow access within the server and are open on docker containers, exposed only to the docker network. Ideally, Anaconda Server will have a dedicated environment. Anaconda Server uses several ports for internal communication between components. These ports do not need to be open to the end user but they need to be reserved, as some bind to the local host network interfaces.
You can run
docker ps and reference the PORTS column, as shown in the following example:
:5000repo - Anaconda Server API
:5002repo-proxy - Anaconda Server file serving API proxy
:5000repo-dispatcher - Anaconda Server event dispatcher/handler (exposed only for prometheus metrics)
:5000repo-worker - Anaconda Server scheduled jobs worker (exposed only for prometheus metrics)
:8080keycloak - keycloak’s /auth/* endpoints are proxied in Nginx
:5432postgres - Postgresql database used by Anaconda Server and Keycloak
:6379redis - Redis instance used by Anaconda Server services
:9090prometheus - Prometheus is proxied in Nginx at /Prometheus
Install Docker and Docker Compose. Contact your operating system vendor or IT department for assistance with this step.
After ensuring all requirements have been met, proceed to Air gap installation to install Anaconda Server in your air-gapped environment.