Air-gapped installation

This topic provides guidance for installing Package Security Manager (On-prem) in an air-gapped environment.

​

Installing Package Security Manager

Obtain Package Security Manager installer location and your Package Security Manager license from your Anaconda representative before proceeding.

1. Download Package Security Manager:

   Copy

   Ask AI

   # Replace <INSTALLER_LOCATION> with the provided installer URL
   curl -O <INSTALLER_LOCATION>
   

2. Make it executable:

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   chmod +x <INSTALLER>
   

3. Run one of the following installation commands. Choose the command that corresponds with your setup:

   • HTTP
   • HTTPS
   • External Postgres and Redis

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   sudo bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda --custom-cve-source file://opt/anaconda/repo/airgap/cve.zip 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   sudo bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda --custom-cve-source file://opt/anaconda/repo/airgap/cve.zip 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   If you are using TLS/SSL certificates, run this command to install Package Security Manager:

   Copy

   Ask AI

   # Replace <INSTALLER> with the installer you just downloaded
   # Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
   # Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
   # Replace <PATH_TO_KEY> with the path to your TLS/SSL key
   sudo bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> --default-user anaconda --custom-cve-source file://opt/anaconda/repo/airgap/cve.zip 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   You must be using Postgres version 9.6 or later and Redis version 6.0 or later.

   Copy

   Ask AI

   # Replace `<INSTALLER>` with the installer file you just downloaded
   # Replace `<FQDN>` with the fully qualified domain name of your Package Security Manager instance
   # Replace `<PATH_TO_CERT>` with the path to your TLS/SSL cert
   # Replace `<PATH_TO_KEY>` with the path to your TLS/SSL key
   # Replace `<EXTERNAL_PS/RD_INSTANCE_IP4>` with your external instance IP4 address (in both locations)
   # Replace `<ASSIGNED_PORT>` with the port used for communication
   # Replace `<POSTGRES_USERID>` with your postgres user ID
   # Replace `<POSTGRES_PASSWORD>` with your postgres password
   chmod +x `<INSTALLER>`
   bash `<INSTALLER>` --keep -- --domain `<FQDN>` --tls-cert `<PATH_TO_CERT>` --tls-key `<PATH_TO_KEY>` -e redis://`<EXTERNAL_PS/RD_INSTANCE_IP4>` -h `<EXTERNAL_PS/RD_INSTANCE_IP4>` -p `<ASSIGNED_PORT>` -u `<POSTGRES_USERID>` -pw `<POSTGRES_PASSWORD>` --default-user --custom-cve-source file://opt/anaconda/repo/airgap/cve.zip anaconda -y 2>&1 | tee as.install.output
   

   To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

   Copy

   Ask AI

   --grafana-monitor-stack
   

   The installation process creates three distinct user profiles: one for administrating Package Security Manager, one for administrating Keycloak, and one for accessing Prometheus. Login credentials for these profiles are shown during the installer output. Use these credentials for your initial logins, and update them as soon as possible.

   Example output

​

Installing packages and CVEs

In a standard installation, Package Security Manager points to a web URL that contains artifacts for your users to view or download. However, on an air-gapped network, you’ll need to provide network directory folder locations for Package Security Manager to look in when searching for artifacts, and populate those folders with artifacts.

The .zip files you downloaded during environment preparation will be the source of your packages for Package Security Manager. Choose a set of commands that correlate with the files you downloaded during environment preparation to move the files to their correct folder location:

1. Open your Package Security Manager installation directory.

   Copy

   Ask AI

   # Replace <INSTALLER> with your installation directory
   cd <INSTALLER>
   

2. Stop Package Security Manager by running the following command:

   Copy

   Ask AI

   docker compose down
   

3. Move your airgap .zip files to the correct locations by running the following commands. Choose a set of commands that correlates with your setup:

   All platforms

   Windows airgap files

   Linux airgap files

   macOS airgap files

4. Save your work and close the file, then apply your changes to Package Security Manager by running the following:

   Copy

   Ask AI

   docker compose up -d
   

5. Monitor the status of your instance by running the following command:

   Copy

   Ask AI

   docker ps
   

6. Once the containers are healthy and running, access your instance of Package Security Manager by navigating to https:://<FQDN>.example.com and complete your installation by entering your license.

​

Adding hosted miniconda installers

Because air-gapped users do not have access to the internet, Anaconda provides Miniconda installers for your company’s use through Package Security Manager.

1. Download a valid installers.zip file from the s3 bucket:

   Copy

   Ask AI

   curl -O https://anaconda-airgap-te.s3.amazonaws.com/installers.zip
   curl -O https://anaconda-airgap-te.s3.amazonaws.com/installers.sha256
   

2. Move the installers.zip file to the airgap folder of Package Security Manager repositoryby running the following command:

   Copy

   Ask AI

   mv /installers.zip /opt/anaconda/repo/airgap/
   

3. If necessary, open your Package Security Manager installer directory.

4. Using your preferred file viewer, open the docker-compose.yml file.

5. Verify that the following line is present in the volumes section for both the repo_api and repo_worker objects:

   Copy

   Ask AI

   ${BASE_INSTALL_DIR}/airgap:${BASE_INSTALL_DIR}/airgap
   

   If the above line is not present, add it to both locations. This allows docker to have access to the /opt/anaconda/repo/airgap directory.

6. Add the following line to the environment section for both the repo_api and repo_worker objects:

   Copy

   Ask AI

   REPO_MINICONDA_INSTALLERS_ZIP_PATH=/opt/anaconda/repo/airgap/installers.zip
   

7. Save your work and close the file, then apply your changes to Package Security Manager by running the following command:

   Copy

   Ask AI

   docker compose up -d