Air-Gap Installation¶
PREREQUISITES¶
- Docker
- Linux VM(s) with OS from a specified Linux Distribution and Version by IFS in the Supported Platforms documentation, for uploading and downloading docker images and helm charts.
- Wget Package (version 1.20.3 or above)
- A Private Registry that should be secure with a username and a password
- The Private Registry should supports Docker and Helm repositories
- Ensure that the certificate chain for jfrog.io and the private registry domain are trusted on the deployed servers
STEPS TO RUN FOR THE AIR-GAPPED INSTALLATION¶
- Copy the download.sh in the management server, ifsroot/artifact-download folder to the linux VM which will be used to download artifacts to the private registry.
- If the target private registry is in a different location with restricted access, the folder can be copied to a target server via a USB or other storage device.
- Copy the upload.sh files in the management server, ifsroot/artifact-download folder to the linux VM which will be used to upload artifacts to the private registry.
1. Run download script to save docker images and helm charts in local disk¶
In this step, you will download and save all the necessary docker images and helm charts that are mentioned in the release.yml.
Run download.sh script with the below parameters in the machine that has access to the Internet.
-j or --jfrog-artifactory : jfrog artifactory url. eg:ifscloud.jfrog.io
-u or --username : username of artifact repository
-p or --password : password of artifact repository
-r or --release : release version of release.yml
--ifs-helm : Download and save helm charts in ifs-helm section
--ifs-docker : Pull and save docker images in ifs-docker section
--ifs-docker-infra : Pull and save docker images in ifs-docker-infra section
--ifs-all : Download all helm charts and docker images mentioned in the release.yml. This is the default download method if you have not specified an option
./download.sh -u your_username -p your_password -j jfrog_artifactory_url -r x.y.z --ifs-helm
For the " -r x.y.z " taking release number as "x.y" and service update as "z" both combined should be "x.y.z".
For the "--ifs-helm" section you will have to use either ifs-helm, ifs-docker, ifs-docker-infra or ifs-all.
Docker images will be saved inside a directory called docker, and helm charts will be saved inside helm directory respectively.
NOTE: To avoid security risks by entering the username and (or) password in terminal, as a best practice you can use a script of your own to fetch the username and (or) password from a secure storage for secrets. (e.g: a vault)
./download.sh -u $(./some_script_to_fetch_username) -p $(./some_script_to_fetch_password) -j jfrog_artifactory_url -r x.y.z --ifs-helm
2. Run upload script to upload docker images and helm charts from local disk to artifact repository¶
In this step, you will upload docker images and helm charts that reside on docker and helm directories in the local disk to a specified repository.
Run upload.sh script with the below parameters:
-a or --artifactory : artifactory url that you need to upload artifacts (eg: registry.yourdomain.com)
-u or --username : username of the artifact repository
-p or --password : password of the artifact repository
-r or --helm-repository : helm repository name (eg: helm)
-d or --docker-registry : docker registry name (eg: docker)
--helm : will upload all helm charts in the helm directory
--docker : will upload all docker images in the docker directory
--all : will upload all helm charts and docker images
examples -
Upload helm charts and docker images
./upload.sh -a artifactory -u your_username -p your_password -r your_helm_repository -d docker-registry --all
NOTE: To avoid security risks by entering the username and (or) password in terminal, as a best practice you can use a script of your own to fetch the username and (or) password from a secure storage for secrets. (e.g: a vault)
./upload.sh -a artifactory -u $(../some_script_to_fetch_username) -p $(./some_script_to_fetch_password) -r your_helm_repository -d docker-registry --all
Upload helm charts only
./upload.sh -a artifactory -u your_username -p your_password -r your_helm_repository --helm
./upload.sh -a artifactory:port_number -u your_username -p your_password -r your_helm_repository --helm
./upload.sh -a artifactory -u your_username -p your_password -d docker-registry --docker
./upload.sh -a artifactory:port_number -u your_username -p your_password -d docker-registry --docker
To clean up after completing pushing artifacts to the private registry, remove 'helm' and 'docker' directories in the current folder.
3. Go to the main_config.json and change the variables for the private registry.¶
In the main_config.json file that is located inside the config folder. You will be required to change the following variables with your values.
"RemoteArtifactUri"
"RemoteArtifactDockerRepo"
"RemoteArtifactDockerRepoPath"
"RemoteArtifactHelmRepoName"
"RemoteArtifactHelmRepo"
These variables are further described in the Main Configuration Parameters File. Pleas refer to the document for further information.
example -
For a Private registry where the helm repo exist at https://registry.yourdomain.com/repository/your_helm_repository:8443 and docker repo exist at https://registry.yourdomain.com:8444
"RemoteArtifactUri": "https://registry.yourdomain.com:8443",
"RemoteArtifactDockerRepo": "registry.yourdomain.com:8444",
"RemoteArtifactDockerRepoPath": "docker_registry",
"RemoteArtifactHelmRepoName": "helm.ifs.com",
"RemoteArtifactHelmRepo": "repository/helm.ifs.com",
4. Install Remote¶
Refer to the installation steps in Quick Installation.