Air gap installation#
This topic provides guidance for installing Anaconda Server in an air-gapped environment.
Note
To successfully install Anaconda Server in an air-gapped environment, you must have already prepared your environment according to the Air gap environment preparation topic.
Installing Anaconda Server#
Obtain the Anaconda Server installer location and your Anaconda Server license from your Anaconda representative before proceeding.
Download Anaconda Server:
# Replace <INSTALLER_LOCATION> with the provided installer URL curl -O <INSTALLER_LOCATION>
Make it executable:
# Replace <INSTALLER> with the installer you just downloaded chmod +x <INSTALLER>
Run the installation command:
HTTP Installation
If you have root access, run this command to install Anaconda Server:
# Replace <INSTALLER> with the installer you just downloaded
# Replace <FQDN> with the fully qualified domain name of your Anaconda Server instance
bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda 2>&1 | tee as.install.output
HTTPS Installation
If you are using TLS/SSL certificates, run this command to install Anaconda Server:
# Replace <INSTALLER> with the installer you just downloaded
# Replace <FQDN> with the fully qualified domain name of your Anaconda Server instance
# Replace <PATH_TO_CERT> with the path to your TLS/SSL cert
# Replace <PATH_TO_KEY> with the path to your TLS/SSL key
bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> --default-user anaconda 2>&1 | tee as.install.output
During installation, login credentials will be generated and displayed in the terminal for two separate roles:
anaconda - for administration in Anaconda Server UI
admin - for administration in Keycloak
Caution
You’ll need the user names and passwords shown to log in to your instance of Anaconda Server and Keycloak. Make sure you save them!
Example output:
User anaconda created, realm=dev, roles=admin
password: J86j193PwaH92tjIN5J78m67 # This will be your password for logging into Anaconda Server
User admin created, realm=master, roles=admin
password: 79g2X1Zx02iY9RKe729MP38Y # This will be your password for logging into your Keycloak instance
The installer file directory contains both the installation script (install.sh
), and the docker-compose.yml
file, which define how the Anaconda Server services are run.
Installing with External Postgres and Redis#
Before you begin installation, make sure you are using Postgres version 9.6 or later and Redis version 6.0 or later, then perform the following steps:
Install postgresql.
yum install postgresql
Download the installer.
# Replace <INSTALLER_LOCATION> with the provided installer URL curl -O <INSTALLER_LOCATION>
Modify the downloaded file to make it executable, then run the installation command:
# Replace <INSTALLER> with the installer file you just downloaded # Replace <FQDN> with the fully qualified domain name of your Anaconda Server instance # Replace <PATH_TO_CERT> with the path to your TLS/SSL cert # Replace <PATH_TO_KEY> with the path to your TLS/SSL key # Replace <EXTERNAL_PS/RD_INSTANCE_IP4> with your external instance IP4 address in both locations # Replace <ASSIGNED_PORT> with the port used for communication # Replace <POSTGRES_USERID> with your postgres user ID # Replace <POSTGRES_PASSWORD> with your postgres password chmod +x <INSTALLER> bash <INSTALLER> --keep -- --domain <FQDN> --tls-cert <PATH_TO_CERT> --tls-key <PATH_TO_KEY> -e redis://<EXTERNAL_PS/RD_INSTANCE_IP4> -h <EXTERNAL_PS/RD_INSTANCE_IP4> -p <ASSIGNED_PORT> -u <POSTGRES_USERID> -pw <POSTGRES_PASSWORD> --default-user anaconda -y 2>&1 | tee as.install.output
Installing with Podman#
Verify that your environment meets the requirements for a Podman installation by running the following command:
podman-compose --version
To install using Podman, download the installer, then make it executable by running the following commands:
# Replace <INSTALLER_LOCATION> with the provided installer URL
# Replace <INSTALLER> with the installer you just downloaded
curl -O <INSTALLER_LOCATION>
chmod +x <INSTALLER>
Set the system variable CONTAINER_ENGINE
to podman
by running the following command:
export CONTAINER_ENGINE=podman
Copy podman-compose
into usr/bin/
by running the following command:
sudo cp /usr/local/bin/podman-compose /usr/bin/
Choose and run an installation command that corresponds to your setup.
Installing packages and CVEs in Anaconda Server#
In a standard installation, Anaconda Server would be pointed to a web URL that contains artifacts for your users to view or download. However, on an air-gapped network, you’ll need to provide network directory folder locations for Anaconda Server to look in when searching for artifacts, and populate those folders with artifacts.
The .zip
files you downloaded during environment preparation will be the source of your packages for Anaconda Server. Move these files to the correct folders by running the following commands:
mv conda_main.zip /opt/anaconda/repo/airgap/
mv cve.zip /opt/anaconda/repo/airgap/
With the files in place, you’ll now need to instruct Anaconda Server to create a mirror using the cve.zip
file as a source of data. Open your installer file directory, where the docker-compose.yml
file is located.
# Replace <INSTALLER> with the installer file you just downloaded
cd <INSTALLER>
Tip
You can run the command ls -la
to show a list of files contained in your installer file directory. You should see the docker-compose.yml
and .env
files here.
Open your .env
file using your preferred file editor and add the following:
REPO_CVE_DEFAULT_MIRROR=file://opt/anaconda/repo/airgap/cve.zip
Save your work, then restart your instance of Anaconda Server by running the following commands:
# Stop and restart your instance of Anaconda Server
docker-compose stop
docker-compose up -d
# Verify all processes are up
docker ps
Log in to Anaconda Server as admin#
Navigate to your instance of Anaconda server in a web browser by visiting https://<FQDN>
.
Use the following credentials when logging in:
Username: anaconda
Password: Use the password generated during installation of Anaconda Server.
On your very first login, you will be redirected to Keycloak to authenticate your access.
Administering Anaconda Server in Keycloak#
Once you’ve been redirected to Keycloak, log in using the following credentials:
Username: admin
Password: Use the password generated during installation of Anaconda Server.
Once you have logged in to Keycloak, you will see the main page, as shown below. On the left-hand side, navigate to Users.
Click on the blue hyperlink in the ID column to take you to the admin profile.
From the Details tab, you can make changes to the profile.
From the Credentials tab, you can change the password.
From the Role Mappings tab, you can add or remove permissions.
Once you have made your changes, you can log in to your Anaconda Server instance. You will be prompted to enter your license to continue. This is the license you obtained from your Anaconda representative.
Using Anaconda Server#
Log in to your Anaconda Server instance as administrator with the generated ID and password.
Creating a channel#
There are a few key things to note when creating a channel:
If a channel name is already in use, create a new channel with a different name. That channel can then be set as the default channel on the Settings page under My Account.
If an email is used as a username, the portion of the email before the “@” symbol (also known as the “local-part”) will be used as the username. Because channel names are restricted to a limited set of characters (a-z 0-9 - _), some characters may be replaced with
_
. For example, if the email addressannie.anaconda@website.com
is used as a username, the channelannie_anaconda
will be created.If you don’t see any way of creating a channel (as shown in the following section), you may be lacking the permission to do so. Ask your administrator about modifying your permissions to allow you to create channels.
Click on the My account button in the top right, and then click Create a Channel. You can also create a channel by clicking the green Create Channel button from your channel page.
Fill in a name and description when prompted.
Creating a mirror#
In the new channel, create a new mirror by clicking the green Mirror button in the channel.
Ensure Passive is selected at the top.
Note
Mirroring passively reduces the storage space used. You will still get the packages you need, as they are already stored in the Anaconda Server instance.
In the field External Source Channel, enter the file path to the conda_main_airgap.zip
file.
Once you have created the mirror, you are all set to use Anaconda Server!
Accessing Anaconda Server hosted installers#
Access installers for your company’s use through Anaconda Server.
Note
You must log in to the VPN provided by Anaconda to access the hosted installer files.
Get a valid installers.zip
file from the s3 bucket:
curl -O https://anaconda-airgap-te.s3.amazonaws.com/installers.zip
Move the installers.zip
file to the airgap folder of Anaconda Server repository. The default path to this folder is /opt/anaconda/repo/airgap
:
cp `/installers.zip /opt/anaconda/repo/airgap/`
Open the Anaconda Server docker-compose.yml
file in the Anaconda Server installation directory.
Verify that the docker has access to the airgap
folder contained in the volumes
section.
For example:
${BASE_INSTALL_DIR}/airgap:${BASE_INSTALL_DIR}/airgap
Add this line to the environments
section of the .yml
file:
REPO_MINICONDA_INSTALLERS_ZIP_PATH=/opt/anaconda/repo/airgap/installers.zip
Go to the main page of your Anaconda Server instance to download an available installer.
Installing Grafana monitoring dashboards#
To include Grafana monitoring dashboards in your installation of Anaconda Server, add the following argument to your installation command:
--grafana-monitor-stack
For example:
bash <INSTALLER> --keep -- --domain <FQDN> --grafana-monitor-stack --default-user anaconda 2>&1 | tee as.install.output
Note
You must be able to establish an internet connection at the time of installation or upgrade to obtain the images from Grafana’s Docker Registry.