Prerequisites for Air Gap Installation [ Supported from 9.0.11.x onwards ]¶

Note

This section is applicable only if you are installing Privacera Manager in an air gap (no Internet access) network. This is not a typical setup. You also need to do the Self Managed Prerequisites before you can proceed with this section. Refer to the Prerequisites section.

Overview¶

An air gap network is a secure network environment that is isolated from the Internet. If you plan to install Privacera software in an air gap (no Internet access) network, then you have to download the Privacera docker images and host them in your docker registry. You also have to host the Privacera Manager tarball in an object store accessible to the compute host in air gap network. A script, pm-airgap.sh, is provided to facilitate this process.

Prerequisites¶

You need a Linux host that has access to the Internet where you will run the pm-airgap.sh script. Also from this machine you should have password-less SSH access to the Privacera jumphost.
Your local docker registry where you will host the Privacera docker images. We need the URL of the registry and the credentials to push the images to the registry.
Access to the compute host (Privacera Jumphost) in air gap (no Internet access) network from where you plan to run Privacera Manager. This host should have access to the local docker registry where the Privacera docker images are hosted.
The jumphost should have access to create repo & push, pull, delete and modify the images present in your private hub.

Installation Information¶

You will need the following information from Privacera Sales Representative:

Information Required

PRIV_MGR_PACKAGE: The format will be https://<domain>/<filepath>/<file.tar.gz>

PRIV_MGR_IMAGE: The format will be <PRIVACERA_HUB_HOST>/privacera-manager:<PRIV_MGR_IMAGE_TAG>

PRIVACERA_HUB_USER: Privacera Docker hub registry username

PRIVACERA_HUB_PASSWORD: Privacera Docker hub registry password

Download script¶

The airgap installation is done using below scripts. Go to the server (intermediate machine) which has internet access and which you want to use to download the privacera package and download & push the docker images for Privacera Manager.

Bash
cd ~/
curl -s https://raw.githubusercontent.com/privacera/privacera-installation-scripts/refs/heads/main/airgap-installation/airgap-env.sh -o airgap-env.sh
curl -s https://raw.githubusercontent.com/privacera/privacera-installation-scripts/refs/heads/main/airgap-installation/pm-airgap.sh -o pm-airgap.sh

Update the Privacera Airgap configuration file¶

The configuration file airgap-env.sh contains the variables required for initial downloading and uploading Privacera components.

Variable Name	Description	Sample Value
`PRIV_MGR_IMAGE`	Docker image for Privacera Manager, including the repository URL and image tag.	`"hub2.privacera.com/privacera-manager:rel_9.0.0.3"`
`PRIV_MGR_PACKAGE`	URL for the Privacera Manager package, usually hosted on an S3 bucket or similar repository.	`"https://privacera-host/path/privacera-manager.tar.gz"`
`PRIVACERA_HUB_USER`	Username for accessing Privacera Hub, the central repository for Privacera images.	`"hub_user"`
`PRIVACERA_HUB_PASSWORD`	Password for accessing Privacera Hub. This should be securely stored.	`"hub_password"`
`DESTINATION_HUB_URL`	The private hub url where you want to upload the Privacera Images.	`"<ECR_URL>"`
`DESTINATION_HUB_USER`	Username for accessing Private Hub.	`"dev"`
`DESTINATION_HUB_PASSWORD`	Password for accessing Privacera Hub. This should be securely stored.	`"private_hub_password"`
`PM_HOSTNAME`	The Privacera Jumphost where you want to sync the Privacera Package.	`"10.210.1.30"`
`PM_HOST_USERNAME`	The username which you created for privacera where the packages will be copied.	`"privacera"`
`REMOTE_DIR`	The path in your Privacera Jumphost where you want to copy the privacera package.	It should be always `/home/<PM_HOST_USERNAME>/privacera`

Download packages and images of Privacera Manager¶

Run the following commands,

Bash
1 2	`cd ~/ ./pm-airgap.sh`

Bash
Download Privacera Core Components ? Y/N

Download Internal Mariadb Database Image  ? Y/N

Download Privacera Access Manager Component Images  ? Y/N

Download Privacera Discovery Component Images  ? Y/N

Download Encryption & Masking Component Images  ? Y/N

Download Statistics & Monitoring Component Images  ? Y/N

Download Privacera Diagnostics Component Images  ? Y/N

The script will download the Privacera Manager package at ~/privacera/downloads location, download and upload the required images to the Private Docker repository and Sync the privacera package to the Remote Jumphost.

Copy package to Privacera Manager host¶

Note

This section is only application when sync failed in previous step.

Run the script again with the sync action to copy the Privacera Manager package to your Privacera Manager host if syncronization failed in previous step.

Bash
cd ~/
./pm-airgap.sh push

You can also manually copy the package from ~/privacera/downloads/privacera-manager.tar.gz to the ~/privacera/downloads directory on the Privacera Manager host.

Air gap Installation Information¶

Now you should be ready with this set of properties which are hostname of your airgap Docker registry and the credentials to pull from it.

Information Required

AIRGAP_PRIV_MGR_IMAGE: The format will be <PRIVACERA_HUB_HOST>/privacera-manager:<PRIV_MGR_IMAGE_TAG>

AIRGAP_HUB_USER: Privacera Docker hub registry username

AIRGAP_HUB_PASSWORD: Privacera Docker hub registry password

Prev Prerequisites
Next
- AWS Setup
- Setup