Air-gapped Install#

Airgap Installation refers to installation of Privacera product in servers/VMs which are offline or have no access to Privacera Hub Repository to download the required packages and images.

Prerequisites#

Ensure the following prerequisites are met:

A host machine without internet access where Privacera will be installed. Make sure you have met all the prerequisite hardware configuration and software for your platform, including Docker/Kubernetes on AWS or Azure. See Prerequisites Overview.
An intermediate system with internet access to download packages and images from Privacera Hub Repository.
Privacera installation variables. For more information about the variables, see Installation Environment Variables

Using Intermediate System#

If Privacera Manager host does not have access to the internet or Privacera Hub Repository, then you will need an intermediate system that can access the internet and Privacera Hub Repository. On this intermediate system, you will be downloading all necessary Privacera packages and images.

Once the required packages and images are downloaded, you can host the images on your internal repository, and copy the packages to any cloud storage or just copy them to the Privacera Manager host using SSH.

Privacera airgap script can help you in downloading the packages and images, pushing images to your internal repository or copying them to your Privacera Manager host.

Download Packages and Images of Privacera Manager#

On your intermediate system, download the following script. The script allows you to download all the images required for installing Privacera Manager, and upload them to an internal repository.
```
wget https://privacera.s3.amazonaws.com/public/pm-scripts/airgap-pkg-download-v61.sh
```

Using the script, download Privacera Platform components (packaged as 'Docker images') to your intermediate system. You may choose to download the complete set or in consultation with your Privacera sales advisor, elect to download select a subset based on your licensing and local requirements.

Image Name	Description	Filename
Core Components
privacera-manager	Privacera Manager (Installation Update)	privacera-manager.docker.gz
privacera	Privacera Portal - Centralized Dashboard	privacera.docker.gz
solr	Search engine for privacera	solr.docker.gz
privacera-usersync	Sync users from LDAP/Active Directory to Privacera Portal	privacera-usersync.docker.gz
fluentd	Fluentd log/audit management	privacera_fluentd.docker.gz
zookeeper	Coordination and synchronization service	zookeeper.docker.gz
ranger	Authorization and Authentication	ranger.docker.gz
ranger-usersync	Data access user LDAP/AD importer	ranger-usersync.docker.gz
ranger-tagsync	Discovery to Access Manager tags synchronization	ranger-tagsync.docker.gz
auditserver	Audit/log server abstraction layer	auditserver.docker.gz
Internal Database
mariadb	Default configuration database	mariadb.docker.gz
Access Manager
dataserver	Proxy server based access control service	privacera_dataserver.docker.gz
policysync	Policy-based access control service	privacera_policysync.docker.gz
policysync-v2	Version 2 (V2) of policy-based access control service	privacera_policysync-v2.docker.gz
flowable	BPMN Engine for Access Request workflow	privacera_flowable.docker.gz
Discovery
discovery	Discovery / Spark service for scanning and tagging data	discovery.docker.gz
Kafka	Kafka service for real-time scanning	privacera-kafka.docker.gz
Encryption & Masking
ranger-kms	Apache Ranger KMS	ranger-kms.docker.gz
privacera-peg	Privacera Encryption Gateway (PEG) Service	privacera-peg.docker.gz
Metrics and Monitoring
grafana	Statistics and monitoring	grafana.docker.gz
graphiteapp	Statistics and monitoring	graphite.docker.gz

Script has three actions - pull, push and sync. By default, it runs with pull action which downloads the Privacera packages and images. Script will first request for the Privacera Base and Privacera Manager Download URLs, and then it allows you to select which set of images you prefer to be downloaded from the information provided above.
1. Before running the script, ensure Privacera images with the same tag should not be present in the system. To verify, run docker images command.
2. To pull the packages and images, run the following script. By default, it runs with pull action.
```
sudo chmod +x airgap-pkg-download-v61.sh
./airgap-pkg-download-v61.sh
```
  The following is the sequence of prompts for reference:
  1. Enter the Privacera Base Download URL.
  2. Choose whether you want to download the images of Core Components.
  3. Choose whether you want to download the image of Internal Database.
  4. Choose whether you want to download the images of Access Manager.
  5. Choose whether you want to download the images of Discovery.
  6. Choose whether you want to download the images of Encryption and Masking.
  7. Choose whether you want to download the images of Statistics and Monitoring.
  The scripts lists the packages and images downloaded and saved in ${PWD}/privacera/downloads and ${PWD}/privacera/downloads/images locations respectively.
3. Run the script to upload the packages either to your internal repository or the Privacera Manager host machine.
  With Internal Repository
  Run the script again with push action to upload the images to your private Repository and copy (.tar) packages to your Privacera Manager host.
  ./airgap-pkg-download-v61.sh push
  1. The following is the sequence of prompts for reference:
    
    Enter Privacera Docker Hub URL.
    
    Enter Privacera Image Tag.
    
    Enter Docker login URL
    
    Enter Docker user.
    
    Enter Docker password.
  2. Once the images are pushed to the internal repository, it will clean up images in the ${PWD}/privacera/downloads/images directory and prompts to copy packages to Privacera Manager host.
    
    The following is the sequence of prompts for reference:
    
    Choose whether the the remote user has passwordless access to the PM host.
    
    Enter the host name of the PM host.
    
    Enter the name of the remote user.
  Privacera Manager Host
  Note
  
  The steps below are applicable for a Docker-based environment.
  
  Run the script again with sync action to copy the packages and images to the Privacera Manager host.
```
    ./airgap-pkg-download-v61.sh sync
```
  The following is the sequence of prompts for reference:
  1. Do you want to copy packages to PM Host.
  2. Can current user SSH(Passwordless), to PM Host.
  3. Enter the host name of the PM host.
  4. Enter the name of the remote user.

Configure Privacera Manager#

Log in to the Privacera Manager host.
Configure core services.
Configure the environment.
Configure the deployment mode.
Configure the cloud platform.

Configure Privacera Manager to use Air-Gap installation:

With Internal Repository

cd ~/privacera/privacera-manager
cp config/sample.vars.privacera.yml config/vars.privacera.yml
vi config/vars.privacera.yml

Add the following property and enter your internal repository URL.

privacera_hub_url: "www.your.internal.repo.url.com"

Privacera Manager Host

Note

The steps below are applicable for a Docker-based environment.

cd ~/privacera/privacera-manager
cp config/sample-vars/vars.airgap.install.yml config/custom-vars/

Run the following commands.

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Upgrade Privacera Manager#

With Internal Repository

On the intermediate system, download the latest PM packages and upload them to the internal repository.
Edit the pm-env.sh file.

Run the following command.
```
cd ~/privacera/privacera-manager
vi config/pm-env.sh
```
Update the following in the command below:
- <YOUR_INTERNAL_REPO_URL> - Your internal repository URL where the privacera-manager.tar.gz package is stored.
- <INTERNAL_REPO_HUB_NAME> - Your internal repository name.
- rel_x.x.x.x - Privacera release version.
```
export PRIV_MGR_PACKAGE=<YOUR_INTERNAL_REPO_URL>/privacera-manager.tar.gz
export PRIV_MGR_IMAGE=<INTERNAL_REPO_HUB_NAME>/privacera-manager:rel_x.x.x.x
```

Update the download URL and image tag with the new build number.

Run the following command.

cd ~/privacera/privacera-manager
vi config/vars.privacera.yml

Edit the following properties

PRIVACERA_IMAGE_TAG: "<PLEASE_CHANGE>"
PRIVACERA_BASE_DOWNLOAD_URL: "<PLEASE_CHANGE>"

Run the commands.

cd ~/privacera/privacera-manager
./privacera-manager.sh upgrade-manager

Run the commands.

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Privacera Manager Host

Note

The steps below are applicable for a Docker-based environment.

From your PM host, remove the all files in the downloads folder (~/privacera/downloads) and images folder (~/privacera/downloads/images).
On the intermediate system, download the latest PM packages and copy them to the PM host.
Verify that all the PM packages and images are latest in their respective folders. Also, verify that release tag is updated in the pm-env.sh and vars.privacera.yml files.

Run the commands.

cd ~/privacera/privacera-manager
./privacera-manager.sh upgrade-manager

Run the commands.

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Upgrade Solr Image from 8.5.1 to 8.9.0#

With Internal Repository

In the intermediate system, get the latest Solr image by downloading the privacera_solr.gz package. To download the latest packages, click here.
Upload privacera_solr.gz package to the internal repository URL.
On the PM host, add the following variable in config/vars.privacera.yml.
```
SOLR_IMAGE_TAG: "8.9.0"
```

Run the following command.

cd ~/privacera/privacera-manager
./privacera-manager.sh update

Privacera Manager Host

In the intermediate system, get the latest Solr image by downloading the privacera_solr.gz package. To download the latest packages, click here.
Sync/copy the latest privacera_solr.gz package to the ~/privacera/downloads/images folder in PM host.
On the PM host, add the following variable in config/vars.privacera.yml.
```
SOLR_IMAGE_TAG: "8.9.0"
```

Run the following command.

cd ~/privacera/privacera-manager
./privacera-manager.sh update