Skip to content

Air-gapped Install#

Airgap Installation refers to installation of Privacera product in servers/VMs which are offline or have no access to Privacera Hub Repository to download the required packages and images.

Prerequisites#

Ensure the following prerequisites are met:

  • A host machine without internet access where Privacera will be installed. Make sure you have met all the prerequisite hardware configuration and software for your platform, including Docker/Kubernetes on AWS or Azure. See Prerequisites Overview.

  • An intermediate system with internet access to download packages and images from Privacera Hub Repository.

  • Privacera installation variables. For more information about the variables, see Installation Environment Variables

Using Intermediate System#

If Privacera Manager host does not have access to the internet or Privacera Hub Repository, then you will need an intermediate system that can access the internet and Privacera Hub Repository. On this intermediate system, you will be downloading all necessary Privacera packages and images.

Once the required packages and images are downloaded, you can host the images on your internal repository, and copy the packages to any cloud storage or just copy them to the Privacera Manager host using SSH.

Privacera airgap script can help you in downloading the packages and images, pushing images to your internal repository or copying them to your Privacera Manager host.

Download Packages and Images of Privacera Manager#

  1. On your intermediate system, download the following script. The script allows you to download all the images required for installing Privacera Manager, and upload them to an internal repository.

    wget https://privacera.s3.amazonaws.com/public/pm-scripts/airgap-pkg-download-v61.sh
    
  2. Using the script, download Privacera Platform components (packaged as 'Docker images') to your intermediate system.  You may choose to download the complete set or in consultation with your Privacera sales advisor, elect to download select a subset based on your licensing and local requirements.

    Image Name Description Filename
    Core Components
    privacera-manager Privacera Manager (Installation Update) privacera-manager.docker.gz
    privacera Privacera Portal - Centralized Dashboard privacera.docker.gz
    solr Search engine for privacera solr.docker.gz
    privacera-usersync Sync users from LDAP/Active Directory to Privacera Portal privacera-usersync.docker.gz
    fluentd Fluentd log/audit management privacera_fluentd.docker.gz
    zookeeper Coordination and synchronization service zookeeper.docker.gz
    ranger Authorization and Authentication ranger.docker.gz
    ranger-usersync Data access user LDAP/AD importer ranger-usersync.docker.gz
    ranger-tagsync Discovery to Access Manager tags synchronization ranger-tagsync.docker.gz
    auditserver Audit/log server abstraction layer auditserver.docker.gz
    Internal Database
    mariadb Default configuration database mariadb.docker.gz
    Access Manager
    dataserver Proxy server based access control service privacera_dataserver.docker.gz
    policysync Policy-based access control service privacera_policysync.docker.gz
    policysync-v2 Version 2 (V2) of policy-based access control service privacera_policysync-v2.docker.gz
    flowable BPMN Engine for Access Request workflow privacera_flowable.docker.gz
    Discovery
    discovery Discovery / Spark service for scanning and tagging data discovery.docker.gz
    Kafka Kafka service for real-time scanning privacera-kafka.docker.gz
    Encryption & Masking
    ranger-kms Apache Ranger KMS ranger-kms.docker.gz
    privacera-peg Privacera Encryption Gateway (PEG) Service privacera-peg.docker.gz
    Metrics and Monitoring
    grafana Statistics and monitoring grafana.docker.gz
    graphiteapp Statistics and monitoring graphite.docker.gz

  3. Script has three actions - pull, push and sync. By default, it runs with pull action which downloads the Privacera packages and images. Script will first request for the Privacera Base and Privacera Manager Download URLs, and then it allows you to select which set of images you prefer to be downloaded from the information provided above.

    1. Before running the script, ensure Privacera images with the same tag should not be present in the system. To verify, run docker images command.

    2. To pull the packages and images, run the following script. By default, it runs with pull action.

      sudo chmod +x airgap-pkg-download-v61.sh
      ./airgap-pkg-download-v61.sh
      

      The following is the sequence of prompts for reference:

      1. Enter the Privacera Base Download URL.
      2. Choose whether you want to download the images of Core Components.
      3. Choose whether you want to download the image of Internal Database.
      4. Choose whether you want to download the images of Access Manager.
      5. Choose whether you want to download the images of Discovery.
      6. Choose whether you want to download the images of Encryption and Masking.
      7. Choose whether you want to download the images of Statistics and Monitoring.

      The scripts lists the packages and images downloaded and saved in ${PWD}/privacera/downloads and ${PWD}/privacera/downloads/images locations respectively.

    3. Run the script to upload the packages either to your internal repository or the Privacera Manager host machine.

      Run the script again with push action to upload the images to your private Repository and copy (.tar) packages to your Privacera Manager host.

      ./airgap-pkg-download-v61.sh push
      
      1. The following is the sequence of prompts for reference:

        1. Enter Privacera Docker Hub URL.
        2. Enter Privacera Image Tag.
        3. Enter Docker login URL
        4. Enter Docker user.
        5. Enter Docker password.
      2. Once the images are pushed to the internal repository, it will clean up images in the ${PWD}/privacera/downloads/images directory and prompts to copy packages to Privacera Manager host.

        The following is the sequence of prompts for reference:

        1. Choose whether the the remote user has passwordless access to the PM host.
        2. Enter the host name of the PM host.
        3. Enter the name of the remote user.

      Note

      The steps below are applicable for a Docker-based environment.

      Run the script again with sync action to copy the packages and images to the Privacera Manager host.

          ./airgap-pkg-download-v61.sh sync
      

      The following is the sequence of prompts for reference:

      1. Do you want to copy packages to PM Host.
      2. Can current user SSH(Passwordless), to PM Host.
      3. Enter the host name of the PM host.
      4. Enter the name of the remote user.

Configure Privacera Manager#

  1. Log in to the Privacera Manager host.

  2. Configure core services.

  3. Configure the environment.

  4. Configure the deployment mode.

  5. Configure the cloud platform.

  6. Configure Privacera Manager to use Air-Gap installation:

    cd ~/privacera/privacera-manager
    cp config/sample.vars.privacera.yml config/vars.privacera.yml
    vi config/vars.privacera.yml
    

    Add the following property and enter your internal repository URL.

    privacera_hub_url: "www.your.internal.repo.url.com"
    

    Note

    The steps below are applicable for a Docker-based environment.

    cd ~/privacera/privacera-manager
    cp config/sample-vars/vars.airgap.install.yml config/custom-vars/
    
  7. Run the following commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Upgrade Privacera Manager#

  1. On the intermediate system, download the latest PM packages and upload them to the internal repository.

  2. Edit the pm-env.sh file.

    Run the following command.

    cd ~/privacera/privacera-manager
    vi config/pm-env.sh
    

    Update the following in the command below:

    • <YOUR_INTERNAL_REPO_URL> - Your internal repository URL where the privacera-manager.tar.gz package is stored.
    • <INTERNAL_REPO_HUB_NAME> - Your internal repository name.
    • rel_x.x.x.x - Privacera release version.
    export PRIV_MGR_PACKAGE=<YOUR_INTERNAL_REPO_URL>/privacera-manager.tar.gz
    export PRIV_MGR_IMAGE=<INTERNAL_REPO_HUB_NAME>/privacera-manager:rel_x.x.x.x
    
  3. Update the download URL and image tag with the new build number.

    Run the following command.

    cd ~/privacera/privacera-manager
    vi config/vars.privacera.yml
    

    Edit the following properties

    PRIVACERA_IMAGE_TAG: "<PLEASE_CHANGE>"
    PRIVACERA_BASE_DOWNLOAD_URL: "<PLEASE_CHANGE>"
    
  4. Run the commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh upgrade-manager
    
  5. Run the commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Note

The steps below are applicable for a Docker-based environment.

  1. From your PM host, remove the all files in the downloads folder (~/privacera/downloads) and images folder (~/privacera/downloads/images).

  2. On the intermediate system, download the latest PM packages and copy them to the PM host.

  3. Verify that all the PM packages and images are latest in their respective folders. Also, verify that release tag is updated in the pm-env.sh and vars.privacera.yml files.

  4. Run the commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh upgrade-manager
    
  5. Run the commands.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    

Upgrade Solr Image from 8.5.1 to 8.9.0#

  1. In the intermediate system, get the latest Solr image by downloading the privacera_solr.gz package. To download the latest packages, click here.

  2. Upload privacera_solr.gz package to the internal repository URL.

  3. On the PM host, add the following variable in config/vars.privacera.yml.

    SOLR_IMAGE_TAG: "8.9.0"
    
  4. Run the following command.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update
    
  1. In the intermediate system, get the latest Solr image by downloading the privacera_solr.gz package. To download the latest packages, click here.

  2. Sync/copy the latest privacera_solr.gz package to the ~/privacera/downloads/images folder in PM host.

  3. On the PM host, add the following variable in config/vars.privacera.yml.

    SOLR_IMAGE_TAG: "8.9.0"
    
  4. Run the following command.

    cd ~/privacera/privacera-manager
    ./privacera-manager.sh update