Privacera Platform master publication

Air-gapped install

:
 

Airgap Installation refers to installation of Privacera product in servers/VMs which are offline or have no access to Privacera Hub Repository to download the required packages and images.

Prerequisites
  • A host machine without internet access where Privacera will be installed. Make sure you have met all the prerequisite hardware configuration and software for your platform, including Docker/Kubernetes on AWS or Azure. See Prerequisites Overview.

  • An intermediate system with internet access to download packages and images from Privacera Hub Repository.

  • Privacera installation variables. For more information about the variables, see Installation Environment Variables

Intermediate system for download

If the Privacera Manager host does not have access to the internet or Privacera Hub Repository, then you will need an intermediate system for access. On this intermediate system, you will download all necessary Privacera packages and images. Once downloaded, you can host the images on your internal repository and copy the packages to any cloud storage or copy them to the Privacera Manager host using SSH.

The Privacera airgap script can help you download the packages and images, push images to your internal repository or copy them to your Privacera Manager host.

Download packages and images of Privacera Manager
  1. On your intermediate system, download the following script. This script allows you to download all the images required for installing Privacera Manager and upload them to an internal repository.

    wget https://privacera.s3.amazonaws.com/public/pm-scripts/airgap-pkg-download-v61.sh
  2. Using the script, download Privacera Platform components (packaged as 'Docker images') to your intermediate system. You may choose to download the complete set, or in consultation with your Privacera sales advisor elect to download select a subset based on your licensing and local requirements.

    Image Name

    Description

    Filename

    Core Components

    privacera-manager

    Privacera Manager (Installation Update)

    privacera-manager.docker.gz

    privacera

    Privacera Portal - Centralized Dashboard

    privacera.docker.gz

    solr

    Search engine for Privacera

    privacera_solr.gz

    privacera-usersync

    Sync users from LDAP/Active Directory to Privacera Portal

    privacera-usersync.docker.gz

    fluentd

    Fluentd log/audit management

    privacera_fluentd.docker.gz

    zookeeper

    Coordination and synchronization service

    zookeeper.docker.gz

    ranger

    Authorization and Authentication

    ranger.docker.gz

    ranger-usersync

    Data access user LDAP/AD importer

    ranger-usersync.docker.gz

    ranger-tagsync

    Discovery to Access Manager tags synchronization

    ranger-tagsync.docker.gz

    auditserver

    Audit/log server abstraction layer

    auditserver.docker.gz

    Internal Database

    mariadb

    Default configuration database

    mariadb.docker.gz

    Access Manager

    dataserver

    Proxy server based access control service

    privacera_dataserver.docker.gz

    policysync

    Policy-based access control service

    privacera_policysync.docker.gz

    policysync-v2

    Version 2 (V2) of policy-based access control service

    privacera_policysync-v2.docker.gz

    flowable

    BPMN Engine for Access Request workflow

    privacera_flowable.docker.gz

    Discovery

    discovery

    Discovery / Spark service for scanning and tagging data

    discovery.docker.gz

    Kafka

    Kafka service for real-time scanning

    privacera-kafka.docker.gz

    Encryption & Masking

    ranger-kms

    Apache Ranger KMS

    ranger-kms.docker.gz

    privacera-peg

    Privacera Encryption Gateway (PEG) Service

    privacera-peg.docker.gz

    Metrics and Monitoring

    grafana

    Statistics and monitoring

    grafana.docker.gz

    graphiteapp

    Statistics and monitoring

    graphite.docker.gz

  3. The script has three actions - pull, push and sync. By default, it runs the pull action which downloads the Privacera packages and images. The script will first request for the Privacera Base and Privacera Manager Download URLs, then you to select which set of images to be downloaded (see above table).

    1. Before running the script, ensure Privacera images with the same tag should not be present in the system. To verify, run docker images command.

    2. To pull the packages and images, run the following script. By default, it runs with pull action.

      sudo chmod +x airgap-pkg-download-v61.sh ./airgap-pkg-download-v61.sh

      Sequence of prompts:

      • Enter the Privacera Base Download URL.

      • Choose whether you want to download the images of Core Components.

      • Choose whether you want to download the image of Internal Database.

      • Choose whether you want to download the images of Access Manager.

      • Choose whether you want to download the images of Discovery.

      • Choose whether you want to download the images of Encryption and Masking.

      • Choose whether you want to download the images of Statistics and Monitoring.

      The scripts lists the packages and images downloaded and saved in ${PWD}/privacera/downloads and ${PWD}/privacera/downloads/images locations respectively.

    3. Run the script to upload the packages either to your internal repository or the Privacera Manager host machine.

      Internal Repository

      Run the script again with push action to upload the images to your private Repository and copy (.tar) packages to your Privacera Manager host.

      ./airgap-pkg-download-v61.sh push
      1. Sequence of prompts:

        • Enter Privacera Docker Hub URL.

        • Enter Privacera Image Tag.

        • Enter Docker login URL

        • Enter Docker user.

        • Enter Docker password.

      2. Once the images are pushed to the internal repository, it will clean up images in the ${PWD}/privacera/downloads/images directory and prompts to copy packages to Privacera Manager host.

        The following is the sequence of prompts for reference:

        • Choose whether the the remote user has passwordless access to the PM host.

        • Enter the host name of the PM host.

        • Enter the name of the remote user.

      Privacera Manager Host

      Note

      The steps below are applicable for a Docker-based environment.

      Run the script again with sync action to copy the packages and images to the Privacera Manager host.

      ./airgap-pkg-download-v61.sh sync

      The following is the sequence of prompts for reference:

      • Do you want to copy packages to PM Host.

      • Can current user SSH(Passwordless), to PM Host.

      • Enter the host name of the PM host.

      • Enter the name of the remote user.

Configure Privacera Manager
  1. Log in to the Privacera Manager host.

  2. Follow the steps on Configure the deployment mode to configure the enviroment, deployment mode and cloud platform.

  3. Configure Privacera Manager to use Air-Gap installation, with either the internal repository or the PM Host:

    Internal Repository

    cd ~/privacera/privacera-manager 
    cp config/sample.vars.privacera.yml config/vars.privacera.yml vi config/vars.privacera.yml

    Add the following property and enter your internal repository URL.

    privacera_hub_url: "www.your.internal.repo.url.com"

    Privacera Manager Host

    Note

    This is applicable for a Docker-based environment.

    cd ~/privacera/privacera-manager 
    cp config/sample-vars/vars.airgap.install.yml config/custom-vars/
  4. Run the following commands to update.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update
Upgrade Privacera Manager
Internal Repository
  1. On the intermediate system, download the latest PM packages and upload them to the internal repository.

  2. Edit the pm-env.sh file.

    cd ~/privacera/privacera-manager vi config/pm-env.sh

    Update the following in the command below:

    • <YOUR_INTERNAL_REPO_URL> - Your internal repository URL where the privacera-manager.tar.gz package is stored.

    • <INTERNAL_REPO_HUB_NAME> - Your internal repository name.

    • rel_x.x.x.x - Privacera release version.

    export PRIV_MGR_PACKAGE=<YOUR_INTERNAL_REPO_URL>/privacera-manager.tar.gz 
    export PRIV_MGR_IMAGE=<INTERNAL_REPO_HUB_NAME>/privacera-manager:rel_x.x.x.x
  3. Update the download URL and image tag with the new build number. Open config/vars.privacera.yml.

    cd ~/privacera/privacera-manager 
    vi config/vars.privacera.yml 

    Edit the following properties:

    PRIVACERA_IMAGE_TAG:"<PLEASE_CHANGE>"
    PRIVACERA_BASE_DOWNLOAD_URL:"<PLEASE_CHANGE>"
  4. Upgrade Privacera Manager with the following commands.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh upgrade-manager
    ./privacera-manager.sh update
Privacera Manager Host

Note

The steps below are applicable for a Docker-based environment.

  1. From your PM host, remove the all files in the downloads folder (~/privacera/downloads) and images folder (~/privacera/downloads/images).

  2. On the intermediate system, download the latest PM packages and copy them to the PM host.

  3. Verify that all the PM packages and images are the latest versions in their respective folders. Also, verify that release tag is updated in the pm-env.sh and vars.privacera.yml files.

  4. Upgrade Privacera Manager with the following commands.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh upgrade-manager
    ./privacera-manager.sh update
    
Upgrade Solr from 8.5.1 to 8.9.0
Internal Repository
  1. In the intermediate system, get the latest Solr image by downloading the privacera_solr.gz package.

  2. Upload privacera_solr.gz package to the internal repository URL.

  3. On the PM host, add the following variable in config/vars.privacera.yml.

    SOLR_IMAGE_TAG:"8.9.0"
  4. Upgrade Privacera Manager with the following commands.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update
Privacera Manager Host
  1. In the intermediate system, get the latest Solr image by downloading the privacera_solr.gz package.

  2. Sync/copy the latest privacera_solr.gz package to the ~/privacera/downloads/images folder in PM host.

  3. On the PM host, add the following variable in config/vars.privacera.yml.

    SOLR_IMAGE_TAG:"8.9.0"
  4. Upgrade Privacera Manager with the following commands.

    cd ~/privacera/privacera-manager 
    ./privacera-manager.sh update