This topic provides guidance for installing Package Security Manager in an air-gapped environment.

These instructions assume that you have completed environment preparation and performed the additional environment preparation steps for air-gapped environments.

Installing Package Security Manager

Prior to installing, you will be provided with a Package Security Manager installer location and license from your Anaconda implementation representative.

  1. Download Package Security Manager:

    # Replace <INSTALLER_LOCATION> with the provided installer URL
curl -O <INSTALLER_LOCATION>

  2. Make it executable:

    # Replace <INSTALLER> with the installer you just downloaded
chmod +x <INSTALLER>

  3. Run one of the following installation commands. Choose the command that corresponds with your setup:

    # Replace <INSTALLER> with the installer you just downloaded
# Replace <FQDN> with the fully qualified domain name of your Package Security Manager instance
sudo bash <INSTALLER> --keep -- --domain <FQDN> --default-user anaconda --custom-cve-source file://opt/anaconda/repo/airgap/cve.zip 2>&1 | tee as.install.output

    To include Grafana monitoring dashboards in your installation of Package Security Manager, add the following argument to your installation command:

    --grafana-monitor-stack

The installation process creates three distinct user profiles: one for administrating Package Security Manager, one for administrating Keycloak, and one for accessing Prometheus. Login credentials for these profiles are shown during the installer output. Use these credentials for your initial logins, and update them as soon as possible.

Installing packages and CVEs

In a standard installation, Package Security Manager points to a web URL that contains artifacts for your users to view or download. However, on an air-gapped network, you’ll need to provide network directory folder locations for Package Security Manager to look in when searching for artifacts, and populate those folders with artifacts.

The .zip files you downloaded during environment preparation will be the source of your packages for Package Security Manager. Choose a set of commands that correlate with the files you downloaded during environment preparation to move the files to their correct folder location:

  1. Open your Package Security Manager installation directory.

    # Replace <INSTALLER> with your installation directory
cd <INSTALLER>

  2. Stop Package Security Manager by running the following command:

    docker compose down

  3. Move your airgap .zip files to the correct locations by running the following commands. Choose a set of commands that coorelates with your setup:

  4. Save your work and close the file, then apply your changes to Package Security Manager by running the following:

    docker compose up --detach

  5. Monitor the status of your instance by running the following command:

    docker ps

  6. Once the containers are healthy and running, access your instance of Package Security Manager by navigating to https:://<FQDN>.example.com and complete your installation by entering your license.

Adding hosted miniconda installers

Because air-gapped users do not have access to the internet, Anaconda provides Miniconda installers for your company’s use through Package Security Manager.

  1. Download a valid installers.zip file from the s3 bucket:

    curl -O https://anaconda-airgap-te.s3.amazonaws.com/installers.zip
curl -O https://anaconda-airgap-te.s3.amazonaws.com/installers.sha256

  2. Move the installers.zip file to the airgap folder of Package Security Manager repositoryby running the following command:

    mv /installers.zip /opt/anaconda/repo/airgap/

  3. If necessary, open your Package Security Manager installer directory.

  4. Using your preferred file viewer, open the docker-compose.yml file.

  5. Verify that the following line is present in the volumes section for both the repo_api and repo_worker objects:

    ${BASE_INSTALL_DIR}/airgap:${BASE_INSTALL_DIR}/airgap

    If the above line is not present, add it to both locations. This allows docker to have access to the /opt/anaconda/repo/airgap directory.

  6. Add the following line to the environment section for both the repo_api and repo_worker objects:

    REPO_MINICONDA_INSTALLERS_ZIP_PATH=/opt/anaconda/repo/airgap/installers.zip

  7. Save your work and close the file, then apply your changes to Package Security Manager by running the following command:

    docker compose up --detach

Miniconda installers will now be available for your end users to download from the login page of Package Security Manager.

Was this page helpful?

Standard installationAdministrator guides