Managing clusters in a disconnected or air-gapped environment v23
In a security controlled environment where no direct connection to the Internet is allowed, it is necessary to provide all packages needed by TPA to complete the deployment. This can be done via a local-repo on each node in the cluster. TPA supports the addition of custom repositories on each node via a local-repo and the required packages can be downloaded using the download-packages command.
Choose an internet connected machine where you can install TPA and follow the instructions below to either copy an existing cluster configuration or create a new cluster.
If the air-gapped server does not already have TPA installed, follow the instructions here to install it.
If you have an existing cluster in a disconnected environment, all you
need on the internet connected host is the config.yml. Create a
directory and copy that file into it then run
tpaexec relink on that
directory to generate the remaining files that would normally be created
Alternatively, to create a new configuration for an environment where the target instances will not have network access, configure a new cluster with this option:
This will do everything that
--enable-local-repo does, and disable the
configuration for all other package repositories. On RedHat instances,
this also includes disabling access to subscription-based services.
In an existing cluster, you can set
use_local_repo_only: yes in
Note: that you do not need separate cluster configurations for internet connected and disconnected environments, the options below work in both.
More info on using local-repo for distributing packages
On the internet connected machine, ensure that you have docker installed and run:
See detailed description for the package downloader.
The resulting repository will be contained in the
cluster-dir/local-repo directory. This is a complete package repo for
the target OS. Copy this directory, from the connected controller to the
disconnected controller that will be used to deploy the cluster. Place
the directory in the same place, beneath the cluster directory. TPA
will then copy packages to the instances automatically when
Ensure that the cluster config.yml has been configured as above in
tpaexec provision and
deploy as you
You can use the upgrade command to
perform updates in an air-gapped environment. Prior to running this
command you must run
download-packages on the connected controller and
copy the updated repository to the disconnected controller.