Chapter 4. Installing Discovery containers with the disconnected installation process
The disconnected installation process is required when you want to run Discovery from a system that does not have internet access, also commonly referred to as a disconnected, offline, or air-gapped environment. During the Discovery disconnected installation process, you must complete some steps on a connected system, one that has internet connectivity. These steps include obtaining the container images from the Red Hat Ecosystem Catalog website and then transferring the images to the disconnected system that you intend to use as the Discovery server. You also complete steps on the disconnected system to install, configure the environment for, and start the Discovery containers.
The disconnected installation process uses Podman to install the containers for the Discovery server and its supporting PostgreSQL database. You will need sudo access to install Podman on your system if it is not already present. However, running the Discovery application with sudo access or as the root user is not supported.
Prerequisites
- Before you begin, ensure that all hardware, software, and environment prerequisites are installed and configured. For more information about the prerequisites, see Installing prerequisites for Discovery.
Procedure
To install Discovery with the disconnected installation process, you do the following tasks:
From the connected system, run a series of commands:
- Access and download the container images.
From the disconnected system, run a series of commands:
- Transfer the container images to the disconnected system.
- Install, configure, and start the Discovery server and database containers.
4.1. Installing the Discovery database and server container images for the disconnected installation
During the disconnected installation of the Discovery database and server container images, you begin with a connected system to install the Podman container management tool and obtain the Discovery containers from the container images on the Red Hat Ecosystem Catalog website. You then transfer those container images to the disconnected system where you want to run Discovery, install Podman on the disconnected system, configure the containers and configure Discovery, and start the containers.
While you are completing the steps to configure the containers and configure Discovery, you must enter values for a number of environment variables. The example code provided in the following procedure includes example values for these environment variables. All of the environment variable values can be customized to suit the needs of your environment. For example, due to heavy traffic on your network, you might need to set a longer connection timeout than the default provided in the example command. To do so, you would change the value of the -e NETWORK_CONNECT_JOB_TIMEOUT environment variable.
Included in the environment variables that you set are the Discovery server administrator username, server administrator password, server hostname, and server port. These values can also be changed, and it is possible that security standards at your organization might require that you change them. At a minimum, you should change the password value to align with common security best practices.
The server administrator password must be:
- at least ten characters
- cannot be a word found in the dictionary
- cannot be the previously provided Discovery default passwords
- cannot be numeric only
The values for the username, password, and hostname are set with -e option for the podman run command. The value for the port is set with the --publish 9443:443 option for the podman run command. The following list contains the defaults for these Discovery environment variables:
-
server administrator username:
admin -
server hostname:
localhost -
server port:
9443
Note any changes to any usernames and passwords in the environment variables in the password management system that is used by your organization. Red Hat does not provide support for lost passwords for Discovery, and Discovery does not offer a method to recover these usernames and passwords.
In addition, if you upgrade Discovery, you must use the same database username and password during the upgrade. The failure to use the same database credentials could result in data loss of previously stored Discovery data.
Prerequisites
- The connected system on which you are downloading the Discovery container images must be connected to the internet.
- The connected system must be able to connect to the Red Hat Ecosystem Catalog.
Procedure
To install the Discovery server and database containers with the disconnected installation process, use the following steps:
On the connected system
Log in to the Red Hat Ecosystem Catalog (the registry.redhat.io website). When prompted, supply your Red Hat Customer Portal account credentials.
$ podman login registry.redhat.io
Pull the Discovery database and server containers and save them as
.tar.gzfiles.$ podman pull registry.redhat.io/rhel8/postgresql-12:latest $ podman save registry.redhat.io/rhel8/postgresql-12:latest -o postgres.tar.gz $ podman pull registry.redhat.io/discovery/discovery-server-rhel9:latest $ podman save registry.redhat.io/discovery/discovery-server-rhel9 -o discovery.tar.gz
On the disconnected system
-
Use the transfer method of your choice to transfer the
postgres.tar.gzanddiscovery.tar.gzfiles to the disconnected system where you are going to install Discovery. Load the container images into container storage.
$ podman load -i postgres.tar.gz $ podman load -i discovery.tar.gz
Create directories for the discovery server.
$ mkdir -p "${HOME}"/.local/share/discovery/data $ mkdir -p "${HOME}"/.local/share/discovery/log $ mkdir -p "${HOME}"/.local/share/discovery/sshkeysRun the following command to start and configure the Discovery database container in a new
discovery-podpod. This command is shown on multiple lines for readability, but note the continuation characters at the end of each line.ImportantThe following sample command contains the settings for multiple Discovery environment variables. The values of these environment variables can be changed as needed for your environment. In particular, the value for the Discovery server administrator password is used in multiple environment variables in this step and the following step and is shown as a variable because it is strongly recommended that you change this value. As you do this step, preserve any changed values for the environment variables related to usernames and passwords in your password management system. Discovery does not offer a method to recover these usernames and passwords.
$ podman run --name dsc-db \ --pod new:discovery-pod \ --publish 9443:443 \ --restart on-failure \ -e POSTGRESQL_USER=dsc \ -e POSTGRESQL_PASSWORD=server_administrator_password \ -e POSTGRESQL_DATABASE=dsc-db \ -v dsc-data:/var/lib/pgsql/data \ -d registry.redhat.io/rhel8/postgresql-12:latestRun the following command to start and configure the Discovery server container in the
discovery-podpod. This command is shown on multiple lines for readability, but note the continuation characters at the end of each line.ImportantThe following sample command contains the settings for multiple Discovery environment variables. The values of these environment variables can be changed as needed for your environment. As in the previous step, the value for the Discovery server administrator password is shown as a variable. As you do this step, preserve any changed values for the environment variables related to usernames and passwords in your password management system. Discovery does not offer a method to recover these usernames and passwords.
$ podman run \ --name discovery \ --restart on-failure \ --pod discovery-pod \ -e DJANGO_DEBUG=False \ -e NETWORK_CONNECT_JOB_TIMEOUT=60 \ -e NETWORK_INSPECT_JOB_TIMEOUT=600 \ -e PRODUCTION=True \ -e QPC_DBMS_HOST=localhost \ -e QPC_DBMS_PASSWORD=server_administrator_password \ -e QPC_DBMS_USER=dsc \ -e QPC_DBMS_DATABASE=dsc-db \ -e QPC_SERVER_PASSWORD=server_administrator_password \ -e QPC_SERVER_TIMEOUT=120 \ -e QPC_SERVER_USERNAME=admin \ -e QPC_SERVER_USER_EMAIL=admin@example.com \ -v "${HOME}"/.local/share/discovery/data/:/var/data:z \ -v "${HOME}"/.local/share/discovery/log/:/var/log:z \ -v "${HOME}"/.local/share/discovery/sshkeys/:/sshkeys:z \ -d registry.redhat.io/discovery/discovery-server-rhel9:latest
Additional resources
- For more information about the optional procedure to install the Discovery command line interface, see Installing the Discovery command line interface.
- For more information about logging in to Discovery, see Accessing the Discovery user interface.
