Installing in air gap environment

You can launch the Cloudera Data Services on premises installation wizard from Cloudera Manager and follow the steps to install Cloudera Data Services on premises in an air gap environment where your Cloudera Manager instance or your Kubernetes cluster does not have access to the Internet.

Ensure that your Kubernetes kubeconfig has permissions to create Kubernetes namespaces.
You require persistent storage classes defined in your OpenShift cluster. Storage classes can be defined by OpenShift cluster administrators.
Only TLS-enabled custom Docker Registry is supported. Ensure that you use a TLS certificate to secure the custom Docker Registry. The TLS certificate can be self-signed, or signed by a private or public trusted Certificate Authority (CA).
Only TLS 1.2 is supported for authentication with Active Directory/LDAP. You require TLS 1.2 to authenticate the Cloudera Control Plane with your LDAP directory service like Active Directory.
OCP network configurations that restrict pod communication are not supported. For example, multi-tenancy isolation with network policy is not supported.

If this Cloudera Manager instance or your Kubernetes cluster does not have connectivity to https://archive.cloudera.com/p/cdp-pvc-ds/, you must mirror the Cloudera archive URL using a local HTTP server.

In Cloudera Manager, on the top right corner, click Add > Add Cluster. The Select Cluster Type page appears.
On the Select Cluster Type page, select the cluster type as on premises Containerized Cluster. Under Other Options, click here to install Cloudera Data Services on premises. Click Continue.
On the Getting Started page of the installation wizard, select Air Gapped as the Install Method. When you select the Air Gapped install option, extra steps are displayed. Follow these steps to download the Cloudera Data Services on premises deliverables .
1. Offline download everything under the release you have been asked to download with the below command: LINK=https://<username>:<password>@archive.cloudera.com/p/cdp-pvc-ds/ && echo "$LINK$(curl -I "$LINK/latest/" 2>/dev/null | grep location | awk '{print $2}' | awk -F'/' '{print $4}')/" |xargs wget -l 0 --recursive --no-parent -e robots=off -nH --cut-dirs=2 --reject="index.html*" -t 10
  In the above command, replace username, password as provided by Cloudera.
  note
  If you want to download a specific version, locate the release name and version from https://archive.cloudera.com/p/cdp-pvc-ds/ and replace '$LINK/latest' to '$LINK/<release name and version>' in the above command. For example, to download 1.5.4-h4, replace '$LINK/latest' with '$LINK/1.5.4-h4' in the above command.
  note
  The deliverables of Data Services are huge (over a 100 GB), hence ensure that you have adequate storage before downloading. Also, in order to save time and storage after all the downloads, you can delete from the downloaded folder the following:
  Considering, 1.5.4-h4 as an example:
  
  Under 1.5.4-h4/parcels keep only the files related to your OS (either RHEL8 or RHEL9)
  
  Under 1.5.4-h4/images you will get all the images for all matching base releases. For example, if you are using Cloudera Base on premises 7.1.9, then you can safely remove all the files that contain the string *7.1.7* or *7.1.8* to reduce the folder size. Since these images are among the largest in the folder, it should reduce the size of the overall release dramatically, and eventually you should have around 100 GB.
2. Once you have all the needed files, create on your local http server a new folder (parallel to the folders of the Cloudera Manager and the CDH releases) as follows (example given for the 1.5.4-h4 release):
```
sudo mkdir -p 
/var/www/html/cloudera-repos/cdp–pvc-ds/1.5.4-h4
```
3. In case needed, pass the files to the customer for approval, and once they are approved, ask the customer to place them in the target folder created above (or into the customer organizational repository in case such is used). Once the files were moved into the folder, ensure that they have the same permissions as the cm7 files by running (example given for the 1.5.4-h4 release):
```
sudo chmod -R 755 
/var/www/html/cloudera-repos/cdp-pvc-ds/1.5.4-h4
```
4. Visit the Repository URL: http:///cloudera-repos/ in your browser and verify the files you downloaded are present. If you do not see anything, your web server may have been configured to not show indexes.
5. Click the Select Repository drop-down and select http://your_local_repo/cdp-pvc-ds/1.5.4-h4 (example given for the 1.5.4-h4 release)
6. Click Next.
note
You can also apply a template that you may have downloaded during a previous installation. The template contains all the installation configurations. Click Apply Previously Download Template to browse and upload a template stored on your machine.
On the Configure Docker Repository page, you must select one of the Docker repository options.
- Use a custom Docker Repository - Selecting this option, copies all images (Internet or Air Gapped) to the embedded registry. If you select Use a custom Docker Repository option, then enter your local Docker Repository in the Custom Docker Repository field in the following format:[*DOCKER REGISTRY*]/[*REPOSITORY NAME*].
  note
  If the custom docker registry uses self-signed certificate or certificate from CA not recognised on the OCP cluster, then execute the following:
  $oc create configmap registry-cas -n openshift-config \ --from-file=<hostname>..<port>=/tmp/docker-reg.crt $oc patch image.config.openshift.io/cluster --patch '{"spec":{"additionalTrustedCA":{"name":"registry-cas"}}}' --type=merge Registry Hostname, portname will be used as <hostname>..<port> i.e. mydockerregistryhost.com <http://jtran-noexec2-2.vpc.cloudera.com/>..5000
- Use Cloudera default Docker Repository - Selecting this option, copies images from Internet to the embedded registry. This uses the default repository that is in manifest.json. This option can be selected only if you have selected Internet as the install method. Use Cloudera default Docker Repository if you are setting up Cloudera on premises in non-production environments.
Follow the steps below to prepare your Docker Repository from a machine that is running Docker locally and has access to all the Docker images either directly from Cloudera or a local HTTP mirror in your network:
1. Click Generate the copy-docker script on the wizard or download the script file.
2. Log in to your custom Docker Registry and run the script using the following commands.
```
docker login <your_custom_registry> -u <user_with_write_access>
                                bash copy-docker.txt
```
  note
  This command downloads 100+ Docker images and it will take some time to download.
3. Enter your Docker user name and password.
4. Click Choose File to upload your Docker certificate.
5. Click Continue.
If you select Use an custom Docker Repository option, then you can download and deploy the Data Services that you need for your cluster.
1. By selecting Default, all the data services will be downloaded and deployed.
2. By selecting Select the optional images:
  - If you switch off the Cloudera AI toggle key, then the Cloudera AI runtimes will not be installed.
  - If you switch on the Cloudera AI toggle key, then the Cloudera AI runtimes will be installed.
Click Continue.
On the Configure Databases page, click Next.
On the Configure Kubernetes page, enter your Kubernetes, Docker, database, and vault information.
1. Upload a Kubernetes configuration (kubeconfig) file from your existing environment. You can obtain this file from your OpenShift Container Platform administrator. Ensure that this kubeconfig has permissions to create Kubernetes namespaces.
2. In the Kubernetes Namespace field, enter the Kubernetes namespace that you want to use with this Cloudera on premises deployment. Kubernetes virtual clusters are called namespaces. For more information, see Kubernetes namespaces
3. Enter your Vault information and upload a CA certificate. Cloudera recommends that you use an external Vault for production environments. Enter the Vault address and token, and upload a CA certificate.
4. Enter a Block Storage Class to be configured on the Kubernetes cluster. Cloudera on premises uses Persistent Volumes to provision storage. You can leave this field empty if you have a default storage class configured on your Openshift cluster. Click Continue.
If you want to use this installation configuration again to install Cloudera on premises, you have the option to download this information as a template.

The template file is a text file that contains the database and vault information that you entered for this installation. This template is useful if you will be installing Cloudera on premises again with the same databases, as the template will populate the fields here automatically. Note that the user password information is not saved in the template.
The Installation Progress page appears. Click Continue.
The summary message with a link to Launch Cloudera on premises appears.

Click Launch Cloudera on premises to launch your Cloudera Data Services on premises.
Log in using the default user name and password admin/admin.
In the Welcome to Cloudera on premises page, click Change Password to change the Local Administrator Account password.
Set up external authentication using the URL of the LDAP server and a CA certificate of your secure LDAP. Follow the instructions on the Welcome to Cloudera on premises page to complete this step.
Click Test Connection to ensure that you can connect to the configured LDAP server.
Register a Cloudera Data Services on premises environment.
Create your first Virtual Warehouse in the Cloudera Data Warehouse Data Services and/or Provision an Cloudera AI Workbench in the Cloudera AI Data Services.