PAM standalone offline install

Use these instructions to install Puppet Application Manager (PAM) in an offline environment where the Puppet Application Manager host server does not have direct access to the internet.

Before you begin
  1. Review the Puppet Application Manager system requirements.

    The server must meet the following minimum requirements:

    Memory Storage CPUs Open ports
    2 GB + application requirements

    At least 100 GB for /var/lib and /var/openebs. This is primarily divided among:

    • 2 GB for /var/lib/etcd
    • 32 GB for /var/lib/kubelet
    • 40 GB for /var/lib/containerd
    • 20 GB for /var/openebs + additional application-specific storage.
    2 + application requirements

    TCP: 443, 2379,2380, 6443, 6783, 8800, 9001 (offline only), and 10250

    UDP: 6783, 6784

    Note: Swap and Firewalld are not supported for use with this version of Puppet Application Manager. The installation script attempts to disable these services if they are present. The installation script also disables SELinux by default. If you want to keep SELinux enabled, append the -s preserve-selinux-config switch to the Puppet Application Manager install command. This may require additional configuration to adapt SELinux policy to the installation.
  2. Ensure that IP address ranges 10.96.0.0/22 and 10.32.0.0/22 are locally accessible. See Resolve IP address range conflicts for instructions.
  3. Ensure that the nodes can resolve their own hostnames, through either local host mapping or a reachable DNS server.
  4. If you use the puppetlabs/firewall module to manage your cluster's firewall rules with Puppet, be advised that purging unknown rules from changes breaks Kubernetes communication. To avoid this, apply the puppetlabs/pam_firewall module before installing Puppet Application Manager.

This installation process results in a basic Puppet Application Manager instance. Installation takes several (mostly hands-off) minutes to complete.
  1. From a workstation with internet access, download the cluster installation bundle (note that this bundle is ~6GB):
    https://k8s.kurl.sh/bundle/puppet-application-manager-standalone.tar.gz
  2. Copy the installation bundle to the host node and unpack it:
    tar xzf puppet-application-manager-standalone.tar.gz
  3. Run the installation command:
    cat install.sh | sudo bash -s airgap
    1. The installation script prints the address and password (only shown once, so make careful note of it) for Puppet Application Manager:
      ---
      Kotsadm: http://<PUPPET APPLICATION MANAGER ADDRESS>:8800
      Login with password (will not be shown again): <PASSWORD>
      ---
      Note: If you lose this password or wish to change it, see Reset the Puppet Application Manager password for instructions.
  4. Navigate to the Puppet Application Manager UI using the address provided by the installation script (http://<PUPPET APPLICATION MANAGER ADDRESS>:8800) and follow the prompts.
    The Puppet Application Manager UI is where you manage Puppet applications. You’ll be guided through the process of setting up SSL certificates, uploading a license, and checking to make sure your infrastructure meets application system requirements.
What to do next

Follow the instructions for configuring and deploying your Puppet applications on Puppet Application Manager.

For more information on installing Continuous Delivery for PE offline, see Install Continuous Delivery for PE in an offline environment.

For more information on installing Comply offline, see Install Comply offline.