If any of your swarm nodes are offline (do not have external
connectivity), you must manually import the Puppet Remediate images in order to install the
product.
Before you begin
Prior to installing Remediate on any offline nodes, check that you have carried out the
following prerequisite tasks:
- Make sure you meet the system requirements for installing and running Remediate, and that you have
received your license.
- Ensure that Docker and Docker Compose are installed on the nodes where you
want to install the Remediate
images. If you are installing Docker Compose on Windows, ensure that you
create a new Windows
environment variable called
COMPOSE_CONVERT_WINDOWS_PATHS
and set it to 1
. This enables path conversion
from Windows-style to Unix-style in volume definitions.
- Ensure that your license is added to the nodes where you want to install the
Remediate images.
To install Remediate on nodes that do not have network connectivity:
-
On a node with internet connectivity:
-
Download the offline Remediate image
bundle (https://storage.googleapis.com/remediate/stable/latest/offline/images.tar.gz)
-
Download the offline
docker-compose.yml
file
(https://storage.googleapis.com/remediate/stable/latest/offline/docker-compose.yml)
Note: Skip this step if you are using your own custom Docker registry.
-
Optionally, you can verify the image bundle and offline
docker-compose.yml
files signatures:
With each Puppet Remediate release, a digital
signature is created using the private key portion of an asymmetric key. You
can manually validate the signature using the public key portion of the same
asymmetric key.
-
Download the offline
docker-compose.yml
file signature and the image bundle signature, along with the
public key to the same directory as your
docker-compose.yml
and license file.
-
Run the following commands:
openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature docker_compose_signature docker-compose.yml
And:
openssl dgst -sha256 -verify puppet-remediate-signing-key.pub -signature images_signature images.tar.gz
If the signature is valid, you will get the
following response for each command:
Verified Ok
-
Copy the Remediate image bundle and offline
docker-compose.yml
file to the offline node where you
want to install Remediate.
-
On the node where you want to install Remediate, initialize a swarm by running the
following command:
-
Run the Docker
load
command:
docker load -i images.tar.gz
-
Use the following command to start Remediate (replacing
your-license.json
with your
own license):
docker-compose run remediate start -o --license-file ./your-license.json
CAUTION: If you start
Remediate without a license file you will not have access to the
full range of
Remediate functionality. If you started
Remediate without a license file in error, simply stop the
application by issuing the following
command:
docker-compose run remediate stop
And start Remediate again using the --license-file
parameter as outlined above.
-
To check that the containers have started
running, run this command:
The list of running containers:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
36139cda23ca gcr.io/puppet-discovery/pdp-go:<version> "/app/entrypoint.sh" 3 minutes ago Up 3 minutes (healthy) 8082/tcp, 8087/tcp remediate_gopdp.1.w035aad0ifvu0ynaimxy64lcq
43709401f394 gcr.io/puppet-discovery/pd-storage:<version> "storageEntryPoint.s…" 3 minutes ago Up 3 minutes (healthy) 5432/tcp remediate_storage.1.omv1rrd3rwhnwo3ngurgtcnxk
551b061acc98 gcr.io/puppet-discovery/licensing-api:<version> "/entrypoint.sh" 3 minutes ago Up 3 minutes (healthy) remediate_licensing.1.kdoj7s492el77rdpc2rza3fx7
43a3568e6b5a vault:1.1.2 "docker-entrypoint.s…" 3 minutes ago Up 3 minutes (healthy) 8200/tcp remediate_vault.1.k0jgyxxi45ldn4pqadhgvjf0o
11b90d8564ef gcr.io/puppet-discovery/identity:<version> "/opt/jboss/tools/do…" 3 minutes ago Up 3 minutes (healthy) 8080/tcp, 8443/tcp remediate_identity.1.b1wkt4kx4ps107949k14ctsqx
1235fd27cbdc gcr.io/puppet-discovery/frontdoor:<version> "nginx -g 'daemon of…" 3 minutes ago Up 3 minutes (healthy) 80/tcp remediate_frontdoor.1.oib8jsr7u4z6wqxvjz02mxcxz
a3a641af5269 gcr.io/puppet-discovery/pdp-proxy:<version> "/pdp-proxy-svc" 3 minutes ago Up 3 minutes (healthy) 9200/tcp remediate_export.1.uin509pnc2zb4pf3rdjr1so0x
c60250b8a2eb gcr.io/puppet-discovery/node-ui:<version> "/usr/src/app/entryp…" 3 minutes ago Up 3 minutes (healthy) remediate_ui.1.3u0tewgou7t4hz2c46nn4mydo
f9af99dc9ca7 gcr.io/puppet-discovery/edge:<version> "/edge-svc" 3 minutes ago Up 3 minutes 9997/tcp remediate_edge.1.koacwnjoce2tabwcbi73619fu
149485b54fec gcr.io/puppet-discovery/controller:<version> "/controller-svc" 4 minutes ago Up 4 minutes (healthy) 9999/tcp remediate_controller.1.mww2fm9up4lmeisjorul89hr4
f9f1ab4a029d gcr.io/puppet-discovery/vr:<version> "/vr-svc" 4 minutes ago Up 4 minutes (healthy) remediate_vr.1.yjlliup91g4mac1bklvvw2nqq
-
To access Remediate on a local workstation,
the URL is
https://localhost:8443
, or port
8443
on the host where you installed Remediate.
Note: When you first open the site, a warning message will be displayed that
indicates the site certificate is untrusted. This is because Remediate uses a self-signed certificate and is expected behavior.
Accept the certificate to continue.
-
Read and accept the software license
agreement.
-
Sign in to Remediate.
For default usernames and passwords, see Managing user access.