Install CDP Private Cloud Experiences in air gap environment

You can launch the Private Cloud installation wizard from Cloudera Manager and follow the steps to install CDP Private Cloud Experiences in an air gap environment where your Cloudera Manager instance or your Kubernetes cluster does not have access to the Internet.

Ensure that your Kubernetes kubeconfig has permissions to create Kubernetes namespaces.
You require persistent storage classes defined in your OpenShift cluster. Storage classes can be defined by OpenShift cluster administrators.
Only TLS-enabled custom Docker Registry is supported. Ensure that you use a TLS certificate to secure the custom Docker Registry. The TLS certificate can be self-signed, or signed by a private or public trusted Certificate Authority (CA).
Only TLS 1.2 is supported for authentication with Active Directory/LDAP. You require TLS 1.2 to authenticate the CDP control plane with your LDAP directory service like Active Directory.

If this Cloudera Manager instance or your Kubernetes cluster does not have connectivity to https://archive.cloudera.com/p/cdp-pvc/, you need to mirror the Cloudera archive URL using a local HTTP server.

In Cloudera Manager, click the Private Cloud link in the left menu. This opens the Private Cloud installation wizard. The wizard guides you through the steps to install CDP Private Cloud Experiences.

The CDP Private Cloud Experiences installation wizard appears.
On the Getting Started page of the installation wizard, you can select the repository that contains the installer. The Select Repository field contains the CDP Private Cloud Experiences repository download link. To use a custom repository link provided to you by Cloudera, click Custom Repository.
When you do not have access to the Internet.
- I have a machine in the perimeter network that can access both https://archive.cloudera.com/p/cdp-pvc/ and my Docker Repository. This machine has Docker running.
  
  On the next page of the wizard, you learn how to use a separate machine in your network to copy the Docker images from your local HTTP server to your Docker Repository. That separate machine must have Docker running.
  
  Set up a partial mirror:
  1. Use this command to download the installer and the manifest.json file in the Cloudera archive page:
```
wget -l 1 --recursive --no-parent -e robots=off -nH 
--cut-dirs=2 --reject="index.html*" -t 10 
https://<username>:<password>@archive.cloudera.com/p/cdp-pvc/latest 
```
  2. Mirror the downloaded directory to your local HTTP server, for example, http://[***YOUR LOCAL REPO***]/cdp-pvc/latest
  3. Add http://[***YOUR LOCAL REPO***]/cdp-pvc/latest to your CDP Private Cloud repository settings.
- I have a machine in the perimeter network that can access https://archive.cloudera.com/p/cdp-pvc/. It does not have Docker running and it cannot access my Docker Repository.
  
  You need to set up a full mirror. On the next page of the wizard, you learn how to use a separate machine in your network to copy the Docker images from your local HTTP server to your Docker Repository. That separate machine must have Docker running.
  
  Set up a full mirror:
  1. Use this command to download the installer and the manifest.json file in the Cloudera archive page:
```
wget -l 1 --recursive --no-parent -e robots=off -nH 
--cut-dirs=2 --reject="index.html*" -t 10 
https://<username>:<password>@archive.cloudera.com/p/cdp-pvc/latest
```
  2. Modify the manifest.json file that is present in the downloaded directory, change "http_url": "..." to "http_url": "http://[***YOUR LOCAL REPO***]/cdp-pvc/latest"
  3. Mirror the downloaded directory to your local HTTP server. For example, http://[***YOUR LOCAL REPO***]/cdp-pvc/latest
  4. Add http://[***YOUR LOCAL REPO***]/cdp-pvc/latest to your CDP Private Cloud repository settings.
After you select the repository, the installation wizard shows you a list of prerequisites and some new features in this version of the CDP Private Cloud.
On the Getting Started page of the installation wizard, you can select the repository that contains the installer. The Select Repository field contains the CDP Private Cloud Experiences repository download link. To use a custom repository link provided to you by Cloudera, click Custom Repository.

After you select the repository, the installation wizard shows you a list of prerequisites and new features in this version of the CDP Private Cloud.
Verify that you have all the prerequisites, and then click Next.
On the Collect Information page, upload a Kubernetes configuration (kubeconfig) file from your existing environment. You can obtain this file from your OpenShift Container Platform administrator.
In the Kubernetes Namespace field, enter the Kubernetes namespace that you want to use with this CDP Private Cloud Experiences deployment.
Kubernetes virtual clusters are called namespaces. For more information, see Kubernetes namespaces.

You can also apply a template that you may have downloaded during a previous installation. The template contains all the installation configurations. Click Apply Previously Download Template to browse and upload a template stored on your machine.
In the Configure Docker Registry section, enter your local Docker Repository in the Custom Docker Repository field in the following format:[***DOCKER REGISTRY***]/[***REPOSITORY NAME***]. Alternatively, you can use Cloudera's default Docker Repository if you are setting up CDP Private Cloud Experiences in non-production environments. You can follow these steps to prepare your Docker Repository from a machine that is running Docker locally and has access to all the Docker images either directly from Cloudera or a local HTTP mirror in your network.
1. Click Generate the copy-docker script on the wizard or download the script file.
2. Log in to your custom Docker Registry and run the script using the following commands.
```
docker login <your_custom_registry> -u <user_with_write_access>
                                bash copy-docker.txt
```
  note
  This command downloads 100+ Docker images and takes time to download.
3. Enter your Docker user name and password.
4. Click Choose File to upload your Docker certificate.
  
  important
  Only TLS-enabled custom Docker Registry is supported. Ensure that you use a TLS certificate to secure the custom Docker Registry. The certificate needs to be issued by a certificate authority (CA).
In the Configure Databases section, follow the instructions in the wizard to use your external existing databases with CDP Private Cloud.

For production environments, Cloudera recommends that you use databases that you have previously created. These databases must all be on the same host and that host must be a PostgreSQL database server running version 10.6 or later.

Select the Use TLS for Connections Between the Control Plane and the Database option to use Cloudera Data Warehouse (CDW) Private Cloud. Enabling the base cluster PostgreSQL database to use an SSL connection for encrypting client-server communication, is a requirement for CDW Private Cloud.

The database user must have permissions to create and drop databases on the server. Also, The databases must be created before you can proceed with the installation.
In the Configure Vault section, enter your Vault information. You can use an embedded Vault if you are setting up CDP Private Cloud in non-production environments or an external Vault.

Cloudera recommends that you use an external Vault for production environments. Enter the Vault address and token, and upload a CA certificate.
In the Storage section, enter a Storage Class to be configured on the Kubernetes cluster. CDP Private Cloud Experiences uses Persistent Volumes to provision storage. You can leave this field empty if you have a default storage class configured on your Openshift cluster.
To use this installation configuration again to install CDP Private Cloud Experiences, you have the option to download this information as a template.

The template file is a text file that contains the database and vault information that you entered for this installation. The database server and user information are not saved. This template is useful if you will be installing Private Cloud again with the same databases, as the template populates the fields here automatically.
Click Next to start the installation. Once the installation completes, you can access your CDP Private Cloud Experiences using the namespace link.

A summary message with a link to Launch CDP appears.

Click Launch CDP to launch your CDP Private Cloud Experiences.
Log in using the default user name and password admin/admin.
In the Welcome to CDP Private Cloud page, click Change Password to change the Local Administrator Account password.
Set up external authentication using the URL of the LDAP server and a CA certificate of your secure LDAP. Follow the instructions on the Welcome to CDP Private Cloud page to complete this step.
Click Test Connection to ensure that you can connect to the configured LDAP server.
Register a CDP Private Cloud Experiences environment.
Create your first Virtual Warehouse in the CDW experience and/or Provision an ML Workspace in the CML experience.