Installing in air gap environment

You can launch the Private Cloud installation wizard from Cloudera Manager and follow the steps to install CDP Private Cloud Data Services in an air gap environment where your Cloudera Manager instance or your Kubernetes cluster does not have access to the Internet.

  • Ensure that your Kubernetes kubeconfig has permissions to create Kubernetes namespaces.
  • You require persistent storage classes defined in your OpenShift cluster. Storage classes can be defined by OpenShift cluster administrators.
  • Only TLS-enabled custom Docker Registry is supported. Ensure that you use a TLS certificate to secure the custom Docker Registry. The TLS certificate can be self-signed, or signed by a private or public trusted Certificate Authority (CA).
  • Only TLS 1.2 is supported for authentication with Active Directory/LDAP. You require TLS 1.2 to authenticate the CDP control plane with your LDAP directory service like Active Directory.
  • OCP network configurations that restrict pod communication are not supported. For example, multi-tenancy isolation with network policy is not supported.
If this Cloudera Manager instance or your Kubernetes cluster does not have connectivity to https://archive.cloudera.com/p/cdp-pvc-ds/, you must mirror the Cloudera archive URL using a local HTTP server.
  1. In Cloudera Manager, on the top right corner, click Add > Add Cluster. The Select Cluster Type page appears.
  2. On the Select Cluster Type page, select the cluster type as Private Cloud Containerized Cluster. Under Other Options, click here to install CDP Private Cloud Data Services. Click Continue.
  3. On the Getting Started page of the installation wizard, select Air Gapped as the Install Method. When you select the Air Gapped install option, extra steps are displayed. Follow these steps to download and mirror the Cloudera archive URL using a local HTTP server.
    1. Download everything under https://archive.cloudera.com/p/cdp-pvc-ds/latest

      wget -l 0 --recursive --no-parent -e robots=off -nH --cut-dirs=2 --reject="index.html*" -t 10 https://<username>:<password>@archive.cloudera.com/p/cdp-pvc-ds/latest
    2. Edit the manifest.json file in the downloaded directory. Change "http_url": "..." to

      "http_url": "http://your_local_repo/cdp-pvc-ds/latest"

    3. Mirror the downloaded directory to your local http server, e.g. http://your_local_repo/cdp-pvc-ds/latest

    4. Click Custom Repository and add http://your_local_repo/cdp-pvc-ds/latest as a custom repository.

    5. Click the Select Repository drop-down and select http://your_local_repo/cdp-pvc-ds/latest
    6. Click Next.
  4. On the Configure Docker Repository page, you must select one of the Docker repository options. If you select Use a custom Docker Repository option, then enter your local Docker Repository in the Custom Docker Repository field in the following format:[*DOCKER REGISTRY*]/[*REPOSITORY NAME*]. Alternatively, you can use Cloudera's default Docker Repository if you are setting up CDP Private Cloud in non-production environments.
    You can follow these steps to prepare your Docker Repository from a machine that is running Docker locally and has access to all the Docker images either directly from Cloudera or a local HTTP mirror in your network.
    1. Click Generate the copy-docker script on the wizard or download the script file.
    2. Log in to your custom Docker Registry and run the script using the following commands.
      docker login <your_custom_registry> -u <user_with_write_access>
                                      bash copy-docker.txt
    3. Enter your Docker user name and password.
    4. Click Choose File to upload your Docker certificate.
    5. Click Continue.


    If you select Use an embedded Docker Repository option, then you can download and deploy the Data Services that you need for your cluster.
    1. By selecting Default, all the data services will be downloaded and deployed.
    2. By selecting Select the optional images:
      • If you switch off the Machine Learning toggle key, then the Machine Learning runtimes will not be installed.
      • If you switch on the Machine Learning toggle key, then the Machine Learning runtimes will be installed.

    Click Continue.

  5. On the Configure Databases page, click Next.


  6. On the Configure Kubernetes page, enter your Kubernetes, Docker, database, and vault information.
    1. Upload a Kubernetes configuration (kubeconfig) file from your existing environment. You can obtain this file from your OpenShift Container Platform administrator. Ensure that this kubeconfig has permissions to create Kubernetes namespaces.
    2. In the Kubernetes Namespace field, enter the Kubernetes namespace that you want to use with this CDP Private Cloud deployment. Kubernetes virtual clusters are called namespaces. For more information, see Kubernetes namespaces
    3. Enter your Vault information and upload a CA certificate. Cloudera recommends that you use an external Vault for production environments. Enter the Vault address and token, and upload a CA certificate.
    4. Enter a Storage Class to be configured on the Kubernetes cluster. CDP Private Cloud uses Persistent Volumes to provision storage. You can leave this field empty if you have a default storage class configured on your Openshift cluster. Click Continue.


  7. If you want to use this installation configuration again to install CDP Private Cloud, you have the option to download this information as a template.


    The template file is a text file that contains the database and vault information that you entered for this installation. This template is useful if you will be installing Private Cloud again with the same databases, as the template will populate the fields here automatically. Note that the user password information is not saved in the template.

  8. The Installation Progress page appears. Click Continue.
  9. The summary message with a link to Launch CDP appears.
  1. Click Launch CDP to launch your CDP Private Cloud Data Services.
  2. Log in using the default user name and password admin/admin.
  3. In the Welcome to CDP Private Cloud page, click Change Password to change the Local Administrator Account password.
  4. Set up external authentication using the URL of the LDAP server and a CA certificate of your secure LDAP. Follow the instructions on the Welcome to CDP Private Cloud page to complete this step.
  5. Click Test Connection to ensure that you can connect to the configured LDAP server.
  6. Register a CDP Private Cloud Data Services environment.
  7. Create your first Virtual Warehouse in the CDW Data Services and/or Provision an ML Workspace in the CML Data Services.