For users who have systems that either are or intending to run a Sandfly server and/or nodes that are not directly connected to the Internet for any reason, we provide the following method for offline Docker image loading.


Package Preparation

To begin with, select and log into an existing Linux system where an offline Sandfly package can be created and copied onto a medium that is usable on your offline / air-gaped host(s).


If Sandfly version 4.2.0 or greater is already installed on that selected system, please proceed to the Package Building section below. Otherwise, the offline packaging script needs to be obtained by downloading the latest sandfly-setup file, which is found on Github at:


https://github.com/sandflysecurity/sandfly-setup/releases


Example of downloading and decompressing the setup file via the Linux command line. Replace X.X.X in both locations with the actual version of the target file to download (e.g. 4.0.0):

wget https://github.com/sandflysecurity/sandfly-setup/releases/download/vX.X.X/sandfly-setup-X.X.X.tgz
tar -xzvf sandfly-setup-X.X.X.tgz


At this point there should be a directory named sandfly-setup which contains the scripts that will be needed for the packaging building steps.


Finally, if Docker is not already available on this host, it needs to be installed and its service started. The 'docker version' command can be used to quickly determine if Docker is working or not.


If Docker is not installed, the Sandfly setup package provides install scripts for major Linux OS distributions. They are located in <SANDFLY_INSTALL_PATH>/sandfly-setup/setup/ with install script names starting with "install_docker_". Alternatively, use a docker install method that is appropriate for your environment.


Package Building

With the environment ready, we now need to run the packaging script as root or as a user with access to the Docker daemon. The script will output a single, compressed file into the home directory of the executing user.


From the Linux command line run the offline_packager.sh script like so, use sudo if it is necessary for your docker environment:

<SANDFLY_INSTALL_PATH>/sandfly-setup/setup/util_scripts/offline_packager.sh


The script will check that it can access docker as needed and if successful begin to build the package. The entire process will take a few minutes to finish.


Example script output when the local Docker images are up to date:

sudo ./sandfly-setup/setup/util_scripts/offline_packager.sh
4.0.0: Pulling from sandfly/sandfly-node
Digest: sha256:861b34001da48963716877f5c4208954412453b35d551bfdc42304af9bf75ecd
Status: Image is up to date for quay.io/sandfly/sandfly-node:4.0.0
quay.io/sandfly/sandfly-node:4.0.0
4.0.0: Pulling from sandfly/sandfly-rabbit
Digest: sha256:e8daaf882de1f384dfdaf814e3ffec4066931bee9511ceb9ff0f76eb3359fade
Status: Image is up to date for quay.io/sandfly/sandfly-rabbit:4.0.0
quay.io/sandfly/sandfly-rabbit:4.0.0
4.0.0: Pulling from sandfly/sandfly-server
Digest: sha256:cef9a129d077e228979154426603e5905c2c95c87f71b9b189cf63d6b64a6b13
Status: Image is up to date for quay.io/sandfly/sandfly-server:4.0.0
quay.io/sandfly/sandfly-server:4.0.0
14.4: Pulling from library/postgres
Digest: sha256:9ceb24f8c5f15c053d973a3610866f473690875dc13eb3282b45302189321040
Status: Image is up to date for postgres:14.4
docker.io/library/postgres:14.4
Saving images:  quay.io/sandfly/sandfly-node:4.0.0 quay.io/sandfly/sandfly-rabbit:4.0.0 quay.io/sandfly/sandfly-server:4.0.0 postgres:14.4
**
** Exporting Docker images to: ~/sandfly-docker-images-4.0.0.tgz
**
** To restore on a system, use:
** zcat sandfly-docker-images-4.0.0.tgz | docker image load
**
This will take a few minutes.
Done!


Once the script has indicated that it has finished, place the created file onto a medium that can be used on your air-gaped systems that are intended to run Sandfly's server and/or nodes and copy the same file on to each of those destinations in any directory.


Package Loading

For this last section of the process, log into every offline system that will be running Sandfly. Again Docker is required for loading and running the images used for the application. As these hosts are not connected to the Internet, use an appropriate method for your environment to install the latest stable version of Docker.


Once Docker is confirmed to be running, load the images from the package via the command line. Replace X.X.X with the actual version indicated in the file name of the packaged file (e.g. 4.0.0):

zcat sandfly-docker-images-X.X.X.tgz | docker image load


Repeat the above command for every offline system that will be running Sandfly.


At this point the docker images are now available locally to be able to continue using the regular Sandfly Docker image installation or upgrade process, as appropriate.




Previous
Previous Article:

Next Article:
Next