Install Cyberwatch offline with MicroK8s (deprecated)

This document details the procedure to follow to install Cyberwatch on an offline machine.

Prerequisites

Please ensure that the following prerequisites are satisfied:

  • a machine with MicroK8s installed
  • a machine with access to the internet with a similar operating system to the one that does not have access to the internet
  • credentials provided by Cyberwatch to access container images and Helm charts (i.e a login/password provided by Cyberwatch)

Get required files

  1. Connect via SSH on a machine with the same operating system as the machine where Cyberwatch will be deployed. This machine must be connected to the internet.

  2. Create the cyberwatch_sources directory:

    mkdir cyberwatch_sources; cd cyberwatch_sources
    
  3. On a Red Hat based distribution:

    1. Install yum-utils:

      sudo yum install yum-utils curl epel-release
      
    2. Install snapd:

      sudo yum install snapd
      
    3. Install podman:

      sudo yum install podman
      export CONTAINER_DOWNLOADER=podman
      
  4. On a Debian-based distribution:

    1. Install snapd:

      sudo apt install snapd
      
    2. Install docker:

      sudo apt install docker.io
      export CONTAINER_DOWNLOADER=docker
      
  5. Download the cyberwatch package:

    • For Apt:

      wget https://dl.cyberwatch.fr/apt/incoming/cyberwatch.deb
      
    • For Rpm:

      wget https://dl.cyberwatch.fr/rpm/incoming/cyberwatch.rpm
      
  6. Export the Cyberwatch’s credentials (complete the commands):

     export CBW_USER=
     export CBW_PASSWORD=
    
  7. Download the container images:

    Login to the container registry:

    sudo $CONTAINER_DOWNLOADER login -u cbw\$$CBW_USER -p $CBW_PASSWORD harbor.cyberwatch.fr/cbw-on-premise
    

    Pull the images and save them:

    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/olympe:stable
    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/redis:latest
    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/nginx:latest
    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/mariadb:latest
    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/third_parties:latest
    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/kibana-oss:latest
    sudo $CONTAINER_DOWNLOADER pull harbor.cyberwatch.fr/cbw-on-premise/elasticsearch-oss:latest
    
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/olympe:stable            -o olympe.tar
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/redis:latest             -o redis.tar
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/nginx:latest             -o nginx.tar
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/mariadb:latest           -o mariadb.tar
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/third_parties:latest     -o third_parties.tar
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/kibana-oss:latest        -o kibana-oss.tar
    sudo $CONTAINER_DOWNLOADER save harbor.cyberwatch.fr/cbw-on-premise/elasticsearch-oss:latest -o elasticsearch-oss.tar
    

    Ensure that 7 container images have been downloaded:

    ls *.tar | wc -l
    
  8. Download Cyberwatch’s Helm chart:

    Install Helm:

    sudo systemctl start snapd
    sudo ln -s /var/lib/snapd/snap /snap
    sudo snap install helm --classic
    

    Login to the registry and download the chart:

    echo "$CBW_PASSWORD" | /snap/bin/helm registry login harbor.cyberwatch.fr/cbw-on-premise \
       --username "cbw\$$CBW_USER" --password-stdin
    /snap/bin/helm pull oci://harbor.cyberwatch.fr/cbw-on-premise/cyberwatch-chart
    
  9. Erase the environment variables:

    unset CBW_USER CBW_PASSWORD
    history -c
    
  10. Archive all the files:

    cd ..
    sudo tar czvf cyberwatch_sources.tar.gz cyberwatch_sources
    

Install Cyberwatch

  1. Transfer the archive on the offline machine

  2. Switch to the root user:

    sudo su
    
  3. Extract the sources:

    tar xvzf cyberwatch_sources.tar.gz
    cd cyberwatch_sources
    
  4. Start MicroK8s:

    /snap/bin/microk8s start
    
  5. Load the container images into MicroK8s container’s cache:

    ls *.tar| xargs -n 1 -I {} /snap/bin/microk8s ctr i import $(pwd)/{}
    
  6. Verify the default containers are running:

    /snap/bin/microk8s kubectl get po -A
    

    If there is an error, please refer to the Troubleshooting page.

  7. Install the cyberwatch package:

    For Debian-based distributions:

       dpkg -i cyberwatch.deb
    

    For Red Hat based distributions:

       rpm -i cyberwatch.rpm
    
  8. Configure these two environment variable to file /etc/cyberwatch/config.env:

    CBW_OFFLINE="true"
    HELM="helm -n cyberwatch --kubeconfig /var/snap/microk8s/current/credentials/client.config"
    
  9. Configure Cyberwatch:

    sudo cyberwatch configure --offline
    
  10. Start Cyberwatch:

    sudo cyberwatch start
    
  11. Monitor the status of the containers until they are all in the Running state:

    sudo cyberwatch status
    
  12. Register the admin user through the web interface


Back to top