# Deploying MetalSoft in an air gapped environment MetalSoft can be installed in an Airgapped environment with the below requirements. :::{important} To be able to install and run MetalSoft in an air gapped environment, the following need to be considered. The customer must also have a running and functional Kubernetes cluster set up. ::: ## Repository requirements You should have a repository (for example Artifactory) where you can replicate the following assets For installation and upgrade of the Global Controller, the following should be replicated to the repository of your choice * [Pulling MetalSoft images at installation/upgrade time](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_global_controller.html#for-pulling-metalsoft-images-at-installation-upgrade-time) * [Pulling standard images at installation/upgrade time](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_global_controller.html#for-pulling-standard-images-at-installation-upgrade-time) For day to day operations * [Pulling OS Template files, the relevant templates must be replicated from this github repository](https://github.com/metalsoft-io/os-templates) * Download and host your own ISO files to be consumed by the OS templates * [Updating the Site Controller (from this list registry.metalsoft.dev and repo.metalsoft.io)](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_site_controller.html#outbound-traffic) ## Internal Firewall Rules You will still need the following internal firewall rules applied in your environment as below ### Global Controller * [Ports open for inbound from clients](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_global_controller.html#ports-open-for-inbound-from-clients) * [Optional, but recommended, Mail Server requirements If using Office365 for email alerts](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_global_controller.html#mail-server-requirements-if-using-office365-for-email-alerts) * [Inter-cluster traffic](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_global_controller.html#inter-cluster-traffic) ### Site Controller * [Ports open to inbound connections for virtual-media-based deployments](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_site_controller.html#ports-open-to-inbound-connections-for-virtual-media-based-deployments) * [Ports open to inbound connections for zero-touch](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_site_controller.html#ports-open-to-inbound-connections-for-zero-touch) * [Outbound traffic (All in this list except registry.metalsoft.dev and repo.metalsoft.io, which will need to be replicated to your repository](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_site_controller.html#outbound-traffic) * [In-Band Access - Outbound from the Site Controllers perspective](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_site_controller.html#in-band-access-outbound-from-the-site-controllers-perspective) ## Installation of the Global and Site Controller Once the above has been set up, the MetalSoft software can be installed in your environment using the following links: * https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_global_controller.html * https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_site_controller.html# ## Installation of the OVA VM's in an air gaped environment The MetalSoft OVA's are designed to be deployed in an air gapped environment with no external firewall rules required. [Please follow these instructions to install the MetalSoft OVA's](https://docs.metalsoft.io/en/latest/content/overview/installation/deploying_metalsoft_using_OVAs.html#deploying-metalsoft-using-ovas) ## Upgrading the OVA VM's in an air gapped environment If using the OVA for testing or for a proof of concept, we can supply upgrade packages for the MetalSoft images which you can copy to your environment manually using the following steps ### Global Controller Upgrade with provided packages Transfer the provided files onto the Global Controller VM, preferably into `/root/k8s-images` Import the images using the following command for each tar file `ctr image import license.tar` ### Site Controller Upgrade with provided packages Transfer the provided files onto the Site Controller VM and run the following from the folder you copied the tar to `cat ms-agent.tar|docker load` You can also download the images and tar/transfer them using the following instructions ### Global Controller Upgrade with selected images From a machine with internet access, run the following to pull the images which are to be upgraded (where REGISTRY:CREDENTIALS are the credentials provided by MetalSoft) `ctr images pull --platform linux/amd64 -u REGISTRY:CREDENTIALS registry.metalsoft.dev/gc/license:v7.0` Save the locally pulled image to a .tar file `ctr image export --platform linux/amd64 --skip-manifest-json /root/k8s-images/license.tar registry.metalsoft.dev/gc/license:develop` Transfer the files onto the Global Controller VM, preferably into `/root/k8s-images` Import the images using the following command for each tar file `ctr image import license.tar` ### Site Controller Upgrade with selected images From a machine with internet access and docker installed, run the following to pull the images which are to be upgraded (where REGISTRY:CREDENTIALS are the credentials provided by MetalSoft) Log into the MetalSoft repository `docker login` Provide the registry username and password in the prompts as provided by MetalSoft Save the locally pulled image to a .tar file `docker compose pull registry.metalsoft.dev/sc/ms-agent:v7.0` Save the locally pulled image to a .tar file `docker save -o ms-agent1.tar registry.metalsoft.dev/sc/ms-agent:v7.0` Transfer the files onto the Site Controller VM and run the following from the folder you copied the tar to `cat ms-agent.tar|docker load`