Lifecycle Manager: Offline Installation of DSE

Introduction

Many sites have limited network access between nodes running DataStax Enterprise and the internet, and these connectivity constraints can make downloading software directly from internet slow or impossible. Lifecycle manager supports installation of "offline" nodes through a variety of mechanisms.

Software Sources

When LCM deploys DataStax enterprise on a node, it generally must download software from several sources that have differing constraints on how they may be adapted for offline environments.

1. DataStax Packages: DEB and RPM packages of DataStax software must be downloaded from rpm.datastax.com or debian.datastax.com. DataStax packages may be:
1. Downloaded through an http proxy. Because these packages are protected via username and password they will not be cached by default by most http proxies, though some proxies can be explicitly set to cache certain password-protected resources. An example Squid 3.x config is provided later in this article. Proxies can be configured in the "Package Proxy" section of your configuration profile.
2. Mirrored in a local apt or yum package repository. Custom apt/yum repositories can be configured in "Repositories" section of Lifecycle Manager.
2. Operating System Packages: DataStax packages have a small number of dependencies on packages provided by your operating system vendor. Operating System packages may be:
1. Downloaded through an http proxy. Packages for Red Hat Enterprise Linux are downloaded via https, and cannot be cached via an http/https proxy. Packages for CentOS and other Linux distributions are typically cached successfully by default. Proxies can be configured in the "Package Proxy" section of your configuration profile.
2. Mirrored in a local apt or yum package repository. Custom apt/yum repositories can be configured in "Repositories" section of Lifecycle Manager.
3. Pre-installed manually or using third-party tools prior to running an LCM job.
3. Package Signing Key: DEB and RPM packages are signed with a key to ensure integrity. The key can be:
1. Downloaded through an https proxy. This file is typically downloaded via https, and typically cannot be cached by the https proxy. It is <5KB in size, though, and does not impose a significant bandwidth or download time overhead. The proxy can be configured in the "Package Proxy" section of your configuration profile.
2. Downloaded from a custom-url. It is possible to manually make the signing key available at an internally accessible URL. Custom repo-key urls can be configured in the "Repositories" section of Lifecycle Manager.
4. Oracle Java: If LCM is configured to manage Java, the Oracle Java installer will be downloaded from oracle.com. Java may be:
1. Downloaded through an http proxy. Oracle uses "cache-busting" techniques that prevent http proxies from caching Oracle Java downloads. The proxy can be configured in the "Package Proxy" section of your configuration profile.
2. Downloaded from a custom-url. It is possible to manually download the Oracle server JRE tgz file and host it at an internally accessible custom-url to achieve fast downloads. The Java download url can be configured in the "Java Setup" section of your configuration profile.
3. Pre-installed manually or using third-party tools prior to running an LCM job.
5. Oracle Unlimited Strength JCE Policy: The Oracle unlimited strength JCE policy may be optionally downloaded an installed by LCM to enable DSE to perform strong encryption.
1. Downloaded through an http proxy. Oracle uses "cache-busting" techniques that prevent http proxies from caching Oracle Java downloads. It is <15KB in size, though, and does not impose a significant bandwidth or download time overhead. The proxy can be configured in the "Package Proxy" section of your configuration profile.
2. Downloaded from a custom-url. It is possible to manually download Oracle Java and host it at an internally accessible custom-url. The JCE download url can be configured in the "Java Setup" section of your configuration profile.
3. Pre-installed manually or using third-party tools prior to running an LCM job.

Choosing an Offline Strategy

LCM offers many options for offline installation so that it can be operated effectively in a wide variety of environments. With so many options to choose from, settling on a comprehensive strategy can be daunting, though. The simplest total solution for offline installs is to employ a caching http/https proxy. All files can be downloaded through a caching proxy, and with some custom configuration the proxy can cache many of the downloaded files and improve download speeds. While any http/https caching proxy product can be used, an example configuration for Squid 3.x is provided below for reference: 

# The order of maximum_object_size, cache_replacement_policy, and cache_dir matter.
# They may not be ordered as needed in the default squid.conf.
#
# Cache large objects from like rpm/deb packages 
maximum_object_size 2048 MB
#
# Favor caching a few large objects over many smaller ones.
cache_replacement_policy heap LFUDA 
# Cache to disk, not just in-memory
cache_dir ufs /var/spool/squid3 5000 16 256
 
# Squid defaults to being accessible on localhost only
# Customize the localnet to match your network environment
acl localnet src 192.168.0.0/24
http_access allow localnet
 
# Custom Patterns to cache DataStax deb/rpm packages, even though they're authenticated.
# This violates RFC's, should not be done on a publicly accessible proxy.
# It is necessary to accelerate downloads from a private proxy, though.
refresh_pattern debian.datastax.com/enterprise/.*deb$ 129600 100% 129600 ignore-auth
refresh_pattern debian.datastax.com/enterprise/.*$    0      20%  4320   ignore-auth refresh-ims
refresh_pattern rpm.datastax.com/enterprise/.*rpm$ 129600 100% 129600 ignore-auth
refresh_pattern rpm.datastax.com/enterprise/.*$    0      20%  4320   ignore-auth refresh-ims

After setting this proxy in the package proxy section of your configuration profile, you will be able to use LCM to deploy DataStax Enterprise to your offline nodes. All downloads will be routed through the proxy, and DataStax and OS packages will be cached and be available to your target DSE nodes at local network speeds. The largest remaining uncached download is the Oracle Java Installer, and to reduce download times even further that file can be hosted on a local web-server like Apache and downloaded via the custom url set in the "Java Setup" section of your configuration profile.