Installation in a DMZ without internet access

dnsmichi · January 24, 2019, 8:32am

Author: @mfriedrich & Arethusa
Revision: v0.1

Tested on:

Docker + CentOS 7 & Debian 9

Icinga 2 on RHEL/CentOS 7

Download the packages

On a host with internet access.

The Docker way

Pick the right distribution as Docker image, e.g. centos:7.

Add a mount point from inside the container with -v and copy the downloaded files there.

docker run -ti -v /tmp/icinga2:/tmp/icinga2 centos:7 bash

yum makecache 
yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
yum makecache

yum install --downloadonly --downloaddir=/tmp/icinga2 icinga2 icinga2-ido-mysql

Same distribution

yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
yum install --downloadonly --downloaddir=/tmp/icinga2 icinga2 icinga2-ido-mysql

Or you’ll manually download the packages from packages.icinga.com. Additionally you’ll need to satisfy the package dependencies from EPEL/upstream. For Icinga 2, you’ll need the boost libraries and libicu, icinga2-ido-mysql requires mariadb-libs.

Sync the packages to the host

Use rsync via SSH or any other preferred access method.

rsync -rv /tmp/icinga2 user@offline-icinga-host.com:/tmp

Install the packages

On RHEL based systems it is recommended to use yum install to directly resolve the dependency tree. You can also use rpm -i or in case of upgrades, rpm -Uhv.

cd /tmp/icinga2-rpms

yum install *.rpm

Icinga 2 on Debian/Ubuntu

Works in the same way with apt.

Download the packages

On a host with internet access.

The Docker way

Pick the right distribution as Docker image, e.g. debian:9.

Add a mount point from inside the container with -v and copy the downloaded files there.

docker run -ti -v /tmp/icinga2:/tmp/icinga2 debian:9 bash

apt-get update && apt-get install -y curl apt-transport-https gnupg

curl https://packages.icinga.com/icinga.key | apt-key add -

DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
 echo "deb http://packages.icinga.com/debian icinga-${DIST} main" > \
 /etc/apt/sources.list.d/${DIST}-icinga.list
 echo "deb-src http://packages.icinga.com/debian icinga-${DIST} main" >> \
 /etc/apt/sources.list.d/${DIST}-icinga.list

apt-get update
apt-get autoclean

apt-get install -y --download-only icinga2 icinga2-ido-mysql

cp /var/cache/apt/archives/*.deb /tmp/icinga2/

Same distribution

First, purge existing cached archives, then download the packages only.

apt-get autoclean
apt-get install --download-only icinga2 icinga2-ido-mysql

The downloaded packages are located in /var/cache/apt/archives. You can also use different tools or just plain wget to achieve this.

Note

Do not use apt-get download ... here, this just downloads the single package file.

Sync the packages

rsync -rv /tmp/icinga2 user@offline-icinga-host.com:/tmp

Install the packages

On the host without internet access.

apt-get install /tmp/icinga2/.*deb

or

dpkg -i  /tmp/icinga2/.*deb
apt-get -f install

Other packages

Work the same way, please edit this howto and add them below the Icinga 2 section

dnsmichi · March 29, 2019, 12:07pm

This works the same way for snapshot packages btw.

Debian/Ubuntu

Use the snapshot package repository instructions instead.

. /etc/os-release; if [ ! -z ${UBUNTU_CODENAME+x} ]; then DIST="${UBUNTU_CODENAME}"; else DIST="$(lsb_release -c| awk '{print $2}')"; fi; \
 echo "deb http://packages.icinga.com/ubuntu icinga-${DIST}-snapshots main" > \
 /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list
 echo "deb-src http://packages.icinga.com/ubuntu icinga-${DIST}-snapshots main" >> \
 /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list

DIST=$(awk -F"[)(]+" '/VERSION=/ {print $2}' /etc/os-release); \
 echo "deb http://packages.icinga.com/debian icinga-${DIST}-snapshots main" > \
 /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list
 echo "deb-src http://packages.icinga.com/debian icinga-${DIST}-snapshots main" >> \
 /etc/apt/sources.list.d/${DIST}-icinga-snapshots.list

RHEL/CentOS/Fedora

Specify the snapshot repository with --enablerepo.

yum install --downloadonly --enablerepo=icinga-snapshot-builds --downloaddir=/tmp/icinga2 icinga2 icinga2-ido-mysql

danielbierstedt · October 22, 2020, 3:04pm

Does this still work? I’m now in the situation that I need to install Icinga2 (along with icingaweb2) on a firewalled host without Internet access.

First, I cannot find packages to download for icingaweb2, only Icinga2 (https://packages.icinga.com/epel/7Server/release/x86_64/icinga2/)

Then I thought, your docker approach is a good idea, but downloading packages from inside the fresh centos host does not work:

yum install https://packages.icinga.com/epel/icinga-rpm-release-7-latest.noarch.rpm
.
.
.
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_program_options.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_coroutine.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_thread.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_context.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_regex.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_filesystem.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_system.so.1.69.0()(64bit)
Error: Package: icinga2-bin-2.12.1-1.el7.icinga.x86_64 (icinga-stable-release)
Requires: libboost_date_time.so.1.69.0()(64bit)
You could try using --skip-broken to work around the problem
You could try running: rpm -Va --nofiles --nodigest

Suggestions?