This page gives instructions on how to install a SlapOS master without any network access.
It is divided into three parts:
Most of the commands given are indicative; however, those preceded by a hash (#) will require changes depending on system configuration.
For lines starting with an hash, changes to be made are emphasized using bold.
In order to follow the procedure, the following items are required:
mkdir /mnt/device#mount /dev/sdd1 /mnt/devicemkdir /mnt/device/{miscellaneous,packages,software}
#wget -O /mnt/device/packages/Nexedi.key https://download.opensuse.org/repositories/home:/VIFIBnexedi/xUbuntu_22.04/Release.key#wget -O /mnt/device/packages/slapos-node.deb https://download.opensuse.org/repositories/home:/VIFIBnexedi/xUbuntu_22.04/amd64/slapos-node_1.11.0+1.0.352+1-1_amd64.deb#wget -O /mnt/device/packages/re6st-node.deb https://download.opensuse.org/repositories/home:/VIFIBnexedi/xUbuntu_22.04/amd64/re6st-node_0.624+slapos1.g0d8cd135c-1_amd64.deb
Note: you should replace "xUbuntu_22.04" by the name of the distribution you are using. See here for a list. Also, the versions here are provided for example purposes, you should also check the latest available version on that same link.
apt-key add /mnt/device/packages/Nexedi.keyapt install /mnt/device/packages/slapos-node.deb
ip amkdir /opt/slapgrid#slapos configure local --interface-name enp1s0
git clone https://lab.nexedi.com/tsoulard/gakeshadeba.git /mnt/device/gakeshadebacd /mnt/device/gakeshadeba
apt install python3-pip python3-venvpython3 -m venv .venvsource .venv/bin/activatepip install -r requirements.txtdeactivate
openssl req -x509 -nodes -days 3653 -subj "/CN=ShaCache Signing Cert" -newkey rsa:1024 -keyout /mnt/device/miscellaneous/sign.key -out /mnt/device/miscellaneous/sign.crt
You now need add to the local cache software to be installed on the offline machine. There are two ways to do this: getting them from Nexedi's cache, or compiling them locally on the VM.
SR="https://lab.nexedi.com/nexedi/slapos/raw/1.0.344/software/rapid-cdn/software.cfg"curl "http://shadir.nxdcdn.com/$(printf $SR | md5sum | cut -d ' ' -f 1)"
#curl -o /mnt/device/software/rapid-cdn-1.0.344-ubuntu-22.04.tar.gz "http://shacache.nxdcdn.com/sha512"
Note: the name rapid-cdn-1.0.344-ubuntu-22.04 is the one that will be used locally. The sha512 hash is given as part of the previous command's response, and you should use the one matching your distribution.
curl -o /mnt/device/software/slapos-master-1.0.349-ubuntu-22.04.tar.gz "http://shacache.nxdcdn.com/3e7b53fdcdab2b5a85b5d941a3bc0474749d73c80ca8aafd531a2c491929e601add293674c817a9e60319c2e796324eca69fcaffa7e3c06437d241a4f422d7b6"curl -o /mnt/device/software/rapid-cdn-1.0.344-ubuntu-22.04.tar.gz "http://shacache.nxdcdn.com/48fe5d2ba13404264785bb3e2cf31cc46238a32f0fd6962809e96354a49343236277936bbeed36d10892994915ccdb33769c248cd5e4e4ad29aae32770de48f9"curl -o /mnt/device/software/re6stnet-1.0.338-ubuntu-22.04.tar.gz "http://shacache.nxdcdn.com/e6387d47284b06ea4472c2117fb2982e8b7bca647deb433e537b23c8e1ef683139055d2b314209c3db7c418d6ee9afa4d2fb3e53b6179f50953529bcbee2e769"
slapos supply https://lab.nexedi.com/nexedi/slapos/raw/1.0.358/software/slapos-master/software.cfg local_computerslapos supply https://lab.nexedi.com/nexedi/slapos/raw/1.0.358/software/rapid-cdn/software.cfg local_computerslapos supply https://lab.nexedi.com/nexedi/slapos/raw/1.0.358/software/re6stnet/software.cfg local_computer
#tar -C /opt/slapgrid -czf /mnt/device/software/slapos-master-1.0.358-ubuntu-22.04.tar.gz 16d47c5ab38233146f11c11abdd14575
No SR currently allows using the new master. If this is needed, you will need to manually checkout the correct branches before compressing the software.
#cd /opt/slapgrid/16d47c5ab38233146f11c11abdd14575/parts/erp5sudo -u slapsoft git fetch originsudo -u slapsoft git reset --hard origin/erp5-vifibcd bt5../product/ERP5/bin/genbt5list .cd ../../vifibsudo -u slapsoft git fetch originsudo -u slapsoft git reset --hard origin/mastercd master/bt5/../../../erp5/product/ERP5/bin/genbt5list .
At this stage, the data transfer medium is ready, and neither the Internet connection nor the virtual machine will be needed anymore.
However, the virtual machine can still be used to compile future software versions and keep the offline computer up-to-date.
mkdir /mnt/device#mount /dev/sdd1 /mnt/device
apt-key add /mnt/device/packages/Nexedi.keyapt install /mnt/device/packages/slapos-node.deb
Note: installing system packages (slapos-node et re6st-node) does not work without local Ubuntu repositories, hence why is it a prerequisite.
Look towards /var/cache/apt/archives and apt-get download linux-libc-dev if that is a problem.
ip amkdir /opt/slapgrid#slapos configure local --interface-name enp1s0
echo "[networkcache]download-binary-cache-url = http://192.168.32.10:5050/bcachedownload-binary-dir-url = http://192.168.32.10:5050/bdirsignature-certificate-list =$(cat /mnt/device/miscellaneous/sign.crt | sed 's/^/ /')" >> /etc/opt/slapos/slapos.cfg
Note: you should remove the networkcache section already present in the file if there is one.
cd /mnt/device/gakeshadebasource .venv/bin/activatepython3 server.py -c config.ini
slapos supply https://lab.nexedi.com/nexedi/slapos/raw/1.0.358/software/slapos-master/software.cfg local_computer
groupadd slapcommonfor i in {0..19}; do usermod -aG slapcommon slapuser$i; donemkdir -p /srv/slapcommon/erp5-sslchown -R slapuser5:slapcommon /srv/slapcommonchmod -R 777 /srv/slapcommon
slapos request --state started --force-serialisation json-in-xml --parameters-file request-parameters-slapos.json slapos-master https://lab.nexedi.com/nexedi/slapos/raw/1.0.358/software/slapos-master/software.cfg
{ "city": "Lille", "company": "ViFiB SARL", "country-code": "FR", "email": "admin@vifib.org", "shared-certificate-authority-path": "/srv/slapcommon/erp5-ssl", "check-crl": false, "site-id": "erp5", "state": "Nord-Pas-de-Calais", "timezone": "UTC", "zope-partition-dict": { "1": { "family": "1", "instance-count": 1, "ssl-authentication": false, "port-base": 2200 }, "service": { "backend-path": "/%(site-id)s/portal_slap", "family": "service", "port-base": 2240, "ssl-authentication": true, "thread-amount": 5 } }}
chown -R slapuser5:slapcommon /srv/slapcommonchmod -R 777 /srv/slapcommon
echo "net.ipv4.ip_forward=1" >> /etc/sysctl.confsysctl -p#iptables -t nat -A PREROUTING -p tcp --dport 80 -j DNAT --to-destination 10.0.24.205:2200
The master is now fully functional. The following steps are optional but recommended.
They require a node, i.e. a separate machine from the master, and enable the installation of a local CDN server and Re6st registry.
mkdir /mnt/device#mount /dev/sdd1 /mnt/device
apt-key add /mnt/device/packages/Nexedi.keyapt install /mnt/device/packages/slapos-node.deb
echo "[networkcache]download-binary-cache-url = http://192.168.32.10:5050/bcachedownload-binary-dir-url = http://192.168.32.10:5050/bdirsignature-certificate-list =$(cat /mnt/device/miscellaneous/sign.crt | sed 's/^/ /')" >> /etc/opt/slapos/slapos.cfg
#slapos node register --token 20231218-D14F --master-url https://[fdbb:eb3c:1b95:d6c1::a]:2155 --master-url-web http://192.168.32.10/erp5/web_site_module/hostingjs --interface-name enp1s0 --partition-number 20 node-1slapos node format --now --alter_user=True
slapos node restart all
Having completed these steps, a node configuration file has been created in /etc/opt/slapos. The same machine will be used to compile and instantiate software on the node. To do this, perform the following steps with another user (non-administrator).
slapos configure client --master-url https://[fdbb:eb3c:1b95:d6c1::a]:2158 --master-url-web http://192.168.32.10/erp5/web_site_module/hostingjs
echo "{ "ipv6-prefix": "fdbb:eb3c:1b95:d6c1::/64", "prefix-length": 32}" > request-parameters.jsonslapos supply https://lab.nexedi.com/nexedi/slapos/raw/1.0.338/software/re6stnet/software.cfgslapos request --state started --force-serialisation json-in-xml --parameters-file request-parameters.json re6st-registry https://lab.nexedi.com/nexedi/slapos/raw/1.0.338/software/re6stnet/software.cfg
apt-key add /mnt/device/packages/Nexedi.keyapt install /mnt/device/packages/re6st-node.deb
cd /etc/re6stnet#re6st-conf -d /etc/re6stnet --registry http://[fdbb:eb3c:1b95:d6c1:5054:ff:fefc:b90e]:9026 --token 18xlhwdzojbyfgevkmsuirsystemctl start re6stnet.service
SlapOS should now try to use IPs from re6st instead of the default configured IP network.
Please check at this step that it is indeed the case before proceeding, and update all references to old IPv6.
slapos supply https://lab.nexedi.com/nexedi/slapos/raw/1.0.344/software/rapid-cdn/software.cfgslapos request --parameters "domain=my.domain" "apache-certificate=$(cat /path/to/certificate.crt)" "apache-key=$(cat /path/to/key.pem)" master-frontend https://lab.nexedi.com/nexedi/slapos/raw/1.0.344/software/rapid-cdn/software.cfg
echo "DNS=192.168.32.1" >> /etc/systemd/resolved.confsystemctl restart systemd-resolved
#!/bin/bashPUBLIC_IPV4=$1PRIVATE_IPV4=$2PUBLIC_IPV6=$3PRIVATE_IPV6=$4sysctl net.ipv4.conf.enp1s0.forwarding=1sysctl net.ipv6.conf.enp1s0.forwarding=1for CHAIN in PREROUTING OUTPUT; do iptables -t nat -F ip6tables -t nat -F iptables -t nat -A -d ${PUBLIC_IPV4}/32 -p tcp -m tcp --dport 80 -j DNAT --to-destination ${PRIVATE_IPV4}:8080 ip6tables -t nat -A -d ${PUBLIC_IPV6}/128 -p tcp -m tcp --dport 80 -j DNAT --to-destination [${PRIVATE_IPV6}]:8080 iptables -t nat -A -d ${PUBLIC_IPV4}/32 -p tcp -m tcp --dport 443 -j DNAT --to-destination ${PRIVATE_IPV4}:4443 ip6tables -t nat -A -d ${PUBLIC_IPV6}/128 -p tcp -m tcp --dport 443 -j DNAT --to-destination [${PRIVATE_IPV6}]:4443doneiptables -t nat -F POSTROUTINGip6tables -t nat -F POSTROUTINGiptables -t nat -A POSTROUTING -d ip6tables -t nat -A POSTROUTING -d ]
For more information, please contact Jean-Paul, CEO of Nexedi (+33 629 02 44 25).