Many MAAS users maintain their data centres in an air-gapped environment that does not have an external Internet connection. MAAS runs well in this configuration, though keeping MAAS supplied with updates and images requires a bit of extra effort.
There are essentially four things that must be available to an air-gapped MAAS for smooth operation:
There is at least one way to make each of these things available in an air-gapped environment. Some of these can be set up to use a transparent proxy, which minimises changes to other components of the MAAS environment.
How to use the snap proxy to refresh snaps in an air-gapped environment
Using snaps in an air-gapped environment is possible with the Snap Store Proxy, which can be deployed in networks that are disconnected from the Internet. Currently, the features required to use this proxy in an air-gapped↗ mode are part of a password-protected internal Beta.
Client devices connect to the air-gapped proxy and never contact the general Snap Store nor the Internet. Proxy operators will need to side-load all needed snaps and updates into the proxy.
There are three main steps to setting up this proxy:
This proxy requires a properly configured PostgreSQL database – see the setup instructions↗ for the Snap Store Proxy for more details.
How to make package updates available in an air-gapped environment
The simplest way to use local package repos is via the reprepro↗ command. There is an older command, apt-mirror, which is no longer maintained; it’s not recommended.
The reprepro command manages a local repository of Debian packages. You can add files manually or download them from some other repository. It does not require an external database. This command also handles signatures of mirrored repos, and can create signatures for the generated package indices, if desired.
You may wish to create a transparent proxy to make using your local repo easier.
How to retrieve or update MAAS images in an air-gapped environment
MAAS has an established process for mirroring images locally. The steps are relatively simple:
simplestreams package.See the local image mirror for details. Note that you can use the menu at the top of that page to switch to specific instructions for the version, build-type, and interface you prefer.
How to retrieve or update non-MAAS-maintained images in an air-gapped environment
MAAS allows you to deploy many types of OSes, and, once deployed, install specific software. MAAS can configure a user specified repository for Ubuntu, so a user can mirror the Ubuntu apt repositories and point MAAS at those repos. When Ubuntu deploys apt will automatically be configured to use the user defined apt mirrors.
MAAS only does this for Ubuntu, not CentOS or RHEL. If you deploy CentOS or RHEL with MAAS, the repos that built the image will be deployed. But this won’t work in an air -gapped environment. To access non-MAAS-maintained images in an air-gapped environment, you will need to use one of two methods:
user_data.Here’s a thumbnail sketch of both of these methods.
How to use user_data to access non-MAAS-maintained images
A user can create custom user_data which will configure CentOS or RHEL to use a specific mirror. Check out the machine customisation page for details on how to make this work.
Storing customer images for non-MAAS-maintained images
You can also create custom images and store them in your local mirror. Once you have the image built, consult the page on local image mirrors to see how to incorporate your newly-built image into the local stash.
How to set up a transparent proxy
If you don’t wish to disturb the default configurations for Ubuntu and MAAS, you can create a transparent proxy for Debian packages and images, via the following general steps:
archive.ubuntu.com.images.maas.io.This avoids any need to change the default settings for MAAS or Ubuntu.