Configuring an air-gapped MAAS environment
Running MAAS air-gapped: a practical guide
Operating MAAS in an environment without internet access is doable, but needs a bit of extra planning. Four key elements must be in place for a seamless experience:
- Snap updates via snap proxy
- Local package repository
- MAAS-specific images from a local mirror
- Other OS images from various sources
Some of these resources can also utilise a transparent proxy, minimising impact on your existing MAAS setup.
What you’ll need to focus on:
- Refreshing snaps with snap proxy
- Setting up local package updates
- Managing MAAS images locally
- Working with other OS images
- Using
user_data
for non-MAAS images - Creating a transparent proxy
Refreshing snaps with snap proxy
To manage snaps in an air-gapped setup, use the Snap Store Proxy. This feature is currently in a password-protected internal Beta. The proxy serves as an intermediary, eliminating the need for devices to connect to the internet. Steps to get this up:
- Register the Snap Store Proxy on a machine with internet access.
- Secure your proxy with HTTP.
- Populate the proxy with snaps needed for your MAAS environment.
For detailed guidance, see the official documentation.
Setting up local package updates
Utilise the reprepro
command to manage local Debian package repositories. It’s the recommended way, as apt-mirror
is no longer maintained. Reprepro
does not require an external database and manages package signatures efficiently.
For easier access, you might want to use a transparent proxy.
Managing MAAS images locally
MAAS allows you to mirror images locally by following these steps:
- Install
simplestreams
. - Define variables for easier CLI interaction.
- Specify image storage locations.
- Add a new boot source pointing to the local mirror.
Check the local image mirror guide for comprehensive details.
Working with other OS images
For non-MAAS OS like CentOS or RHEL, you have two options:
- Use custom
user_data
. - Create and store custom images in a local mirror.
Using user_data
for non-MAAS images
Custom user_data
can configure CentOS or RHEL to use specific mirrors. More details are available on the machine customisation page.
Creating a transparent proxy
To avoid altering MAAS or Ubuntu settings, establish a transparent proxy:
- Redirect Ubuntu and MAAS package requests via HTTP.
- Create local mirrors for
archive.ubuntu.com
andimages.maas.io
. - Adjust DNS settings to point to these local mirrors.
This way, your existing configurations remain untouched.
Last updated a month ago.