Deploy Cyberwatch in offline mode with Podman

The Podman orchestrator is available on an experimental basis. To ensure deployment stability, the Swarm orchestrator is recommended. If you have any questions or require assistance, please contact Cyberwatch support.

This page gives the procedure to follow to install Cyberwatch in offline mode.

Prerequisites

• A machine with access to harbor.cyberwatch.fr.
• On the machine that will host Cyberwatch offline, have the following dependencies:
  • Podman with version 4.9.3 minimum
  • Podman-compose with version 1.5.0 minimum github/podman-compose

Cyberwatch On Premise installation

1. Import the container images to the disconnected machine

2. Download the cyberwatch-podman and cosign packages for your distribution manually at https://dl.cyberwatch.fr/rpm/incoming/

3. Transfer the package to the offline machine

4. Install Cyberwatch:

   For Debian-based distributions:

   sudo apt install cosign*.deb
   sudo apt install cyberwatch-podman.deb
   

   For Red Hat based distributions:

   sudo rpm install cosign*.rpm
   sudo rpm install cyberwatch-podman.rpm
   

5. Configure subuid/subgid ranges:

   To allow Podman to execute rootless container, we need to define a subuid/subgid range in the files /etc/subuid and /etc/subgid:

   # Minimal length that we need for the range: 327680.
   
   cyberwatch:100000:327680
   

   Be careful not to overlap this range with the range of another user already present in these files.

   Then validate the changes for Podman with the user cyberwatch.

   sudo su - cyberwatch -c "podman system migrate"
   

6. Configure Cyberwatch:

   sudo cyberwatch configure --offline
   

7. Register the admin user through the web interface at https://<offline_machine_adress>

8. Synchronize the vulnerability database, either from the application’s web interface at https://<offline_machine_adress>/admin/import_dbs, or from the command line following the procedure described in the dedicated documentation