Appendix E: Installing DGX OS on Air-Gapped Systems

Base OS - DGX OS 5

For security purposes, some installations require that systems be isolated from the internet or outside networks.

An air-gapped system is not connected to an unsecured network, such as the public Internet, to an unsecured LAN, or to other computers that are connected to an unsecured network. The default mechanisms to update software on DGX systems and loading container images from the NGC Container Registry require an Internet connection. On an air-gapped system, which is isolated from the Internet, you must provide alternative mechanisms to update software and load container images.

Since most DGX software updates are completed through an over-the-network process with NVIDIA servers, this section explains how updates can be made when using an over-the-network method is not an option. It also includes a process to install Docker containers.

Here are the methods you can use:

  • Download the ISO image, copy it to removable media and then reimage the DGX System from the media.

    This method is available only for software versions that are available as ISO images for download. For details, see Installing DGX OS This section provides information about how to install the DGX OS.

  • Update the DGX software by performing a network update from a local repository.

    This method is available only for software versions that are available for over-the-network updates.

Here are the steps to download the necessary packages to create a mirror of the repositories that are needed to update NVIDIA DGX systems. For more information on DGX OS versions and the release notes available, refer to Release Notes

Note

These procedures apply only to upgrades in the same major release, such as from 5.x to 5.y. The steps do not support upgrades across major releases, such as from DGX OS 4 to DGX OS 5.

  1. Identify the sources that correspond to the public NVIDIA and Canonical repositories that provide updates to the DGX OS.

    You can identify these sources from the /etc/apt/sources.list file and the contents of the /etc/apt.sources.list.d/ directory, or by using [System Settings, Software & Updates].

  2. Create and maintain a private mirror of the repository sources that you identified in the previous step.

  3. Update the sources that provide updates to the DGX system to use your private repository mirror instead of the public repositories.

To update these sources, modify the /etc/apt/sources.list file and the contents of /etc/apt.sources.list.d/ directory.

The instructions in this section are to be performed on a system with internet access.

  • A system installed with Ubuntu OS is needed to create the mirror because there are several Ubuntu tools that need to be used.

  • You must be logged in to the system installed with Ubuntu OS as an administrator user because this procedure requires sudo privileges.

  • The system must contain enough storage space to replicate the repositories to a file system. The space requirement could be as high as 250 GB.

  • An efficient way to move large amount of data is needed, for example, shared storage in a DMZ, or portable USB drives that can be brought into the air-gapped area.

    The data will need to be moved to the systems that need to be updated. Make sure that any portable drives are formatted using ext4 or FAT32.

To create the mirror:

  1. Ensure that the storage device is attached to the system with network access and identify the mount point of the device.

    Here is a sample mount point that was used in these instructions:

    Copy
    Copied!
                

    /media/usb/repository

  2. Install the apt-mirror package.

    Copy
    Copied!
                

    $ sudo apt update

    Copy
    Copied!
                

    $ sudo apt install apt-mirror

  3. Change the ownership of the target directory to the apt-mirror user in the apt-mirror group.

    Copy
    Copied!
                

    $ sudo chown apt-mirror:apt-mirror /media/usb/repository

    The target directory must be owned by the user apt-mirror or the replication will not work.

  4. Configure the path of the destination directory in /etc/apt/mirror.list and use the included list of repositories below to retrieve the packages for both Ubuntu base OS and the NVIDIA DGX OS packages.

    Copy
    Copied!
                

    ############# config ################## # set base_path /media/usb/repository #/your/path/here # # set mirror_path $base_path/mirror # set skel_path $base_path/skel # set var_path $base_path/var # set cleanscript $var_path/clean.sh # set defaultarch <running host architecture> # set postmirror_script $var_path/postmirror.sh set run_postmirror 0 set nthreads 20 set _tilde 0 # ############# end config ############## # Standard Canonical package repositories: deb http://security.ubuntu.com/ubuntu jammy-security main multiverse universe restricted deb http://archive.ubuntu.com/ubuntu/ jammy main multiverse universe restricted deb http://archive.ubuntu.com/ubuntu/ jammy-updates main multiverse universe restricted # deb-i386 http://security.ubuntu.com/ubuntu jammy-security main multiverse universe restricted deb-i386 http://archive.ubuntu.com/ubuntu/ jammy main multiverse universe restricted deb-i386 http://archive.ubuntu.com/ubuntu/ jammy-updates main multiverse universe restricted # # CUDA specific repositories: deb http://developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/ / # # DGX specific repositories: deb http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy common dgx deb http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy-updates common dgx # deb-i386 http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy common dgx deb-i386 http://repo.download.nvidia.com/baseos/ubuntu/jammy/x86_64/ jammy-updates common dgx # Clean unused items clean http://archive.ubuntu.com/ubuntu clean http://security.ubuntu.com/ubuntu

  5. Run apt-mirror and wait for it to finish downloading content.

    This will take a long time depending on the network connection speed.

    Copy
    Copied!
                

    $ sudo apt-mirror

  6. Eject the removable storage with all packages.

    Copy
    Copied!
                

    $ sudo eject /media/usb/repository

Here are the steps that explain how you can configure a target air-gapped DGX OS 5 system.

The instructions in this section are to be performed on the target air-gapped DGX system.

  • The target air-gapped DGX system is installed, has gone through the first boot process, and is ready to be updated with the latest packages.

  • The USB storage device on which the mirrors were created is attached to the target DGX system.

There are other ways to transfer the data that are not covered in this document as they will depend on the data center policies for the air-gapped environment.

  1. Mount the storage device on the air-gapped system to /media/usb/repository for consistency2. Configure the apt command to use the file system as the repository in the file /etc/apt/sources.list by modifying the following lines.

    Copy
    Copied!
                

    deb file:///media/usb/repository/mirror/security.ubuntu.com/ubuntu focal-security main multiverse universe restricted deb file:///media/usb/repository/mirror/archive.ubuntu.com/ubuntu/ focal main multiverse universe restricted deb file:///media/usb/repository/mirror/archive.ubuntu.com/ubuntu/ focal-updates main multiverse universe restricted

  2. Configure apt to use the NVIDIA DGX OS packages in the /etc/apt/sources.list.d/dgx.list file.

    Copy
    Copied!
                

    deb file:///media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/focal/x86_64/ focal main dgx deb file:///media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/focal/x86_64/ focal-updates main dgx

  3. Configure [apt] to use the NVIDIA CUDA packages in the /etc/apt/sources.list.d/cuda-compute-repo.list file.

    Copy
    Copied!
                

    deb file:///media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64/ /

  4. Update the apt repository.

    Copy
    Copied!
                

    $ sudo apt update

    The output from this command is similar to the following example.

    Copy
    Copied!
                

    Get:1 file:/media/usb/repository/mirror/security.ubuntu.com/ubuntu focal-security InRelease [107 kB] Get:2 file:/media/usb/repository/mirror/archive.ubuntu.com/ubuntu focal InRelease [265 kB] Get:3 file:/media/usb/repository/mirror/archive.ubuntu.com/ubuntu focal-updates InRelease [111 kB] Get:4 file:/media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 InRelease Get:5 file:/media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/focal/x86_64 focal InRelease [12.5 kB] Get:6 file:/media/usb/repository/mirror/repo.download.nvidia.com/baseos/ubuntu/focal/x86_64 focal-updates InRelease [12.4 kB] Get:7 file:/media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 Release [697 B] Get:8 file:/media/usb/repository/mirror/developer.download.nvidia.com/compute/cuda/repos/ubuntu2004/x86_64 Release.gpg [836 B] Reading package lists... Done

  5. Upgrade the system using the newly configured local repositories.

    Copy
    Copied!
                

    $ sudo apt full-upgrade

© Copyright 2020-2023, NVIDIA. Last updated on Mar 24, 2023.