Is this page helpful?

Installing on “Air-Gapped” Systems#

For security purposes, some installations require that systems be isolated from the internet or outside networks. Since most DGX software updates are accomplished through an over-the-network process with NVIDIA servers, this section explains how updates can be made when using an over-the-network method is not an option. It includes a process for installing containers as well.

Registering Your System#

See the Red Hat customer portal knowledge base article How to register and subscribe a system offline to the Red Hat Customer Portal

Creating a Local Mirror of the NVIDIA Repository#

Instructions for setting up a private repository or mirroring the NVIDIA and the Red Hat repositories are beyond the scope of this document. It is expected that users are knowledgeable about those processes.

The Red Hat customer portal provides a knowledge base article for creating a local mirror.

The repositories that will need to be mirrored are:

  • rhel-10-for-x86_64-appstream-rpms

  • rhel-10-for-x86_64-baseos-rpms

  • codeready-builder-for-rhel-10-x86_64-rpms

  • nvidia-main-10

  • dgx-10

  • CUDA

  • nvhpc

  • DOCA

These repository mirrors must be created on a system with network access and then copied to the system being installed.

Once the mirrors are copied, follow the instructions at Enabling the NVIDIA and DGX Software Repositories and Installing Required Components for enabling the NVIDIA and DGX repositories and the appstream, baseos, and codeready-build-for-rhel repositories.

Edit the files nvidia-repositories.repo, dgx-repositores.repo, and redhat.repo, changing the baseurl entries to point to the mirrored repo locations. For example:

nvidia-repositories.repo:

[nvidia-main]
name=NVIDIA MAIN for EL10
baseurl=file:///var/repos/NVIDIA-Main
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dgx-rpm-prod
priority=40

[CUDA]
name=NVIDIA CUDA for EL10
baseurl=file:///var/repos/CUDA
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cuda-rpm-prod
priority=50

[nvhpc]
name=NVIDIA HPC SDK
baseurl=file:///var/repos/nvhpc
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-NVIDIA-HPC-SDK
priority=50

[DOCA]
name=DOCA OFED for EL10
baseurl=file:///var/repos/DOCA
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-Mellanox
priority=50

dgx-repositories.repo:

[nvidia-dgx]
name=NVIDIA DGX for EL10
baseurl=file:///var/repos/NVIDIA-dgx
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dgx-rpm-prod
priority=40

When the repositories have been mirrored locally and the .repo files modified proceed with Installing the DGX Software.

Installing Podman Containers#

Podman containers can be loaded on a system with network connectivity, then saved as a tar image. The tar image can then be copied to the air-gapped system and imported.

This method applies to Docker containers hosted on the NGC Container Registry. Most container images are freely available, but some are locked and require that you have an NGC account to access. See the NGC Private Registry User Guide for instructions on accessing locked container images.

  1. On the networked system, enter the Podman pull command, specifying the image registry, image repository, and tag.

    podman pull nvcr.io/nvidia/repository:tag

  2. Verify the image is on your system using Podman images.

    podman images

  3. Save the Podman image as an archive.

    podman save --output framework.tar nvcr.io/nvidia/repository:tag

  4. Transfer the image to the air-gapped system using removable media such as a USB flash drive.

  5. Load the NVIDIA Docker image.

    podman load -i framework.tar

  6. Verify the image is on your system.

    podman images