Installing on “Air-Gapped” Systems

For security purposes, some installations require that systems be isolated from the internet or outside networks. Since most DGX software updates are accomplished through an over-the-network process with NVIDIA servers, this section explains how updates can be made when using an over-the-network method is not an option. It includes a process for installing containers as well.

Registering Your System

See the Red Hat customer portal knowledge base article How to register and subscribe a system offline to the Red Hat Customer Portal

Creating a Local Mirror of the NVIDIA Repository

Instructions for setting up a private repository or mirroring the NVIDIA and the Red Hat repositories are beyond the scope of this document. It is expected that users are knowledgeable about those processes.

The Red Hat customer portal provides a knowledge base article for creating a local mirror. Pay particular attention to the instructions under Create a local repo with Red Hat Enterprise Linux 9. The reposync command can now download repository metadata as well, so there is no longer a need to use createrepo after.

The repositories that will need to be mirrored are:

  • rhel-9-for-x86_64-appstream-rpms

  • rhel-9-for-x86_64-baseos-rpms

  • codeready-builder-for-rhel-9-x86_64-rpms

  • nvidia-dgx-9

  • CUDA

Once mirrored, be sure to configure the target system to use your local repository. This can be accomplished by creating file under /etc/yum.repos.d/my_mirror.repo with the following contents:

[nvidia-dgx-9]
name=NVIDIA DGX EL9
baseurl=file://path/to/your/nvidia-dgx-9-repo-mirror/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dgx-cosmos-support

[CUDA]
name=NVIDIA CUDA for EL9
baseurl=file://path/to/your/CUDA-repo-mirror/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cuda

Note

The instructions assume that you have the repositories enabled on the local machine. See Enabling the DGX Software Repository for instructions on enabling the NVIDIA DGX EL8 repository.

The CUDA repository makes use of modularity streams. If mirroring onto a Red Hat Enterprise Linux 9 (or Fedora) system, it’s possible to synchronize the modularity metadata in a single command:

reposync -p /path/to/your/mirror/ --repoid=CUDA --download-metadata --downloadcomps

However, if you are mirroring the CUDA repository onto another distribution (for example Ubuntu, CentOS 7, Red Hat Enterprise Linux 7) then you will have to manually generate the repository metadata:

reposync -p /path/to/your/mirror/ --repoid=CUDA --downloadcomps
createrepo -v /path/to/your/mirror/
python3 genmodules.py /path/to/your/mirror/ /tmp/modules.yaml
modifyrepo /tmp/modules.yaml /path/to/your/mirror/repodata/

Note that you can find the genmodules.py script from NVIDIA’s yum-packaging-precompiled-kmod repository on GitHub:

https://github.com/NVIDIA/yum-packaging-precompiled-kmod

Installing Docker Containers

This method applies to Docker containers hosted on the NGC Container Registry. Most container images are freely available, but some are locked and require that you have an NGC account to access. See the NGC Private Registry User Guide for instructions on accessing locked container images.

  1. Enter the docker pull command, specifying the image registry, image repository, and tag.

    docker pull nvcr.io/nvidia/repository:tag

  2. Verify the image is on your system using docker images.

    docker images

  3. Save the Docker image as an archive.

    docker save nvcr.io/nvidia/repository:tag > framework.tar

  4. Transfer the image to the air-gapped system using removable media such as a USB flash drive.

  5. Load the NVIDIA Docker image.

    docker load -i framework.tar

  6. Verify the image is on your system.

    docker images