Installing on “Air-Gapped” Systems
For security purposes, some installations require that systems be isolated from the internet or outside networks. Since most DGX software updates are accomplished through an over-the-network process with NVIDIA servers, this section explains how updates can be made when using an over-the-network method is not an option. It includes a process for installing containers as well.
Registering Your System
See the Red Hat customer portal knowledge base article How to register and subscribe a system offline to the Red Hat Customer Portal
Creating a Local Mirror of the NVIDIA Repository
Instructions for setting up a private repository or mirroring the NVIDIA and the Red Hat repositories are beyond the scope of this document. It is expected that users are knowledgeable about those processes.
The Red Hat customer portal provides a knowledge base article for creating a local mirror. Pay particular attention to the instructions under Create a local repo with Red Hat Enterprise Linux 9. The reposync command can now download repository metadata as well, so there is no longer a need to use createrepo after.
The repositories that will need to be mirrored are:
rhel-9-for-x86_64-appstream-rpms
rhel-9-for-x86_64-baseos-rpms
codeready-builder-for-rhel-9-x86_64-rpms
nvidia-dgx-9
CUDA
Once mirrored, be sure to configure the target system to use your local repository. This can be
accomplished by creating file under /etc/yum.repos.d/my_mirror.repo
with the following contents:
[nvidia-dgx-9]
name=NVIDIA DGX EL9
baseurl=file://path/to/your/nvidia-dgx-9-repo-mirror/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-dgx-cosmos-support
[CUDA]
name=NVIDIA CUDA for EL9
baseurl=file://path/to/your/CUDA-repo-mirror/
enabled=1
gpgcheck=1
gpgkey=file:///etc/pki/rpm-gpg/RPM-GPG-KEY-cuda
Note
The instructions assume that you have the repositories enabled on the local machine. See Enabling the DGX Software Repository for instructions on enabling the NVIDIA DGX EL8 repository.
The CUDA repository makes use of modularity streams. If mirroring onto a Red Hat Enterprise Linux 9 (or Fedora) system, it’s possible to synchronize the modularity metadata in a single command:
reposync -p /path/to/your/mirror/ --repoid=CUDA --download-metadata --downloadcomps
However, if you are mirroring the CUDA repository onto another distribution (for example Ubuntu, CentOS 7, Red Hat Enterprise Linux 7) then you will have to manually generate the repository metadata:
reposync -p /path/to/your/mirror/ --repoid=CUDA --downloadcomps
createrepo -v /path/to/your/mirror/
python3 genmodules.py /path/to/your/mirror/ /tmp/modules.yaml
modifyrepo /tmp/modules.yaml /path/to/your/mirror/repodata/
Note that you can find the genmodules.py script from NVIDIA’s yum-packaging-precompiled-kmod repository on GitHub:
Installing Docker Containers
This method applies to Docker containers hosted on the NGC Container Registry. Most container images are freely available, but some are locked and require that you have an NGC account to access. See the NGC Private Registry User Guide for instructions on accessing locked container images.
Enter the docker pull command, specifying the image registry, image repository, and tag.
docker pull nvcr.io/nvidia/repository:tag
Verify the image is on your system using docker images.
docker images
Save the Docker image as an archive.
docker save nvcr.io/nvidia/repository:tag > framework.tar
Transfer the image to the air-gapped system using removable media such as a USB flash drive.
Load the NVIDIA Docker image.
docker load -i framework.tar
Verify the image is on your system.
docker images