Configure JAS in an Air-gapped Non-Helm Environment

You need to do certain configurations to make sure that JAS works without any issues in an air-gapped environment. After these configurations, you can proceed with the installation.

Port Configuration

Ensure that you open the following ports before you proceed.

Between Xray and k3s master VM - 6443,10250
Between k3s VMs - Refer the k3s documentation
Between k3s VMs and Artifactory - 8082

Artifactory Configuration

Run the following steps to configure Artifactory.

Set the following values in the Artifactory System YAML file.

jfconnect:
    enabled: true
    airgap:
        enabled: true
    usage:
        enabled: true

Generate an admin scoped token.
For more information, see Create an Admin Scoped Token.Create an Admin Scoped Token
Generate an offline request token with the JFConnect Start Register API with the bearer token that you obtained in the previous step in the air-gapped JPD.
The API returns an offline request token.
Run the Post Offline Request Token to JFrog Entitlements Service API with the offline request token in the body from a machine that has access to the Internet.
For example:
```
curl --location 'https://jes.jfrog.io/api/v1/offline_register' \
--header 'Content-Type: application/json' \
--data '{
    "offline_request_token": "<token>"
}' > entitlements.json
```
If you run the previous command, you an ensure that the entitlements JSON that you receive from JES will have the same checksum as intended since you are writing the response body to a file.
In addition, the response header also contains an offline_response_token that you need to provide to the air-gapped JPD.

Run the JFConnect Offline Register API with the offline response token and the entitlements file in the machine that hosts the air-gapped JFrog Platform installation.

curl --location 'http://localhost:8082/jfconnect/api/v1/offline/register' 
\ --header 'Authorization: Bearer <token>' \ 
--form 'entitlements=@entitlements.json;type=application/json' 
\ --form 'offline_response_token=""'

Xray Configuration

You need to do the Xray configuration in the Xray node or just the first node if you use an HA setup.

Install Docker in the air-gapped Xray node so that you can run the Ansible playbook to set up the k3s infrastructure.

Run the following commands from a machine that has Internet access.

docker pull releases-docker.jfrog.io/ansible/ansible:2.15.02) 
docker save releases-docker.jfrog.io/ansible/ansible:2.15.0 | gzip > ansible.tar

Copy ansible.tarvfile to the Xray machine.
Run the following command in the Xray machine.
```
docker load < ansible.tar
```
Make the following changes to the Xray System YAML and restart the Xray service.
```
server:
    dbSync:
        version3:
            enabled: true
```

k3s Node Configuration

Configure k3s node VMs. We recommend that you use three VMs - 1 as master and 2 as workers.

Create the VMs for k3s.

Download the following k3s resources from a machine that was Internet access.

k3s binaries (k3s version - 1.24.10+k3s1)

wget https://releases.jfrog.io/artifactory/run/k3s/1.24.10/k3s

k3s airgapped images

wget https://releases.jfrog.io/artifactory/run/k3s/1.24.10/k3s-airgap-images-amd64.tar.gz

Copy k3s binary to /usr/local/bin in the k3s VM and make it executable.
```
sudo cp k3s /usr/local/bin
cd /usr/local/bin
chmod +x k3s
```

Copy k3s images to /var/lib/rancher/k3s/agent/images/ in the k3s VM.

sudo mkdir -p /var/lib/rancher/k3s/agent/images/
sudo cp k3s-airgap-images-amd64.tar.gz /var/lib/rancher/k3s/agent/images/