General description
When deploying in an isolated network environment (without internet access or with significant restrictions on access to external websites), the offline NAICE installation method must be used. This installation process includes:
- Preparing the required VMs for deployment.
- Installing the required software available in the operating system repositories.
- Downloading the archive containing NAICE Docker container images and installation playbooks.
- Preparing installation playbook variables according to the deployment requirements.
- Installing the system using Ansible playbooks.
For a detailed description of the deployment scheme, refer to: v1.1_3.4 High-availability installation (without using VRRP)
Preparing the VM
To deploy NAICE in a high-availability configuration, it is necessary to prepare the target VMs in accordance with the requirements specified in v1.1_3.1 System requirements.
The IP addresses of the VMs on which NAICE is deployed must be configured statically. |
To deploy the VM, it is required to install a set of packages available in the official repositories of the operating system in use. A local mirror of the official repository, deployed within an isolated network and accessible from the target machine, can be used to install these packages via a package manager such as APT (Ubuntu, Astra Linux) or YUM (RedOS). |
A separate VM for running Ansible playbooks must also be prepared.
Preparing the VM for NAICE and PostgreSQL deployment
Deploy the VM in accordance with the requirements specified in section v1.1_3.1 System requirements.
Install the docker.io and docker-compose packages according to the official instructions: https://docs.docker.com/engine/install/ubuntu/ sudo apt-get update && \
sudo apt-get install ca-certificates curl && \
sudo install -m 0755 -d /etc/apt/keyrings && \
sudo curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc && \
sudo chmod a+r /etc/apt/keyrings/docker.asc && \
echo \
"deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | \
sudo tee /etc/apt/sources.list.d/docker.list > /dev/null && \
sudo apt-get update && \
sudo apt-get install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -y |
|
Verify the installation and versions of Docker and Docker Compose (the versions must not be lower than the required ones): $ sudo docker --version
Docker version 29.2.1, build a5c7197
$ sudo docker compose version
Docker Compose version v5.1.0 |
|
Install packages and all required dependencies from the official Ubuntu repository corresponding to the OS version in use: sudo apt install python3-psycopg2 python3-apt -y |
|
The IP addresses of the VMs on which NAICE is deployed must be configured statically. |
To deploy the VM, it is required to install a set of packages available in the official Astra Linux repositories. A local mirror of the official repository, deployed within an isolated network and accessible from the target machine, can be used to install these packages via a package manager such as APT. |
Install packages from the official Astra Linux repository: sudo apt install docker.io python3-apt python3-psycopg2 python3-requests -y |
The Docker Compose plugin cannot be installed from the Astra Linux repository, as it contains an outdated version. It must be downloaded from the following link to the target host: https://cloud.eltex-co.ru/index.php/s/yKlAcy83VVPEfzx. If necessary, the file can be downloaded to any PC with Internet access to the website https://cloud.eltex-co.ru (using the link above) and then transferred to the target host using any available SCP client into the home directory of the user who will perform the installation. |
Example download using wget: wget https://cloud.eltex-co.ru/index.php/s/yKlAcy83VVPEfzx/download -O docker-compose-linux-x86_64 |
On the target host, create a directory: sudo mkdir -pv /usr/local/lib/docker/cli-plugins |
Place the downloaded file download into this directory and rename it to docker-compose: sudo mv -v docker-compose-linux-x86_64 /usr/local/lib/docker/cli-plugins/docker-compose |
Change the file owner to root: sudo chown root:root -v /usr/local/lib/docker/cli-plugins/docker-compose |
Make the file executable: sudo chmod 755 -v /usr/local/lib/docker/cli-plugins/docker-compose |
Verify the installation and versions of Docker and Docker Compose (the versions must not be lower than the required ones): $ sudo docker --version
Docker version 28.3.3.astra1, build
$ sudo docker compose version
Docker Compose version v2.2.3 |
|
sudo apt install docker.io -y && \
wget https://cloud.eltex-co.ru/index.php/s/yKlAcy83VVPEfzx/download -O docker-compose-linux-x86_64 && \
sudo mkdir -pv /usr/local/lib/docker/cli-plugins && \
sudo mv -v docker-compose-linux-x86_64 /usr/local/lib/docker/cli-plugins/docker-compose && \
sudo chown root:root -v /usr/local/lib/docker/cli-plugins/docker-compose && \
sudo chmod 755 -v /usr/local/lib/docker/cli-plugins/docker-compose && \
sudo docker --version && \
sudo docker compose version |
|
|
The IP addresses of the VMs on which NAICE is deployed must be configured statically. |
Install the required packages along with all dependencies from the official Astra Linux repository on all hosts that will be used for the installation: sudo apt install docker.io docker-compose-v2 python3-apt python3-psycopg2 python3-requests -y |
Verify the installation and versions of Docker and Docker Compose (the versions must not be lower than the required ones): $ sudo docker --version
Docker version 28.3.3.astra1, build
$ sudo docker compose version
Docker Compose version 2.39.2.astra1 |
|
|
Install Docker and Docker Compose packages from the official RedOS repository: sudo yum install docker-ce docker-compose python3-psycopg2 python3-requests -y |
Verify the installation and versions of Docker and Docker Compose (the versions must not be lower than the required ones): $ sudo docker --version
Docker version 28.1.1, build 4eba377
$ sudo docker compose version
Docker Compose version 5.0.2 |
|
|
Preparing the VM for running Ansible playbooks
Requirements for the host OS running Ansible playbooks
To run Ansible playbooks, use a VM running Ubuntu 24, RedOS 8.0.2, or Astra Linux 1.8.6. |
Installing Ansible
Install the Ansible package along with all dependencies and other required software.
sudo apt install ansible-core=2.16.3-0ubuntu2 sshpass -y |
|
sudo apt install ansible-core=2.15.10-1 sshpass -y |
|
sudo yum install ansible python3-netaddr sshpass |
|
If Astra Linux 1.7.X is used as the target OS for NAICE deployment, ensure that the Ansible version is not higher than 2.17: Installation is not supported on newer Ansible versions, as Astra Linux 1.7.X uses Python 3.7, which is not supported. If necessary, reinstall Ansible and downgrade to the required version. |
Checking and updating the community.docker version
Check the community version:
ansible-galaxy collection list | grep community.docker |
If the version is lower than 4.7.0, update the Ansible community.docker. Download and place the community-docker-4.7.0.tar.gz file on the target host:
Direct link to download the file: https://cloud.eltex-co.ru/index.php/s/9Hv6p4yz611fDXb
If necessary, the file can be downloaded to any PC with Internet access to the website https://cloud.eltex-co.ru (using the link above) and then transferred to the target host using any available SCP client into the home directory of the user who will perform the installation. |
Download it directly to the target host using the wget command if the address https://cloud.eltex-co.ru is accessible:
wget https://cloud.eltex-co.ru/index.php/s/9Hv6p4yz611fDXb/download -O community-docker-4.7.0.tar.gz |
Install community using the command (without using sudo):
$ ansible-galaxy collection install community-docker-4.7.0.tar.gz |
Check the community version:
$ ansible-galaxy collection list | grep community.docker
community.docker 4.7.0 <--- Latest version
community.docker X.X.X <--- Previous version |
Downloading the NAICE archive for installation in an isolated network and preparing for installation
Download the archive containing NAICE container images and installation playbooks to the host used for running the Ansible playbooks.
Download the latest stable version of NAICE for installation in an isolated network from the page: v1.1_1.5 Stable versions.
If necessary, the file can be downloaded to any PC with Internet access to the website https://cloud.eltex-co.ru (using the link above) and then transferred to the target host using any available SCP client into the home directory of the user who will perform the installation. |
Download it directly to the target host using the wget command if the address https://cloud.eltex-co.ru is accessible:
wget https://cloud.eltex-co.ru/index.php/s/iWhUOSdtaIYGnim/download -O naice_install_2026-04-17.tar.gz |
Extract the downloaded archive on the target host and navigate to the ansible directory inside the extracted directory:
tar xzvf naice_install_2026-04-17.tar.gz
cd naice_install/ansible |
Preparing the file with host IP addresses and access credentials
Edit the inventory/hosts-cluster.yml file by specifying the required target installation addresses and username/password credentials:
---
# Local actions
all:
hosts:
localhost:
ansible_connection: local
ansible_user: <username of the host user running the playbook>
ansible_ssh_pass: <password of the host user running the playbook>
ansible_become_password: <sudo password of the host user running the playbook>
# Host group for high-availability NAICE deployment
geo:
hosts:
master_host:
ansible_host: <IP address of host 1 for NAICE>
ansible_port: 22
ansible_user: <username>
ansible_ssh_pass: <user password>
ansible_become_password: <sudo password>
backup_host:
ansible_host: <IP address of host 2 for NAICE>
ansible_port: 22
ansible_user: <username>
ansible_ssh_pass: <user password>
ansible_become_password: <sudo password>
# Host group for postgres-cluster deployment (primary + standby)
postgres-cluster:
hosts:
node_primary:
ansible_host: <IP address of the host for PostgreSQL node-1>
ansible_port: 22
ansible_user: <username>
ansible_ssh_pass: <user password>
ansible_become_password: <sudo password>
forwarded_postgresql_port: 5432
forwarded_ssh_port: 15432
node_standby:
ansible_host: <IP address of the host for PostgreSQL node-2>
ansible_port: 22
ansible_user: <username>
ansible_ssh_pass: <user password>
ansible_become_password: <sudo password>
forwarded_postgresql_port: 5432
forwarded_ssh_port: 15432 |
When deploying NAICE on two hosts, the target installation host IP addresses are the same for master_host and node_primary, as well as backup_host and node_standby. |
Installing NAICE
Installing the PostgreSQL database cluster
Run the playbook:
ansible-playbook install-postgres-cluster.yml -i inventory/hosts-geo.yml |
As a result, PostgreSQL will be installed as a cluster on the servers specified in node_primary and node_standby. The master node of the cluster will be located on the node_primary host.
Example of successful playbook completion:
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
node_primary : ok=83 changed=23 unreachable=0 failed=0 skipped=40 rescued=0 ignored=0
node_standby : ok=57 changed=23 unreachable=0 failed=0 skipped=25 rescued=0 ignored=0 |
Installing the NAICE cluster
Before starting the installation, make sure that the Primary role belongs to the PostgreSQL node specified in the variable node_primary “ansible_host”. If necessary, perform a Primary role switch. If this requirement is not met, the installation cannot be completed. |
If necessary, configure playbook variables in the group_vars/all.yml file. Variable preparation is the same as for online installation and is performed in the same way. For more details on variable descriptions, refer to Configuring variables in the file group_vars/all.yml.
For correct interaction with an identity source of the ACTIVE DIRECTORY type, it is necessary to create two computer accounts that will be used for interaction via the netlogon protocol during user password verification. Each NAICE node must use a separate computer account. To do this, specify the following variables in the group_vars/all.yml variables file: cetus_netlogon_pc1_name: "<Computer 1 name>"
cetus_netlogon_pc1_pass: "<Computer 1 password>"
cetus_netlogon_pc2_name: "<Computer 2 name>"
cetus_netlogon_pc2_pass: "<Computer 2 password>" |
Save the file before running the NAICE installation playbook. If these settings are present in the NAICE configuration parameters, they take precedence over the values specified in the web interface. |
|
Run the NAICE installation playbook:
ansible-playbook geo-naice-services.yml -i inventory/hosts-geo.yml |
Example of successful playbook completion:
PLAY RECAP **********************************************************************************************************************************************************************************************************************************
backup_host : ok=89 changed=20 unreachable=0 failed=0 skipped=29 rescued=0 ignored=0
master_host : ok=95 changed=26 unreachable=0 failed=0 skipped=42 rescued=0 ignored=0
|
After installation, verify the status of the NAICE cluster in accordance with the Checking the NAICE cluster state instructions.