Upgrade agents without internet access

In situations where your primary and agents are airgapped, the primary server can't download the package. Therefore, you have to download the agent tarball from an internet-connected system, prepare the airgapped primary server to serve up the agent package to your agents, and then run the upgrade script on your agents.

  1. Download the appropriate agent tarball.

    If you are installing an agent version that is different from your primary server, make sure you download the agent tarball corresponding to the agent_version parameter for the node's platform, as explained in Setting agent versions.

    To initiate the download you will need authentication credentials. Use the string literal license-id as your username and use your PE License ID as the password. The password is sent with your PE license or available in the PE console. If your PE License ID is not supplied with your license, please Contact our sales team.
  2. On your primary server, copy the agent tarball to the appropriate agent package directory at: /opt/puppetlabs/server/data/staging/pe_repo-puppet-agent-<AGENT_VERSION>
  3. Declare the agent architecture class in the PE Master node group:
    1. In the PE console, go to Node groups > PE Infrastructure > PE Master.
    2. On the Classes tab, enter pe_repo in the Add a new class field, and select the appropriate repo class from the list of classes.

      Repo classes are formatted as pe_repo::platform::<AGENT_OS_VERSION_ARCHITECTURE>.

      To use a specific agent version, set the agent_version variable using an X.Y.Z format (for example, 8.2.0). If you specify a version in this way, agents do not automatically upgrade when you upgrade your primary server.

    3. Click Add class and commit changes.
    4. On your primary server, run Puppet to configure the newly assigned class: puppet agent -t

      A new agent package repo is created at /opt/puppetlabs/server/data/packages/public/<PE VERSION>/<PLATFORM>/.

  4. SSH into, or physically log on to, the agent node you want to upgrade.
  5. Run the upgrade script command: 
    cacert="$(puppet config print localcacert)"
uri="https://$(puppet config print server):8140/packages/current/install.bash"
				
curl --cacert "$cacert" "$uri" | sudo bash
  6. Repeat these steps to upgrade additional agents.