Skip to content

Air-gapped environments

If your environment is air gapped and does not even have Internet through a proxy, you can still enrol the system through use of your workstation clipboard (cut'n'pasting). This requires that you are able to use a Bastion host with a terminal to an Internet connected host and the target system in a manner that you can cut'n'paste content between the two terminals.

Klic should be installed on both systems.

Offline install

On the Internet connected host start the bastion helper using:

INTERNET:~$ klic bastion
Bastion request:

It is prompting for input from you, and the process may be cancelled at any point by pressing Ctrl-C.

Now on the target host run in 'bastion' mode the enrolment process:

AIRGAPPED:~$ klic environment create --bastion TENANT-UUID 'My Airgapped Environment'
Please paste the following single line into your Bastion helper

!<=$b,&Ln5BQ%E*3[.'_<$Ek;F`M:B3[-4g,(0F

Bastion response:

It will emit something like the above requesting that you cut'n'paste the ASCII content into the bastion helper and after pressing enter you should see something like:

INTERNET:~$ klic bastion
Bastion request: !<=$b,&Ln5BQ%E*3[.'_<$Ek;F`M:B3[-4g,(0F

Bastion response:

i"?q;qcs1bLl(9aG>rq1*ls0hdR8A]PpY7PVr28kC+2h...

Bastion request:

Repeat the process by pasting this time into the target host:

AIRGAPPED:~$ klic environment create --bastion TENANT-UUID 'My Airgapped Environment'
Please paste the following single line into your Bastion helper

!<=$b,&Ln5BQ%E*3[.'_<$Ek;F`M:B3[-4g,(0F

Bastion response: i"?q;qcs1bLl(9aG>rq1*ls0hdR8A]PpY7PVr28kC+2h...

Please paste the following single line into your Bastion helper

huOu$pK[b^Ll&!nAC\W"T...

Bastion response:

Repeating again the process on the Bastion:

INTERNET:~$ klic bastion
Bastion request: !<=$b,&Ln5BQ%E*3[.'_<$Ek;F`M:B3[-4g,(0F

Bastion response:

i"?q;qcs1bLl(9aG>rq1*ls0hdR8A]PpY7PVr28kC+2h...

Bastion request: huOu$pK[b^Ll&!nAC\W"T...

Bastion response: hu]GMP[+8PLl(9a...

Repeat the process by pasting this time into the target host:

AIRGAPPED:~$ klic environment create --bastion TENANT-UUID 'My Airgapped Environment'
Please paste the following single line into your Bastion helper

!<=$b,&Ln5BQ%E*3[.'_<$Ek;F`M:B3[-4g,(0F

Bastion response: i"?q;qcs1bLl(9aG>rq1*ls0hdR8A]PpY7PVr28kC+2h...

Please paste the following single line into your Bastion helper

huOu$pK[b^Ll&!nAC\W"T...

Bastion response: hu]GMP[+8PLl(9a...

created new environment 2e147a38-9398-11ec-9ed4-c73cd613dc07

We have completed enough rounds and have enrolled the environment. You should be able to inspect the identity of the environment as usual:

klic environment describe 2e147a38-9398-11ec-9ed4-c73cd613dc07
environment  2e147a38-9398-11ec-9ed4-c73cd613dc07
tenant       1453c0e8-9386-11ec-9c64-a747bf6bfc0a
name         My Airgapped Environment
description
disabled     False
identity     ['fqdn:server.example.com', 'os:l64', 'bid:b35a7b8c-84b7-48bd-bf2d-dbc750c04b85', 'mid:0a46bc70719b4a29bcfda85ee67b9af3', 'cid:b35a7b8c-84b7-48bd-bf2d-dbc750c04b85','vm:xen']
tags         []