Installing for Offline Environments¶
If the PCoIP Connection Manager and PCoIP Security Gateway machine does not have a connection to the public internet, you must create a temporary internet-connected machine to download the package files and dependencies and then transfer them to the production machine.
For information on package dependencies, see System Requirements.
Before You Begin¶
Before you proceed with installation, note the following:
-
Docker must be installed before you begin. If you are able to open a temporary internet connection to your machine, you can use the instructions below. If you are not able to open a temporary internet connection, install Docker on the production machine using any acceptable method.
-
The PCoIP Security Gateway is installed as part of this process. IPv6 connections are not supported in offline deployments.
-
If your connection broker is configured to identify resources by host name, then DNS must be available and configured as follows:
-
Host names must be resolvable from the PCoIP Connection Manager server.
-
Host names must be resolvable from the PCoIP broker.
-
-
If your environment has
podman
orbuildah
installed, uninstall them before proceeding.sudo dnf erase podman buildah -y
Creating the Installation Bundle¶
First, you'll download the package and dependencies to a temporary machine, create an installation bundle, and then transfer the bundle to the production machine for installation.
To create the offline installation bundle:
-
Create a disposable internet-connected machine that is identical to the production machine. To compare the OS information, open a console on each machine and run the following command on both:
cat /etc/os-release
-
On the temporary machine, open a browser and go to the PCoIP Connection Manager and PCoIP Security Gateway download page.
-
Click Downloads and scripts:
If you see a login button instead, click it to log into the site and then proceed.
-
Accept the End User License Agreement, then click Set Up Repository:
.
The window will expand and show the setup scripts for each supported operating system. Copy the command for your system to the clipboard.
-
Open a console window and paste in the command you copied in the previous step. You may need to press Enter to execute it.
The command fetches a configuration script from our servers and runs it locally, setting up and configuring the repository on the local machine.
-
Install pcoip-cmsg-setup
sudo dnf install pcoip-cmsg-setup
-
Find and note the rpm name for the setup package. We will use this name when creating the offline bundle next.
sudo dnf info pcoip-cmsg-setup
The rpm name will similar to this:
pcoip-cmsg-setup-<version>-<release>
. -
Create the offline install bundle:
sudo pcoip-cmsg-setup create-darksite-bundle --pcoip-cmsg-rpm-path <rpm name>
...where
<rpm name>
is the name you noted in the previous step.The process will create a tarball called teradici-pcoip-cmsg-bundle.tar.gz.
-
Transfer the installation bundle to the production machine using any acceptable method, such as a USB flash drive or SCP.
Once this process has completed successfully, you can dispose of the temporary machine.
Installing PCoIP Connection Manager and the PCoIP Security Gateway¶
Once you have created the installation bundle and transferred it to the production machine, you can install the software.
To install the PCoIP Connection Manager and the PCoIP Security Gateway:
-
SSH into the production machine.
-
Navigate to the directory where you placed the installer bundle.
-
Extract the bundle and move into the newly-created teradici-pcoip-cmsg-bundle directory:
tar xzvf teradici-pcoip-cmsg-bundle.tar.gz
cd teradici-pcoip-cmsg-bundle
-
Install the PCoIP Connection Manager. The command depends on whether Docker is already installed on the production machine (if you are unsure, use
docker -v
to check your Docker version):-
If Docker is already installed:
sudo dnf install --allowerasing pcoip-cmsg-setup*.rpm --disablerepo="*" -y
-
If Docker is not installed:
sudo dnf install --allowerasing --nobest --skip-broken --disablerepo="*" -y *.rpm
-
-
Start the docker daemon
sudo systemctl start docker
-
Move back up one directory level and then install the PCoIP Connection Manager and PCoIP Security Gateway:
cd .. sudo pcoip-cmsg-setup install --darksite-bundle-path teradici-pcoip-cmsg-bundle <installation_flags>
Important: Required installation flags
There are a number of options and settings available. You can invoke the
install
command with the--help
flag to list them:pcoip-cmsg-setup install --help
They are also listed in the next section.
The
install
command will prompt you for required parameters that have not been supplied via flags.
Installation Flags and Options¶
The following flags can be used to provide values at the command line. Flags that are required are identified in the description.
Boolean values should be provided as either true
or false
, lowercased, as in this example:
--example-flag=true
Flag | Type | Description |
---|---|---|
--accept-policies |
Boolean | Automatically accepts the EULA and Privacy Policy. Required. |
--broker-url |
String | The URL of the PCoIP Broker, specified either as a https:// Required. |
‑‑ca-cert |
String | The full path and filename of the custom Certificate Authority's public certificate to be used in the PCoIP Connection Manager and PCoIP Security Gateway. Required if --self-signed is not used. |
--compose-file |
String | Specify the full path to a local docker-compose file. |
--darksite-bundle-path |
string | The path of darksite install bundle to be used for darksite installation |
--docker-password |
String | Password to login to private registry. |
‑‑docker-registry |
String | Specifies the Teradici source for Cloud Access Connector images to be install from. Debugging only: This is intended to be used for debugging purposes and should not be used without guidance from Teradici support. Using this flag incorrectly can result in failed installations. |
‑‑docker-username |
String | Username to login to private registry. |
--enable-collaboration |
Boolean | Allow multiple PCoIP clients to collaborate on a PCoIP agent. (default true) |
‑‑enable-ipv6 |
Boolean | Enables IPv6 connections (default false). To enable IPv6 use --enable-ipv6=true . To disable IPv6 use --enable-ipv6=false , or omit this flag. |
‑‑external-pcoip-ip |
StringArray | Sets the public IP address of Security Gateway. If --enable-ipv6 is true, this option may be used twice (once for IPv4 and once for IPv6).Required if PCoIP Security Gateway is enabled |
‑‑enable-security-gateway |
Boolean | Enable and use the PCoIP Security Gateway (default true). |
‑‑help |
Lists all available flags. | |
--host-address |
stringArray | Sets the host FQDN/IP address. The option may be used twice (once for the IP address and once for the FQDN) |
--ignore-disk-req |
Boolean | Ignore the check for the minimum disk space requirement. |
--license-server-url |
String | The address of the locally installed PCoIP License Server. Example: https://<license-server-address>:<port> |
--self-signed |
Boolean | Automatically generate self-signed SSL cert and key for testing purposes. If specified, --ssl-key and --ssl-cert options are ignored. |
‑‑ssl-cert |
String | The full path and filename of the SSL certificate to be used in the PCoIP Connection Manager and PCoIP Security Gateway. Required if --self-signed is not used. |
‑‑ssl-key |
String | The full path and filename of the SSL key to be used in the PCoIP Connection Manager and PCoIP Security Gateway. Required if --self-signed is not used. |
Enabling or Disabling the PCoIP Security Gateway¶
By default, the PCoIP Security Gateway is enabled when the package is installed. This configuration is highly recommended for deployments where users will connect over the WAN. If your users are behind a firewall and do not access their desktops from the WAN, you may not need the PCoIP Security Gateway.
If you are sure that you do not need the PCoIP Security Gateway, reinstall the package using the --enable-security-gateway=false
flag.
To reenable the PCoIP Security Gateway, reinstall the package using the default options.
About Docker¶
The PCoIP Connection Manager and PCoIP Security Gateway depends on Docker 20.10.0 or higher, which must be installed on the machine before you install the PCoIP Connection Manager and PCoIP Security Gateway.
If you have not installed Docker yet, install it now.
If you are not sure if Docker is installed, or are not sure what Docker version you have, verify your Docker version first.
Verifying Docker Version¶
To verify your Docker installation and version:
-
SSH into the machine.
-
Open a console window and run the following command:
sudo docker -v
-
If Docker is not installed, this command will produce an error. Installation instructions are provided in the next section.
-
If you see a version number that is lower than 20.10.0, you must uninstall Docker and then re-install the supported version. Instructions for uninstalling and installing are provided in the next section.
-
If you see a version number that is equal to or higher than 20.10.0, you have a compatible version of Docker already installed and can skip to PCoIP Connection Manager and PCoIP Security Gateway installation.
-
Uninstalling Docker¶
You'll only need to do this if you have an unsupported version of Docker already on the machine. If you haven't installed Docker yet, skip this section.
To uninstall Docker:
-
SSH into the machine.
-
Open a console window and run the following command:
sudo dnf remove docker docker-client docker-client-latest docker-common docker-latest docker-latest-logrotate docker-logrotate docker-engine docker-ce docker-ce-cli containerd.io runc
-
When uninstalling is complete, proceed to Installing Docker.
Installing Docker¶
To Install Docker:
Important: This method requires a temporary internet connection
The method described here requires you to open a temporary connection to the public internet, and then close it after installation. If you cannot open a connection to the internet, you must move the docker installer and dependencies onto the production machine manually instead.
-
Open a temporary internet connection on the production machine.
-
SSH into the machine that will host the PCoIP Connection Manager and PCoIP Security Gateway.
-
Open a console window, and run the following command. This will remove the
podman
andbuildah
packages if they are installed (these packages conflict with Docker):sudo dnf remove podman buildah
-
Run the following commands in the same console window. Note that if you copy and paste these commands into the console, you may need to press Enter again to execute the last command:
sudo dnf install -y dnf-utils sudo dnf config-manager --add-repo https://download.docker.com/linux/centos/docker-ce.repo sudo dnf install docker-ce docker-ce-cli containerd.io
-
Confirm installation:
sudo docker -v
-
After confirming installation, close the internet connection.