Some networks do not have consistent access to the Internet for various reasons. These systems are also referred to as air-gapped systems. Air-gapped systems pose particular challenges both for installing SaltStack Config and for ensuring it is up to date. If you are installing SaltStack Config in an air-gapped system, be aware that the installation process will require greater planning and preparation on the part of you and your organization.
Plan how to transfer the installation files
In order to complete a standard installation, you need a mechanism through which to download, verify, and extract the necessary installation files. If downloading files is impossible in your network, you need to brainstorm and prepare an alternate method to transfer the necessary installation files to the nodes on which you are installing SaltStack Config and its dependencies.
You will need to transfer the files to the node(s) involved in the installation process. Place the files in the root folder. For a standard installation, transfer the files to the Salt master from which you are running the installation orchestration.
Plan how to manage upgrades
SaltStack Config and its dependencies (Salt, PostgreSQL, etc.) release regular updates with enhanced features and security updates. In order to take advantage of these updates, you need to plan to check for updates and install upgrades whenever they are available.
Plan how to update SecOps libraries
If your organization has a SecOps license, be aware that both SaltStack SecOps libraries release regular content updates with the latest compliance and vulnerability content. These content libraries are updated outside of the regular SaltStack Config release schedule.
Ideally, customers can automatically download and ingest security libraries over the Internet or through an http proxy as soon as they are updated. However, it is also possible to manually download and ingest these libraries. In order to take advantage of these updates, you need a plan to check for security content updates regularly, and develop a process to manually ingest this content when it is available.