Install MSR offline¶
Prior to installing MSR offline, you must first download the necessary prerequisites, Helm charts, and images from the Internet. Then, having obtained the necessary components, copy the images to and install MSR on each of the offline hosts.
Obtain and prepare the Helm charts and images¶
Using an Internet-connected computer, download the required Helm charts and images:
helm repo add postgres-operator https://opensource.zalando.com/postgres-operator/charts/postgres-operator/ helm repo add jetstack https://charts.jetstack.io helm repo add msrofficial https://registry.mirantis.com/charts/msr/msr helm repo update helm pull postgres-operator/postgres-operator helm pull jetstack/cert-manager --version 1.7.2 helm pull msrofficial/msr --version 1.0.2
Prepare the images for transfer to the offline hosts:
Unpack the downloaded Helm charts into separate folders:
tar zxvf msr-1.0.0.tgz tar zxvf postgres-operator-1.7.1.tgz tar zxvf cert-manager-v1.7.2.tgz
Navigate to the MSR chart folder and pull the Docker image from the repository indicated in the Helm chart:
helm template . --api-versions=acid.zalan.do/v1 --api-versions=cert-manager.io/v1 \ | yq e "..|.image? | select(.)" - \ | grep -wv "\-\-\-" | sort -u | xargs -L1 docker pull
Navigate to each of the remaining chart folders and pull the docker images from the repositories indicated in the Helm charts:
helm template . \ | yq e "..|.image? | select(.)" - \ | grep -wv "\-\-\-" | sort -u | xargs -L1 docker pull
Verify that you have the correct images:
docker image ls
Example output:
REPOSITORY TAG IMAGE ID CREATED SIZE registry.opensource.zalan.do/acid/postgres-operator v1.8.1 0c8d67c9d2ec 3 weeks ago 70.7MB registry.mirantis.com/msr/msr-registry 3.0.2 7fd3c77164ec 2 months ago 80.5MB registry.mirantis.com/msr/msr-notary-signer 3.0.2 de43b07b1103 2 months ago 19.1MB registry.mirantis.com/msr/msr-notary-server 3.0.2 f710de7af7be 2 months ago 20.1MB registry.mirantis.com/msr/msr-jobrunner 3.0.2 05efc049501a 2 months ago 871MB registry.mirantis.com/msr/msr-garant 3.0.2 0950ed94fb9b 2 months ago 58.6MB registry.mirantis.com/msr/msr-api 3.0.2 830167739762 2 months ago 97.1MB registry.mirantis.com/msr/enzi 1.0.1 74fa4967d687 2 months ago 41.6MB registry.mirantis.com/msr/msr-nginx 3.0.2 ee54045e7ae9 2 months ago 78.1MB registry.opensource.zalan.do/acid/spilo-14 2.1-p5 bf119bc65a55 2 months ago 782MB mirantis/rethinkdb 2.3.7-mirantis-5-e8ede78 849071943cd1 2 months ago 50.4MB quay.io/jetstack/cert-manager-webhook v1.7.2 533b93153801 3 months ago 52.5MB quay.io/jetstack/cert-manager-ctl v1.7.2 4c855c675f98 3 months ago 57.2MB quay.io/jetstack/cert-manager-cainjector v1.7.2 4589c5fd3a2a 3 months ago 44.6MB quay.io/jetstack/cert-manager-controller v1.7.2 95666559eec4 3 months ago 65.9MB
Save each image locally, as in the following example:
docker save registry.mirantis.com/msr/msr-api -o registry.mirantis.com:msr:msr-api.image
Package all of the images:
tar -cvzf msr.tgz *.image
Transfer the MSR package to each offline host:
Copy the MSR package to the offline host:
scp msr.tgz <user>@<host> scp cert-manager-v1.7.2.tgz <user>@<host> scp msr-1.0.0-rc1.tgz <user>@<host> scp postgres-operator-1.7.1.tgz <user>@<host>
Use SSH to log in to the host on which you transferred the package.
Load the MSR images from the TAR archive:
docker load -i msr.tgz
Set up a docker registry in the destination environment and then tag and push the docker images into this registry.
Update the image references in the Helm charts and Kubernetes YAML files such that they point to the local docker registry.
Install MSR¶
On each host machine:
Unpack all downloaded Helm charts into one folder, such as
/home/charts
.Navigate to
/home/charts
.Install prerequisites:
helm install postgres-operator postgres-operator \ --set configKubernetes.spilo_runasuser=101 \ --set configKubernetes.spilo_runasgroup=103 \ --set configKubernetes.spilo_fsgroup=103 helm install cert-manager cert-manager \ --set installCRDs=true
Install MSR:
helm install msr msr
Verify the success of your MSR installation:
Log in to the MSR web UI, or
Confirm that all
msr-*
pods are in a running state
Note
The default credentials for MSR are:
User name:
admin
password:
password
Be aware that the Helm chart values also include the default MSR credentials information.
Mirantis strongly recommends that you change the credentials from the defaults as soon as possible following installation.
Optional. Disable outgoing connections in the MSR web UI Admin Settings. MSR makes outgoing connections for the following tasks:
Analytics reporting
New version notifications
Online license verification
Vulnerability scanning database updates