Install MSR offline

Important

Prior to installing MSR offline, you must first ensure that your system meets the requirements for MSR 3.0.x and that you have downloaded all of the required Helm charts, and images from the Internet.

Obtain and prepare the Helm charts and images

1. Using an Internet-connected computer, download the required Helm charts and images:

   helm repo add postgres-operator https://opensource.zalando.com/postgres-operator/charts/postgres-operator/
   helm repo add jetstack https://charts.jetstack.io
   helm repo add msrofficial https://registry.mirantis.com/charts/msr/msr
   helm repo update
   helm pull postgres-operator/postgres-operator \
     --version <postgres-operator-version-number>
   helm pull jetstack/cert-manager --version 1.7.2
   helm pull msrofficial/msr --version 1.0.2
   

2. Prepare the images for transfer to the offline hosts:

   1. Unpack the downloaded Helm charts into separate folders:

      tar zxvf msr-1.0.0.tgz
      tar zxvf postgres-operator-1.7.1.tgz
      tar zxvf cert-manager-v1.7.2.tgz
      

   2. Navigate to the MSR chart folder and pull the Docker image from the repository indicated in the Helm chart:

      helm template . --api-versions=acid.zalan.do/v1 --api-versions=cert-manager.io/v1 \
      | yq e "..|.image? | select(.)" - \
      | grep -wv "\-\-\-" | sort -u | xargs -L1 docker pull
      

   3. Navigate to each of the remaining chart folders and pull the docker images from the repositories indicated in the Helm charts:

      helm template . \
      | yq e "..|.image? | select(.)" - \
      | grep -wv "\-\-\-" | sort -u | xargs -L1 docker pull
      

   4. Verify that you have the correct images:

      docker image ls
      

      Example output:

      REPOSITORY                                            TAG                         IMAGE ID       CREATED        SIZE
      registry.opensource.zalan.do/acid/postgres-operator   v1.8.1                     0c8d67c9d2ec   3 weeks ago    70.7MB
      registry.mirantis.com/msr/msr-registry                3.0.2                      7fd3c77164ec   2 months ago   80.5MB
      registry.mirantis.com/msr/msr-notary-signer           3.0.2                      de43b07b1103   2 months ago   19.1MB
      registry.mirantis.com/msr/msr-notary-server           3.0.2                      f710de7af7be   2 months ago   20.1MB
      registry.mirantis.com/msr/msr-jobrunner               3.0.2                      05efc049501a   2 months ago   871MB
      registry.mirantis.com/msr/msr-garant                  3.0.2                      0950ed94fb9b   2 months ago   58.6MB
      registry.mirantis.com/msr/msr-api                     3.0.2                      830167739762   2 months ago   97.1MB
      registry.mirantis.com/msr/enzi                        1.0.1                      74fa4967d687   2 months ago   41.6MB
      registry.mirantis.com/msr/msr-nginx                   3.0.2                      ee54045e7ae9   2 months ago   78.1MB
      registry.opensource.zalan.do/acid/spilo-14            2.1-p5                     bf119bc65a55   2 months ago   782MB
      mirantis/rethinkdb                                    2.3.7-mirantis-5-e8ede78   849071943cd1   2 months ago   50.4MB
      quay.io/jetstack/cert-manager-webhook                 v1.7.2                     533b93153801   3 months ago   52.5MB
      quay.io/jetstack/cert-manager-ctl                     v1.7.2                     4c855c675f98   3 months ago   57.2MB
      quay.io/jetstack/cert-manager-cainjector              v1.7.2                     4589c5fd3a2a   3 months ago   44.6MB
      quay.io/jetstack/cert-manager-controller              v1.7.2                     95666559eec4   3 months ago   65.9MB
      

   5. Save each image locally, as in the following example:

      docker save registry.mirantis.com/msr/msr-api -o registry.mirantis.com:msr:msr-api.image
      

   6. Package all of the images:

      tar -cvzf msr.tgz *.image
      

3. Transfer the MSR package to each offline host:

   1. Copy the MSR package to the offline host:

      scp msr.tgz <user>@<host>
      scp cert-manager-v1.7.2.tgz <user>@<host>
      scp msr-1.0.0-rc1.tgz <user>@<host>
      scp postgres-operator-1.7.1.tgz <user>@<host>
      

   2. Use SSH to log in to the host on which you transferred the package.

   3. Load the MSR images from the TAR archive:

      docker load -i msr.tgz
      

   4. Set up a docker registry in the destination environment and then tag and push the docker images into this registry.

   5. Update the image references in the Helm charts and Kubernetes YAML files such that they point to the local docker registry.

Install MSR

Once you have obtained all of the necessary components to install MSR, copy the images to and install MSR on each of the offline hosts.

On each host machine:

1. Unpack all downloaded Helm charts into one folder, such as /home/charts.

2. Navigate to /home/charts.

3. Install prerequisites:

   helm install postgres-operator postgres-operator \
     --set configKubernetes.spilo_runasuser=101 \
     --set configKubernetes.spilo_runasgroup=103 \
     --set configKubernetes.spilo_fsgroup=103
   helm install cert-manager cert-manager \
     --set installCRDs=true
   

4. Install MSR:

   helm install msr msr
   

5. Verify the success of your MSR installation:

   • Log in to the MSR web UI, or

   • Confirm that all msr-* pods are in a running state

   Note

   The default credentials for MSR are:

   • User name: admin

   • password: password

   Be aware that the Helm chart values also include the default MSR credentials information.

   Mirantis strongly recommends that you change the credentials from the defaults as soon as possible following installation.

6. Optional. Disable outgoing connections in the MSR web UI Admin Settings. MSR makes outgoing connections for the following tasks:

   • Analytics reporting

   • New version notifications

   • Online license verification

   • Vulnerability scanning database updates