Install MSR offline¶
The procedure provided herein assumes that you are installing MSR on an offline Swarm cluster from an Internet-connected machine that has access to the Swarm cluster through private IP addresses.
Important
Mirantis recommends that you:
Install MSR on an odd number of nodes. To bypass the recommendation check in the apply command, add the :command:`–force ` option.
Install MSR on worker nodes only.
Enable all authenticated users, including service accounts, to schedule services and perform tasks on all nodes.
Note
If you are using MSR in conjunction with MKE, refer to Schedule services deployment on manager and MSR nodes for detailed information.
Run the following shell script from the Internet-connected machine:
#!/bin/sh TAG="<msr-version>" REGISTRY="registry.mirantis.com/msr" RETHINK_TAG="2.4.3-mirantis-0.1.5" ENZI_TAG="1.0.89-ui" FILE="msr-${TAG}.tar.gz" IMAGES="$REGISTRY/msr-garant:$TAG" IMAGES="$IMAGES $REGISTRY/msr-installer:$TAG" IMAGES="$IMAGES $REGISTRY/msr-notary-signer:$TAG" IMAGES="$IMAGES $REGISTRY/msr-registry:$TAG" IMAGES="$IMAGES $REGISTRY/msr-nginx:$TAG" IMAGES="$IMAGES $REGISTRY/msr-api:$TAG" IMAGES="$IMAGES $REGISTRY/msr-notary-server:$TAG" IMAGES="$IMAGES $REGISTRY/msr-jobrunner:$TAG" IMAGES="$IMAGES $REGISTRY/enzi:$ENZI_TAG" IMAGES="$IMAGES registry.opensource.zalan.do/acid/spilo-14:2.1-p3" IMAGES="$IMAGES registry.mirantis.com/rethinkdb/rethinkdb:$RETHINK_TAG" echo "Pulling images..." for NAME in ${IMAGES}; do docker image pull ${NAME}; done echo "Saving images..." docker image save $IMAGES -o $FILE echo "Images saved. To load use docker image load -i $FILE"
Copy the
msr-<msr-version>.tar.gzfile to each offline host machine on which you will install MSR:scp msr-<msr-version>.tar.gz <user-name>@<host-ip-address>:</path/to/destination>
From each offline host machine on which you will install MSR, including the manager node, load the MSR images from the
msr-<msr-version>.tar.gzfile:ssh <user-name>@<host-ip-address> 'docker load -i msr-<msr-version>.tar.gz'
SSH into the manager node.
Generate the
values.yamlfile that you will use to configure and deploy MSR:docker run -it --rm \ --entrypoint cat registry.mirantis.com/msr/msr-installer:<msr-version> \ /config/values.yml > values.yml
Edit the
values.yamlfile to customize your MSR deployment.Place your license in the
licensesection:license: '<license-string>'
You can supersede the default MSR password, which is
password, by adding theenzi.adminPasswordparameter to thevalues.yamlfile:enzi: adminPassword: "<my-password>"
Obtain a list of non-manager nodes along with their node IDs:
docker node ls --format "{{ .ID }}" --filter "role=worker"
In the
swarm.nodeListsection of thevalues.yamlfile, add the node IDs of the worker nodes on which you plan to install MSR:swarm: nodeList: - <node-id-1> - <node-id-2> - <node-id-3>
Install MSR, specifying the node ID of the worker on which you will run MSR:
docker run \ --rm \ -it \ -v /var/run/docker.sock:/var/run/docker.sock \ -v <path-to-values.yml>:/config/values.yml \ registry.mirantis.com/msr/msr-installer:<msr-version> \ apply \ --https-port 8443 \ --http-port 8888
Note
For MSR 3.1.4 or earlier use the install command instead of the apply command.
If you do not specify any worker nodes on which to install MSR, the process fails. You must specify at least one node within
swarm.nodeListto indicate which nodemsr-installershould use.
Optional. Use a load balancer to expose services externally in the swarm. MSR on Swarm relies on Ingress load balancing. Refer to the official Load balancing documentation for more information.
Review the status of the deployed services. Be aware that this may require a wait time of up to two minutes.
docker stack services msr
Access the MSR web UI at
https://<node-ip>:443. The default username and password areadmin:password.Optional. Disable outgoing connections in the MSR web UI Admin Settings. MSR offers outgoing connections for the following tasks:
Analytics reporting
New version notifications
Online license verification
Vulnerability scanning database updates