Install MSR offline

The example that follows assumes that you are installing MSR on an offline Swarm cluster from an Internet-connected machine that has access to the Swarm cluster through private IP addresses.


  • You must install MSR on an odd number of nodes.

  • Mirantis recommends that you install MSR on worker nodes only.

  1. Run the following shell script from the Internet-connected machine:

    IMAGES="$IMAGES $REGISTRY/msr-installer:$TAG"
    IMAGES="$IMAGES $REGISTRY/msr-notary-signer:$TAG"
    IMAGES="$IMAGES $REGISTRY/msr-registry:$TAG"
    IMAGES="$IMAGES $REGISTRY/msr-notary-server:$TAG"
    IMAGES="$IMAGES $REGISTRY/msr-jobrunner:$TAG"
    echo "Pulling images..."
    for NAME in ${IMAGES}; do
        docker image pull ${NAME};
    echo "Saving images..."
    docker image save $IMAGES -o $FILE
    echo "Images saved. To load use docker image load -i $FILE"
  2. Copy the msr-<msr-version>.tar.gz file to each offline host machine on which you will install MSR:

    scp msr-<msr-version>.tar.gz <user-name>@<host-ip-address>:</path/to/destination>
  3. From each offline host machine on which you will install MSR, including the manager node, load the MSR images from the msr-<msr-version>.tar.gz file:

    ssh <user-name>@<host-ip-address> 'docker load -i msr-<msr-version>.tar.gz'
  4. SSH into the manager node.

  5. Generate the values.yaml file that you will use to configure and deploy MSR:

    docker run -it --rm \
    --entrypoint cat<msr-version> \
    /config/values.yml > values.yml
  6. Edit the values.yaml file to customize your MSR deployment. Be sure to place your license in the license section:

    license: '<license-string>'
  7. Obtain a list of non-manager nodes along with their node IDs:

    docker node ls --format "{{ .ID }}" --filter "role=worker"
  8. In the swarm.nodeList section of the values.yaml file, add the node IDs of the worker nodes on which you plan to install MSR:

        - <node-id-1>
        - <node-id-2>
        - <node-id-3>
  9. Install MSR, specifying the node ID of the worker on which you will run MSR:

    docker run \
      --rm \
      -it \
      -v /var/run/docker.sock:/var/run/docker.sock \
      -v <path-to-values.yml>:/config/values.yml \<msr-version> \
      install \
      --https_port 8443 \
      --http_port 8888


    If you do not specify any worker nodes on which to install MSR, the software will exclusively be installed on the manager node where the msr-installer is executed.

  10. Review the status of the deployed services. Be aware that this may require a wait time of up to two minutes.

    docker stack services msr
  11. Access the MSR web UI at https://<node-ip>:443. The default user name and password are admin:password.

  12. Optional. Disable outgoing connections in the MSR web UI Admin Settings. MSR offers outgoing connections for the following tasks:

    • Analytics reporting

    • New version notifications

    • Online license verification

    • Vulnerability scanning database updates