Install MSR offline¶

The example that follows assumes that you are installing MSR on an offline Swarm cluster from an Internet-connected machine that has access to the Swarm cluster through private IP addresses.

Important

You must install MSR on an odd number of nodes.
Mirantis recommends that you install MSR on worker nodes only.

Run the following shell script from the Internet-connected machine:

#!/bin/sh

TAG="<msr-version>"
REGISTRY="registry.mirantis.com/msr"
RETHINK_TAG="2.4.3-mirantis-0.1.0"
ENZI_TAG="1.0.85"
FILE="msr-${TAG}.tar.gz"

IMAGES="$REGISTRY/msr-garant:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-installer:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-notary-signer:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-registry:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-nginx:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-api:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-notary-server:$TAG"
IMAGES="$IMAGES $REGISTRY/msr-jobrunner:$TAG"
IMAGES="$IMAGES $REGISTRY/enzi:$ENZI_TAG"
IMAGES="$IMAGES registry.opensource.zalan.do/acid/spilo-14:2.1-p3"
IMAGES="$IMAGES registry.mirantis.com/rethinkdb/rethinkdb:$RETHINK_TAG"

echo "Pulling images..."
for NAME in ${IMAGES}; do
    docker image pull ${NAME};
done

echo "Saving images..."
docker image save $IMAGES -o $FILE
echo "Images saved. To load use docker image load -i $FILE"

Copy the msr-<msr-version>.tar.gz file to each offline host machine on which you will install MSR:
```
scp msr-<msr-version>.tar.gz <user-name>@<host-ip-address>:</path/to/destination>
```
From each offline host machine on which you will install MSR, including the manager node, load the MSR images from the msr-<msr-version>.tar.gz file:
```
ssh <user-name>@<host-ip-address> 'docker load -i msr-<msr-version>.tar.gz'
```
SSH into the manager node.

Generate the values.yaml file that you will use to configure and deploy MSR:

docker run -it --rm \
--entrypoint cat registry.mirantis.com/msr/msr-installer:<msr-version> \
/config/values.yml > values.yml

Edit the values.yaml file to customize your MSR deployment. Be sure to place your license in the license section:
```
license: '<license-string>'
```

Obtain a list of non-manager nodes along with their node IDs:

docker node ls --format "{{ .ID }}" --filter "role=worker"

In the swarm.nodeList section of the values.yaml file, add the node IDs of the worker nodes on which you plan to install MSR:
```
swarm:
  nodeList:
    - <node-id-1>
    - <node-id-2>
    - <node-id-3>
```

Install MSR, specifying the node ID of the worker on which you will run MSR:

docker run \
  --rm \
  -it \
  -v /var/run/docker.sock:/var/run/docker.sock \
  -v <path-to-values.yml>:/config/values.yml \
  registry.mirantis.com/msr/msr-installer:<msr-version> \
  install \
  --https_port 8443 \
  --http_port 8888

Note

If you do not specify any worker nodes on which to install MSR, the software will exclusively be installed on the manager node where the msr-installer is executed.

Review the status of the deployed services. Be aware that this may require a wait time of up to two minutes.
```
docker stack services msr
```
Access the MSR web UI at https://<node-ip>:443. The default user name and password are admin:password.
Optional. Disable outgoing connections in the MSR web UI Admin Settings. MSR offers outgoing connections for the following tasks:
- Analytics reporting
- New version notifications
- Online license verification
- Vulnerability scanning database updates