Private or offline installation

Domino provides bundles of offline installation media for use when running the fleetcommand-agent without Internet access to upstream sources of images and charts. To serve these resources, you must have a Docker registry accessible to your cluster, and an application registry. Domino includes a Docker image for running an application registry in each bundle.




Downloading

You can find URLs of available offline installation bundles in the fleetcommand-agent release notes. These bundles can be downloaded via cURL with basic authentication. Contact your domino account team for credentials.

Note that there are two files required:

  • a versioned collection of images
  • the latest collection of charts

Example downloads:

curl -u username:password -#SfLOJ https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-docker-images-v20-4.2.0.tar
curl -u username:password -#SfLOJ http://mirrors.domino.tech/artifacts/appr/domino-appr-latest.tar.gz



Extracting and loading

The images bundle is a .tar archive, and the charts bundle is a gzipped .tar archive. They must be extracted before being used.

tar -xvf fleetcommand-agent-docker-images-v20-4.2.0.tar
gunzip domino-appr-latest.tar.gz
tar -xvf domino-appr-latest.tar

In the fleetcommand-agent-docker-images bundle there will be:

  • a collection of individual Docker image .tar files
  • a images.json metadata file
  • a domino-load-images.py script

domino-load-images.py is a script to ingest the images.json metadata file and load the associated Docker images for a specific Domino version into the given remote Docker registry.

To load images into your private registry, run domino-load-images.py and pass in the URL of your registry as an argument. The script expects to run in the same directory as the images.json metadata file and the .tar image files.

Example:

python domino-load-images.py your-registry-url.domain:port

One of the images provided as part of the bundle is an appr image that can be used to host an application registry for serving charts to the fleetcommand-agent. After extracting the domino-appr-latest archive you will have a top level appr directory that contains chart data formatted for use in an application registry. You can start an application registry server on any Docker-enabled machine that can connect to your private registry via docker run like in the following example, passing in a filesystem path to the extracted appr directory where shown:

docker run --name dom-offline-appr \
      -d -p 50001:50001 \
      -v /path/to/appr:/var/lib/appr \
      -e DATABASE_URL="/var/lib/appr" \
      --restart=always "your-registry-url.domain:port/appr:latest" \
      run-server --port 50001 --db-class filesystem

Once images have been loaded into your private registry and charts have been loaded into a running application registry server, you’re ready to install Domino.




Installing

To install Domino using a custom registry, the image references must be modified to reference the upstream registry. Use the --image-registry argument on the init command to modify all image references to the external registry.

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v22 \
init --image-registry your-registry-url.domain:port --full --file /install/domino.yml

If your registry requires authentication, ensure the private_docker_registry section of your installer configuration is filled in with the correct credentials:

private_docker_registry:
  server: your-registry-url.domain:port
  username: '<username>'
  password: '<password>'

Similarly, to install Domino using a custom application registry, the chart references must be modified to reference the upstream registry. The custom application registry option is only supported for Helm 2. To configure the fleetcommand-agent to use your custom application registry, set up the helm object in configuration like the following example, filling in the hostname of your custom application registry server where indicated:

helm:
  version: 2
  host: http://your-appr-server.domain:50001
  namespace: domino
  prefix: helm- # Prefix for the chart repository, defaults to `helm-`
  username: ""
  password: ""
  tiller_image: gcr.io/kubernetes-helm/tiller:v2.16.1 # Version is required and MUST be 2.16.1
  insecure: true

Note that the http protocol before the hostname in this configuration is important. Once these changes have been made to your installer configuration file, you can run the fleetcommand-agent to install Domino.