About Domino
Domino Data LabKnowledge BaseData Science BlogTraining

Private or offline installation

Domino provides bundles of offline installation media for when you use fleetcommand-agent without Internet access to upstream sources of images and charts. To serve these resources, you must have a Docker registry accessible to your cluster.

Downloads

URLs of available offline installation bundles are in the release notes. You can download these bundles using the curl command with basic authentication. If there are network connectivity issues you can use the wget command with the --continue or -c option. Contact your Domino account team for credentials.

Note
 The versioned collection of images (named docker-images-{5.8}.tar) contains all required images for this type of deployment and must be the only downloaded file.

Example curl download:

curl -u username:password -#SfLOJ https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/docker-images-5.x.x.tar

Example wget download:

wget -c --user domino-registry --password xxxxxxx https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/docker-images-5.x.x.tar

If you are unable to download the full bundle, a partitioned bundle is available. To use the partitioned bundle, download all parts to recreate the full tarball and then follow the rest of the instructions.

Download the list of newline-separated part filenames:

curl -u username:password -#SfLOJ https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/docker-images-5.x.x.parts.txt

Download each part of the bundle using the provided filenames:

while read part; do curl -u username:password -#SfLOJ "https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/$part"; done < docker-images-5.x.x.parts.txt

Use the downloaded parts to recreate the full bundle:

cat docker-images-5.x.x.tar[0-9]* > docker-images-5.x.x.tar

Verification

SHA-256 checksums of files are available to verify the contents of downloaded bundles once downloaded.

Example verifications:

curl -u username:password -#SfLOJ https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/docker-images-5.x.x.tar.sha256sum
sha256sum -c docker-images-5.x.x.tar.sha256sum

If <filename>: OK is not displayed, ensure the downloaded bundles were not tampered with before loading and installing them.

For partitioned bundles, use the following:

curl -u username:password -#SfLOJ https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/docker-images-5.x.x.parts.sha256sum
sha256sum -c docker-images-5.x.x.parts.sha256sum

Images list

If you require a list of images contained in a Domino release, they can be downloaded alongside the installation bundle.

curl -u username:password -#SfLOJ https://mirrors.domino.tech/s3/domino-artifacts/offline/fleetcommand-agent-v65/images.json

The resulting JSON file contains a key-value pairing of Domino version and list of images.

Below is an example of extracting image names for Domino 5.x.x using jq:

jq -r '.["5.x.x"][].name' images.json

Extract and load

The images bundle is a .tar archive that must be extracted before you use it.

tar -xvf docker-images-5.x.x.tar

In the docker-images bundle there will be:

  • a collection of individual Docker image .tar files

  • a images.json metadata file

  • a domino-load-images.py script

domino-load-images.py is a script to ingest the images.json metadata file and load the associated Docker images for a specific Domino version into the given remote Docker registry.

To load images into your private registry, run domino-load-images.py and pass in the URL of your registry as an argument. The script expects to run in the same directory as the images.json metadata file and the .tar image files.

Example:

python domino-load-images.py your-registry-url.domain:port

Once images have been loaded into your private registry you’re ready to install Domino.

Install

To install Domino with a custom registry, the image references must be modified to reference the upstream registry. Use the --image-registry argument on the init command to modify all image references to the external registry.

docker run --rm -v $(pwd):/install quay.io/domino/fleetcommand-agent:v65
init --image-registry your-registry-url.domain:port --file /install/domino.yml

If your registry requires authentication, ensure the image_registries section of your installer configuration is filled in with the correct credentials:

helm:
  image_registries:
  - server: your-registry-url.domain:port
    username: '<username>'
    password: '<password>'

Helm charts come prepackaged within the fleetcommand-agent image. The helm configuration object does not need to contain additional fields besides image_registries.