Fetching installation artifacts | On‑Premise | Urbi Documentation
On‑Premise

Fetching installation artifacts

  1. Make sure the preparation for installation is completed.

  2. Collect the necessary information that was set or retrieved on previous steps:

    Object Example value How to get value
    On-Premise license DEMO-KEY-DGCTL-AAAAAA-BBBBBB See Preparation for installation

This host will serve the Docker Registry. The host must be available in the public network, see Preparation for installaion.

To configure the host:

  1. Install an operating system: see the list of supported operating systems.

  2. Install Docker Registry: see the list of supported versions and registry size requirements.

    The registry must be available at https://docker.example.com:5000/.

  3. Configure authentication in the registry by username and password.

    Example:

    • Username: registry
    • Password: DOCKERregistryP@ssW0rd

This host will serve the S3 compatible installation artifacts storage. The host must be available in the public network, see Preparation for installation.

To configure the host:

  1. Install an operating system: see the list of supported operating systems.

  2. Install an S3 compatible storage that fits your needs. It is recommended to use Ceph: see the list of supported versions and storage size requirements.

    The storage must be available at https://artifacts.example.com:443/.

  3. In the installed storage, create the onpremise-artifacts bucket of the needed size.

  4. Set a service account with read and write permissions to the bucket.

    Generate a key for this account, which will be be used to access the bucket.

    Example:

    • Access key: AKIAIOSFODNN7EXAMPLE
    • Secret key: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY

This host will serve the DGCLI utility. The host must be available in the public network, see Preparation for installation.

To configure the host:

  1. Install an operating system: see the list of supported operating systems.

  2. Install Docker Engine: see the list of supported versions.

  3. Ensure that the previously configured services are available:

    • https://docker.example.com:5000/
    • https://artifacts.example.com:443/
  1. Log in to example.com via SSH.

  2. Create the dgctl-config.yaml configuration file. See here for more details on the available settings.

    dgctl-config.yaml
    key: DEMO-KEY-DGCTL-AAAAAA-BBBBBB
    log-format: json
    
    storage:
        type: s3
    
        host: artifacts.example.com:443
        bucket: onpremise-artifacts
        access-key: AKIAIOSFODNN7EXAMPLE
        secret-key: wJalrXUtnFEMIK7MDENGbPxRfiCYEXAMPLEKEY
    
    docker:
        registry:
            username: registry
            password: DOCKERregistryP@ssW0rd
            server-address: https://docker.example.com:5000
            image-prefix: /
    
  3. Run the DGCLI utility:

        docker run --rm \
        -v $(pwd)/dgctl-config.yaml:/dgctl-config.yaml \
        -v /mnt/dgctl-source:/dgctl-source \
        -v /var/run/docker.sock:/var/run/docker.sock \
        -v $(pwd)/values:/values \
        --user $(id -u):$(id -g) \
        2gis/dgctl:latest \
        pull --config=/dgctl-config.yaml --version=1.32.0 --apps-to-registry --generate-values
    

    Fetching artifacts can take a long time. When the process is finished, the command output contains the path to a manifest file. Example: manifests/1640661259.json.

    If the --generate-values flag is used, the general.yaml file with configuration parameters is generated and stored in the local directory that is specified in the -v <path>:/values argument (-v $(pwd)/values:/values in the example). If the path is not specified, the file is deleted after running the utility.

Create mirrors of the following resources in the private network:

Resource Host in public network Mirror host in private network
Docker Registry docker.example.com docker.storage.example.local
S3 compatible installation artifacts storage artifacts.example.com artifacts.storage.example.local

The endpoints for the mirrors in the private network will differ from the endpoints in the public network.

Example:

  • Registry mirror endpoint: docker.storage.example.local:5000
  • Storage mirror endpoint: artifacts.storage.example.local:443

This secret is required so that Helm, which is used for installing On-Premise services, can access the Docker images located in the Registry. Without a secret, any operation involving the Registry will fail.

Example:

kubectl create secret docker-registry onpremise-registry-creds \
    --docker-server=docker.storage.example.local:5000 \
    --docker-username=registry \
    --docker-password=DOCKERregistryP@ssW0rd

What's next?