Bug 1806782

Summary: Cannot mirror a local release to a remote registry
Product: OpenShift Container Platform Reporter: Clayton Coleman <ccoleman>
Component: ocAssignee: W. Trevor King <wking>
Status: CLOSED ERRATA QA Contact: Johnny Liu <jialiu>
Severity: high Docs Contact:
Priority: unspecified    
Version: 4.3.zCC: aos-bugs, jokerman, kalexand, mfojtik, mfuruta, yinzhou
Target Milestone: ---   
Target Release: 4.3.z   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Cause: 'oc adm release mirror' lacked file:// support. Consequence: There was no convenient way to push a release image and referenced images from a local disk to a local repository. Using file:// failed with "invalid image reference". Fix: Taught 'oc adm release mirror' about file:// and --from-dir. Result: 'oc adm release mirror file://openshift/release:4.3.1 --to REPO' works without failing.
 Story Points: ---
Clone Of: 1806780 Environment:
Last Closed: 2020-08-05 10:54:06 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On: 1806780    
Bug Blocks:    

Description Clayton Coleman 2020-02-25 02:18:44 UTC 
+++ This bug was initially created as a clone of Bug #1806780 +++

+++ This bug was initially created as a clone of Bug #1806779 +++

The oc adm release mirror file support was intended to support downloading the release to disk and then pushing it to a remote repository after moving into an isolated network.  However, it is not possible to specify a from source for the release that includes both release and images today.

The intended usage is:

oc adm release mirror OPENSHIFT_VERSION --to file://openshift/release
# move across networks
oc adm release mirror file://openshift/release:OPENSHIFT_VERSION --to MIRROR_REPOSITORY

Because the location on disk involves changing the image location, and mirror cannot rewrite the release contents, we need oc adm release mirror to support a heuristic that checks the local store for a given digest within the release and uses that as the source if found.

This will allow mirror to correctly support both sides of the mirroring operation.

Backport to 4.3 so offline support can be completed. Low risk because this is an optional code path and the fallback is the previous behavior.
Comment 1 W. Trevor King 2020-06-21 14:16:51 UTC 
[1] needs a rebase; I just didn't get to it in time.  Adding UpcomingSprint

[1]: https://github.com/openshift/oc/pull/458
Comment 5 W. Trevor King 2020-07-11 02:12:43 UTC 
Cribbed doc-text from [1], which #328 picked back to 4.3 and #458 fixed.

[1]: https://github.com/openshift/oc/pull/320#issue-379332698
Comment 6 Johnny Liu 2020-07-13 04:43:40 UTC 
Verified this bug with 4.3.0-0.nightly-2020-07-12-052232, and PASS.

1. mirror image to local disk file
$ /home/installer1/mnt/2020-07-12-22-14-45/jialiu431_2020-07-12-22-14-45/oc adm release mirror -a /home/installer1/mirror_pullsecret_config.json --from=registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2020-07-12-052232 --to-dir=/home/installer1/mnt/2020-07-12-22-14-45/jialiu431_2020-07-12-22-14-45/data --to=file://openshift/release
<--snip-->
Success
Update image:  openshift/release:4.3.0-0.nightly-2020-07-12-052232
Mirror prefix: file://openshift/release

To upload local images to a registry, run:

    oc image mirror --from-dir=/home/installer1/mnt/2020-07-12-22-14-45/jialiu431_2020-07-12-22-14-45/data 'file://openshift/release:4.3.0-0.nightly-2020-07-12-052232*' REGISTRY/REPOSITORY

2. move disk cross firewall

3.1 mirror to private cluster from the local disk files via `oc adm release mirror`
$ oc adm release mirror --from-dir=/opt/mirror-to-disk/jialiu432_2020-07-12-23-26-27/data --from=file://openshift/release:4.3.0-0.nightly-2020-07-12-052232 --to=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.3.0-0.nightly-2020-07-12-052232
<--snip-->
Success
Update image:  upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.3.0-0.nightly-2020-07-12-052232
Mirror prefix: upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release

3.2 mirror to private from the local disk files via `oc image mirror`
$ oc image mirror --from-dir=/opt/mirror-to-disk/jialiu431_2020-07-12-22-14-45/data 'file://openshift/release:4.3.0-0.nightly-2020-07-12-052232*' upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release

4. Run `oc adm release mirror -a /home/installer1/mirror_pullsecret_config.json  --from=registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2020-07-12-052232 --to=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.3.0-0.nightly-2020-07-12-052232 --dry-run` to get imageContentSources, inject it into install-config.yaml

5. Installation get successfull.
Comment 8 errata-xmlrpc 2020-08-05 10:54:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.3.31 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3180