Images have to be copied without changing their digests. We found two ways to do that. We hope that Red Hat will update OCP4.2 manual as soon as possible. When you want to bring all images to your restricted network at once: 1. Launch mirror-registry in an environment which can access internet # podman run -d --name mirror-registry -p <port>:5000 ... -v /opt/registry/data:/var/lib/registry:z ... docker.io/library/registry:2 2. Mirror OCP4.2 repository to the mirror-registry # oc adm -a ${LOCAL_SECRET_JSON} release mirror \ ... 3. Backup data directory of the mirror-registry by tar ball # cd /opt/registry # tar cvf - data | gzip -c > data.tar.gz 4. Copy the tar ball to your restricted network environment 5. Restore the backup file in the restricted network environment, and then launch a new mirror-registry there # mkdir -p /opt/registry # cd /opt/registry # tar xf data.tar.gz # podman run -d --name mirror-registry -p <port>:5000 ... -v /opt/registry/data:/var/lib/registry:z ... docker.io/library/registry:2 When you want to bring images to your restricted network one by one: 1. Launch mirror-registry in your restricted network environment 2. In an environment which can access internet, pull an image to local directory # skopeo copy docker://quay.io/openshift-release-dev/ocp-release:4.2.1 dir:/tmp/imagedir --authfile quay.json 3. Backup the directory as tar ball, and then send it to your restricted network environment. # cd /tmp # tar cvf - imagedir | gzip -c > imagedir.tar.gz 4. Extract the tar ball, and copy it to your mirror-registry running on your restricted network environment. # cd /tmp # tar xvf imagedir.tar.gz # skopeo copy dir:/tmp/imagedir docker://<address>:<port>/openshift-release-dev/ocp-release:4.2.1 --authfile local.json
(In reply to Masaki Hatada from comment #15) >(In reply to Masaki Furuta from comment #14) > (In reply to Johnny Liu from comment #12) ... Hi Kathryn and Vikram, Would you please take a look into feedback from Hatada-san at comment 15, and please have your voice ? I am grateful for your help. Thank you, BR, Masaki
(In reply to Masaki Hatada from comment #15) Dear Hatada-san, Thank you so much for providing your verification and suggestion with detailed steps . It seems we have been working on another BZ simultaneously at the same time we are communicating on this bz. Would you please check followings to confirm whether you are fine with current published version of documents , if you would not mind and you haven't yet ? - Creating a mirror registry for a restricted network - Installing in restricted networks | Installing | OpenShift Container Platform 4.2 https://docs.openshift.com/container-platform/4.2/installing/installing_restricted_networks/installing-restricted-networks-preparations.html - 1738476 – [Disconnect]Should point to a available registry for samples operator in disconnect env https://bugzilla.redhat.com/show_bug.cgi?id=1738476#c15 - Bug 1738476 Add using samples content to restricted network install by bmcelvee · Pull Request #16916 · openshift/openshift-docs https://github.com/openshift/openshift-docs/pull/16916 Thank you for your help and cooperation. BR, Masaki
Dear Furuta-san, >Would you please check followings to confirm whether you are fine with current published version of documents , if you would not mind and you haven't yet ? > >- Creating a mirror registry for a restricted network - Installing in restricted networks | Installing | OpenShift Container Platform 4.2 > https://docs.openshift.com/container-platform/4.2/installing/installing_restricted_networks/installing-restricted-networks-preparations.html > > - 1738476 – [Disconnect]Should point to a available registry for samples operator in disconnect env > https://bugzilla.redhat.com/show_bug.cgi?id=1738476#c15 > > - Bug 1738476 Add using samples content to restricted network install by bmcelvee · Pull Request #16916 · openshift/openshift-docs > https://github.com/openshift/openshift-docs/pull/16916 Thank you for the information. However, the above manual doesn't resolve our question. What we want is to bring images which were mirrored by "oc adm release mirror" on external server to restricted network environment. We wrote the way to do that on Comment 15. We would like Red Hat to verify it. Bug 1738476 has mentioned openshift-samples operator. We have some questions about the current manual and have already reported them as Bug 1769664. Best Regards, Masaki Hatada
(In reply to Masaki Furuta from comment #16) > (In reply to Masaki Hatada from comment #15) > >(In reply to Masaki Furuta from comment #14) > > (In reply to Johnny Liu from comment #12) > ... > Hi Kathryn and Vikram, As we can see, I have requested Hatada-san and he provided feedback at comment 19. Would you please review provided steps at comment 15 , and please proceed accordingly ? If you would have any question or concern, please have a voice on the bz. I am grateful for your help. Thank you, BR, Masaki
Hi Kathryn and Vikram, Would you have any news on this matter ? BR, Masaki
For comment 15, obviously `When you want to bring all images to your restricted network at once` option is more easier and reasonable, I run some disconnected install, and succeed. 1. Follow comment 15's steps to bring all images to your restricted network 2. Capture `imageContentSources` output when running `oc adm mirror` command. 3. Modify target mirror registry IP/Hostname accordingly from mirror registry 1 to mirror registry 2 in imageContentSources output 4. Adding new imageContentSources to install-config.yaml 5. Trigger installation.
(In reply to Johnny Liu from comment #23) Hi Johnny Liu, Thank you for your verification. Would you please make your testing result at comment 23 public, if you would not mind? Hi Kathryn Alexander, May I obtain your feedback whether we could proceed this documentation bugzilla based on this result ? I am grateful for your help and clarifcation. Thank you, BR, Masaki
(In reply to Masaki Furuta from comment #24) Dear Kathryn Alexander, Thank you for your help on this BZ. I received feedback from my customer on today's regular conference call that they would like to know the current status. Because the BZ status is still NEW, and we have had no update since 2019-12-17. Would you please clarify current status, if you would not mind ? I am grateful for your help and clarification. Thank you, BR, Masaki
(In reply to Masaki Furuta from comment #25) Dear Kathryn Alexander and Johnny Liu, Would you pleaes share any of reletead efforts after [0] [0] WIP - Disconnected round two, with file system · openshift/openshift-docs@06facb6 https://github.com/openshift/openshift-docs/commit/06facb6d2e98477481084536270f9481af903751 I am grateful for your help and clarification. Thank you, BR, Masaki
(In reply to Masaki Furuta from comment #26) ... > Would you pleaes share any of reletead efforts after [0] Does this have something to do with following BZ [1] ? [1] 1806779 – Cannot mirror a local release to a remote registry https://bugzilla.redhat.com/show_bug.cgi?id=1806779
(In reply to Masaki Furuta from comment #27) > (In reply to Masaki Furuta from comment #26) > ... > > Would you pleaes share any of reletead efforts after [0] > > Does this have something to do with following BZ [1] ? > > [1] 1806779 – Cannot mirror a local release to a remote registry > https://bugzilla.redhat.com/show_bug.cgi?id=1806779 In another cloned bugs, https://bugzilla.redhat.com/show_bug.cgi?id=1806780, I already postED my test result there. Personally, yes, I think this bug is related to this issue. And https://github.com/openshift/openshift-docs/commit/06facb6d2e98477481084536270f9481af903751 is still in progress, I do not think it is ready for QE's validation yet.
(In reply to Johnny Liu from comment #28) ... > In another cloned bugs, https://bugzilla.redhat.com/show_bug.cgi?id=1806780, > I already postED my test result there. Personally, yes, I think this bug is > related to this issue. And > https://github.com/openshift/openshift-docs/commit/ > 06facb6d2e98477481084536270f9481af903751 is still in progress, I do not > think it is ready for QE's validation yet. Hello Kathryn Alexander, I am sorry for bothering you, but may I request you to fix Target Release on this BZ based on most current status, so that we could set appropriate expecation to the customers ? Thank you, BR, Masaki
Hello, Any news on this ? /Masaki
My apologies for the delay on this issue. The instructions bring mirrored content into a disconnected environment are available for 4.4+: https://docs.openshift.com/container-platform/4.4/installing/install_config/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations The fix that allows this method to work for 4.3 has been released, and I'm working with QE to validate the doc update here: https://github.com/openshift/openshift-docs/pull/23615
This change is now live in 4.3: https://docs.openshift.com/container-platform/4.3/installing/install_config/installing-restricted-networks-preparations.html