Bug 1806782 - Cannot mirror a local release to a remote registry
Summary: Cannot mirror a local release to a remote registry
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: oc
Version: 4.3.z
Hardware: Unspecified
OS: Unspecified
unspecified
high
Target Milestone: ---
: 4.3.z
Assignee: W. Trevor King
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On: 1806780
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-02-25 02:18 UTC by Clayton Coleman
Modified: 2020-08-05 10:54 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Cause: 'oc adm release mirror' lacked file:// support. Consequence: There was no convenient way to push a release image and referenced images from a local disk to a local repository. Using file:// failed with "invalid image reference". Fix: Taught 'oc adm release mirror' about file:// and --from-dir. Result: 'oc adm release mirror file://openshift/release:4.3.1 --to REPO' works without failing.
Clone Of: 1806780
Environment:
Last Closed: 2020-08-05 10:54:06 UTC
Target Upstream Version:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github openshift oc pull 328 0 None closed [release-4.3] Bug 1806782: Allow a file:// release argument to release mirror 2020-10-23 14:58:49 UTC
Github openshift oc pull 458 0 None closed Bug 1806782: Allow a file:// release argument to release mirror 2020-10-23 14:58:49 UTC
Red Hat Product Errata RHBA-2020:3180 0 None None None 2020-08-05 10:54:34 UTC

Description Clayton Coleman 2020-02-25 02:18:44 UTC 
+++ This bug was initially created as a clone of Bug #1806780 +++

+++ This bug was initially created as a clone of Bug #1806779 +++

The oc adm release mirror file support was intended to support downloading the release to disk and then pushing it to a remote repository after moving into an isolated network.  However, it is not possible to specify a from source for the release that includes both release and images today.

The intended usage is:

oc adm release mirror OPENSHIFT_VERSION --to file://openshift/release
# move across networks
oc adm release mirror file://openshift/release:OPENSHIFT_VERSION --to MIRROR_REPOSITORY

Because the location on disk involves changing the image location, and mirror cannot rewrite the release contents, we need oc adm release mirror to support a heuristic that checks the local store for a given digest within the release and uses that as the source if found.

This will allow mirror to correctly support both sides of the mirroring operation.

Backport to 4.3 so offline support can be completed. Low risk because this is an optional code path and the fallback is the previous behavior.
Comment 1 W. Trevor King 2020-06-21 14:16:51 UTC 
[1] needs a rebase; I just didn't get to it in time.  Adding UpcomingSprint

[1]: https://github.com/openshift/oc/pull/458
Comment 5 W. Trevor King 2020-07-11 02:12:43 UTC 
Cribbed doc-text from [1], which #328 picked back to 4.3 and #458 fixed.

[1]: https://github.com/openshift/oc/pull/320#issue-379332698
Comment 6 Johnny Liu 2020-07-13 04:43:40 UTC 
Verified this bug with 4.3.0-0.nightly-2020-07-12-052232, and PASS.

1. mirror image to local disk file
$ /home/installer1/mnt/2020-07-12-22-14-45/jialiu431_2020-07-12-22-14-45/oc adm release mirror -a /home/installer1/mirror_pullsecret_config.json --from=registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2020-07-12-052232 --to-dir=/home/installer1/mnt/2020-07-12-22-14-45/jialiu431_2020-07-12-22-14-45/data --to=file://openshift/release
<--snip-->
Success
Update image:  openshift/release:4.3.0-0.nightly-2020-07-12-052232
Mirror prefix: file://openshift/release

To upload local images to a registry, run:

    oc image mirror --from-dir=/home/installer1/mnt/2020-07-12-22-14-45/jialiu431_2020-07-12-22-14-45/data 'file://openshift/release:4.3.0-0.nightly-2020-07-12-052232*' REGISTRY/REPOSITORY

2. move disk cross firewall

3.1 mirror to private cluster from the local disk files via `oc adm release mirror`
$ oc adm release mirror --from-dir=/opt/mirror-to-disk/jialiu432_2020-07-12-23-26-27/data --from=file://openshift/release:4.3.0-0.nightly-2020-07-12-052232 --to=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.3.0-0.nightly-2020-07-12-052232
<--snip-->
Success
Update image:  upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.3.0-0.nightly-2020-07-12-052232
Mirror prefix: upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release

3.2 mirror to private from the local disk files via `oc image mirror`
$ oc image mirror --from-dir=/opt/mirror-to-disk/jialiu431_2020-07-12-22-14-45/data 'file://openshift/release:4.3.0-0.nightly-2020-07-12-052232*' upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release

4. Run `oc adm release mirror -a /home/installer1/mirror_pullsecret_config.json  --from=registry.svc.ci.openshift.org/ocp/release:4.3.0-0.nightly-2020-07-12-052232 --to=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=upshift-nointernet.mirror-registry.qe.devcluster.openshift.com:5000/ocp/release:4.3.0-0.nightly-2020-07-12-052232 --dry-run` to get imageContentSources, inject it into install-config.yaml

5. Installation get successfull.
Comment 8 errata-xmlrpc 2020-08-05 10:54:06 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (OpenShift Container Platform 4.3.31 bug fix update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2020:3180
Note You need to log in before you can comment on or make changes to this bug.