Note: This bug is displayed in read-only format because the product is no longer active in Red Hat Bugzilla.

Bug 1878830

Summary: The flow under "Mirroring the OpenShift Container Platform image repository" is confusing
Product: OpenShift Container Platform Reporter: Frederic Giloux <fgiloux>
Component: DocumentationAssignee: Brandi Munilla <bmcelvee>
Status: CLOSED EOL QA Contact: Johnny Liu <jialiu>
Severity: medium Docs Contact:
Priority: low    
Version: 4.6CC: aos-bugs, bmcelvee, jialiu, wking, wzheng
Target Milestone: ---   
Target Release: 4.6.0   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2022-09-09 14:13:44 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Frederic Giloux 2020-09-14 15:34:51 UTC 
Document URL: 
https://docs.openshift.com/container-platform/4.6/installing/install_config/installing-restricted-networks-preparations.html#installation-mirror-repository_installing-restricted-networks-preparations

Section Number and Name: 
 OpenShift Container Platform / Installing / Installation configuration / Creating a mirror registry for a restricted network / Mirroring the OpenShift Container Platform image repository

Describe the issue: 
Two separate scenarios are covered under this section:
1. Internet connectivity is available from the registry host
2. Internet connectivity is not available from the registry host

With the second scenario we need clear demarcation between:
- the steps that need to be done on the machine having internet connectivity
- the steps that need to be done on the registry host

This is missing in two places:

a.) The definition of environment variable. This needs to be done twice with scenario 2: on the machine having internet connectivity and on the registry host. This is the common use case where the registry host is in a completely fenced network zone and cannot communicate with the machine with internet access.

b.) The extraction of the installation program. This needs to be done on the machine having internet connectivity due to bug 1823143. The files then need to be placed on the removable media and physically moved like the registry content. 
The command for this in the documentation has a few issues:
$ oc adm -a ${LOCAL_SECRET_JSON} release extract --command=openshift-install "${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}"

- it should happen before the removable media is moved to the registry host. The step for copying the file to it needs to be added.
- From the tests I did with 4.6.0-fc.5 the command failed with "-${ARCHITECTURE}" and succeeded without it.
- according to the contextual help "--from" should be used for specifying the image containing the release payload. Also both seem to give the same result.

Suggestions for improvement:
See above

Additional information: 
Investigating whether the issue with -${ARCHITECTURE}" is specific to the pre-release version.
Comment 1 Frederic Giloux 2020-09-15 05:31:18 UTC 
Raised bug 1878972 to clarify whether the removal of the architecture information is desired or not
Comment 2 Frederic Giloux 2020-09-15 07:52:52 UTC 
Discussing with QE, dev suggested that release images should be consumed via sha256 hash instead of tag names, which is not the way described in the documentation.
Comment 3 W. Trevor King 2020-09-30 22:10:30 UTC 
[1] has been recently revived to move away from tags and towards by-digest pullspecs, which will address that portion of this ticket.  I'm also still pretty sure we don't actually need the locally-extracted installer, we just don't have CI to prove that yet.  I will look into reviving [2].

[1]: https://github.com/openshift/openshift-docs/pull/19266
[2]: https://github.com/openshift/release/pull/5567
Comment 4 Johnny Liu 2020-11-18 11:13:09 UTC 
> [1] has been recently revived to move away from tags and towards by-digest pullspecs, which will address that portion of this ticket.
+1, Once that, doc will does not need `${OCP_RELEASE}-${ARCHITECTURE}` tag name any more. QE already switch our internal testing to using digest instead of tag name.

> I'm also still pretty sure we don't actually need the locally-extracted installer, we just don't have CI to prove that yet.  I will look into reviving [2].
Per my understanding, if user do not need the locally-extracted installer, user still need to download oc binary from internet which is aligned with target release payload image which user want to install, then move it to Intranet where installation will begin.
Comment 8 Brandi Munilla 2022-09-09 14:13:44 UTC 
OCP 4.6 is no longer on full support [1]. Marking this bug as CLOSED EOL.

If you have a customer case with a support exception or if you think this issue
still applies on 4.8+, please reopen and include those details or open a new Jira issue [2] with updated information. When reopening,
please set the Target Release to the appropriate version where needed.

[1]: https://access.redhat.com/support/policy/updates/openshift
[2]: https://issues.redhat.com/projects/OCPBUGS