In the following post, we are going to talk on how to mirror the ocp container base images locally first to an .tar file and later upload them to the offline registry on the Bastion Host.

Prerequisites

  • OCPv4.10.X
  • Redhat Enterprise Linux/Rocky Linux/Fedora
  • Downloaded pull-secret.txt file
  • podman package available to the OS

Step 1. Downloading oc-cli and oc-mirror-cli to the Bastion Host:

  • Download oc-cli:
export VERSION=stable-4.10
curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$VERSION/openshift-client-linux.tar.gz | tar zxvf - oc
sudo cp oc /usr/local/bin
  • Download oc-mirror-cli:
export VERSION=stable-4.10
curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$VERSION/oc-mirror.tar.gz | tar zxvf - oc-mirror
sudo cp oc-mirror /usr/local/bin

Note: The oc-mirror its Technical Preview on stable-4.10 channel and on stable-4.11 channel its General Available.

Step 2. Creating the redhat-operator-index container

podman run -d --name redhat-operator-index-4.10 -p 5051:5051 -it registry.redhat.io/redhat/redhat-operator-index:v4.10
cd ${HOME}/.config/user/systemd/user/
podman generate systemd --name redhat-operator-index-4.10 >> container-redhat-operator-index.service
systemctl --user daemon-reload
systemctl --user enable container-redhat-operator-index.service
systemctl --user restart container-redhat-operator-index.service

By creating the redhat-operator-index container we can query the available operator versions to download on the channel: stable-4.10.

Step 3. Usage of the redhat-operator-index container api

  • List a specific operator by filtering on the name:

To download the grpcurl, you will need to download the binary from grpcurl binary release.

Documenting the offline registry api:

grpcurl -plaintext INBACRNRDL0100.offline.oxtechnix.lan:50051 list api.Registry
api.Registry.GetBundle
api.Registry.GetBundleForChannel
api.Registry.GetBundleThatReplaces
api.Registry.GetChannelEntriesThatProvide
api.Registry.GetChannelEntriesThatReplace
api.Registry.GetDefaultBundleThatProvides
api.Registry.GetLatestChannelEntriesThatProvide
api.Registry.GetPackage
api.Registry.ListBundles
api.Registry.ListPackages

In order to dig more information about an specific api:

grpcurl -plaintext INBACRNRDL0100.offline.oxtechnix.lan:50051 describe api.Registry.GetBundleForChannel
api.Registry.GetBundleForChannel is a method:
rpc GetBundleForChannel ( .api.GetBundleInChannelRequest ) returns ( .api.Bundle );

Step 4. Comparing the mirroring

  • oc adm mirror: Exporting the global variables:
export OCP_VERSION="4.10.26"
export UPSTREAM_REPO=$(curl -s https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$OCP_VERSION/release.txt | grep 'Pull From: quay.io' | awk -F ' ' '{print $3}')
echo $UPSTREAM_REPO
quay.io/openshift-release-dev/ocp-release@sha256:e1fa1f513068082d97d78be643c369398b0e6820afab708d26acda2262940954
export LOCAL_REG="INBACRNRDL0100.offline.oxtechnix.lan:5000"
export LOCAL_REPO="ocp-release"
export VERSION="${OCP_VERSION}-x86_64"
export PULLSECRET_FILE=/apps/offline-registry/pull-secret.json
export LOCAL_MEDIA_PATH=/apps/offline-registry/working-dor

Mirroring the images to the local file:

oc adm release mirror -a ${PULLSECRET_FILE} --from=$UPSTREAM_REPO --to-dir=${LOCAL_MEDIA_PATH}/mirror --apply-release-image-signature --insecure=true

Uploading the images to the offline registry:

oc image mirror -a ${PULLSECRET_FILE} --from-dir=${LOCAL_MEDIA_PATH}/mirror "file://openshift/release:${VERSION}*" ${LOCAL_REG}/${LOCAL_REPO}

Storage container based images summary:

Container Base Name Size
ocp-release:4.10.26 12G