Mirroring Data Foundation images deployed on OpenShift Container Platform
Mirror the Data Foundation images to your enterprise registry by using ImageDigestMirrorSet.
Before you begin
- Ensure that you use OpenShift® Container Platform 4.14.4 or higher in the commands. Use your specific version number in the commands.
- You can migrate the Fusion Data Foundation ImageContentSourcePolicy to an ImageDigestMirrorSet. For the procedure and why you must migrate, see Migrating Data Foundation ImageContentSourcePolicy to ImageDigestMirrorSet.
About this task
The Fusion Data Foundation 4.16 with OpenShift Container Platform 4.16 is used in the procedure as an example. Replace it with your appropriate supported version.
For more information about how to plan for this setup in a network restricted Data Foundation, see Disconnected environment.
Note: This procedure is only necessary if you plan to enable the Fusion Data Foundation service.
Procedure
- Run the following command to login to Docker registry with your Red
Hat® enterprise credentials:
docker login registry.redhat.io -u <Red Hat enterprise registry username> -p <Red Hat enterprise registry password> -
Log in to the IBM Entitled Container Registry by using the IBM entitlement key:
docker login cp.icr.io -u cp -p <your entitlement key>Note: Ensure that your entitlement key for IBM Fusion contains the correct entitlement.Set the following environment variables:export LOCAL_ISF_REGISTRY="<Your enterprise registry host>:<port>" export LOCAL_ISF_REPOSITORY="<Your image path>" export TARGET_PATH="$LOCAL_ISF_REGISTRY/$LOCAL_ISF_REPOSITORY" export OCP_VERSION="<Your ocp version, eg 4.16>"Note: Port is a non-mandatory value when you set theLOCAL_ISF_REGISTRYvariable. If your enterprise registry is accessible and has a secure connection, then you can ignore it.Sample value for without port:export LOCAL_ISF_REGISTRY="registryhost.com"See the following sample values:export LOCAL_ISF_REGISTRY="registryhost.com:443" export LOCAL_ISF_REPOSITORY="fusion-mirror"LOCAL_ISF_REGISTRYis your entitlement registry.LOCAL_ISF_REPOSITORYis the image path in which you want to mirror the images. You can choose your own repository paths. For example, in , the name can be sds-2.10.0/isf or sds- 2.10.0. - Run the command to login to the Docker registry with your enterprise registry
credentials:
docker login $LOCAL_ISF_REGISTRY -u <your enterprise registry username> -p <your enterprise registry password> - Create the image set configuration for Fusion Data Foundation.
If you are using Fusion Data Foundation 4.18, then use the following image set configuration:
imageset-config-fdf.yamlcat << EOF > imageset-config-fdf.yaml kind: ImageSetConfiguration apiVersion: mirror.openshift.io/v1alpha2 storageConfig: registry: imageURL: "$TARGET_PATH/isf-df-metadata:latest" skipTLS: true mirror: operators: - catalog: icr.io/cpopen/isf-data-foundation-catalog:v$OCP_VERSION packages: - name: "cephcsi-operator" - name: "mcg-operator" - name: "ocs-operator" - name: "odf-csi-addons-operator" - name: "odf-multicluster-orchestrator" - name: "odf-operator" - name: "odr-cluster-operator" - name: "odr-hub-operator" - name: "ocs-client-operator" - name: "odf-prometheus-operator" - name: "recipe" - name: "rook-ceph-operator" - name: "odf-dependencies" EOFIf you are using Fusion Data Foundation 4.16 and 4.17, then use the following image set configuration:Note: If you are using theoc-mirrorv2 plug-in and upgrading to Fusion Data Foundation 4.17, ensure to include thecephcsi-operatorwithin the following image set configuration. This operator is not inherently included when using the v2 version of the mirror plug-in.imageset-config-fdf.yaml:cat << EOF > imageset-config-fdf.yaml kind: ImageSetConfiguration apiVersion: mirror.openshift.io/v1alpha2 storageConfig: registry: imageURL: "$TARGET_PATH/isf-df-metadata:latest" skipTLS: true mirror: operators: - catalog: icr.io/cpopen/isf-data-foundation-catalog:v$OCP_VERSION packages: - name: "mcg-operator" - name: "ocs-operator" - name: "odf-csi-addons-operator" - name: "odf-multicluster-orchestrator" - name: "odf-operator" - name: "odr-cluster-operator" - name: "odr-hub-operator" - name: "ocs-client-operator" - name: "odf-prometheus-operator" - name: "recipe" - name: "rook-ceph-operator" EOF - Run the following oc command to mirror the images.
oc mirror --config imageset-config-fdf.yaml docker://${TARGET_PATH} --dest-skip-tls --ignore-history - Run the following command to check whether the image got successfully mirrored to the
registry: Note: If you are using a self signed registry, then export the
SSL_CERT_DIR=/root/quay-install/quay-rootCAbefore running this command.The
/root/quay-install/quay-rootCApath is where certificates are placed. For more information, see Red Hat solution.oc mirror list operators --catalog $TARGET_PATH/cpopen/isf-data-foundation-catalog:v$OCP_VERSION WARN[0033] DEPRECATION NOTICE: Sqlite-based catalogs and their related subcommands are deprecated. Support for them will be removed in a future release. Please migrate your catalog workflows to the new file-based catalog format. NAME DISPLAY NAME DEFAULT CHANNEL mcg-operator NooBaa Operator stable-4.16 ocs-client-operator OpenShift Data Foundation Client stable-4.16 ocs-operator Container Storage stable-4.16 odf-csi-addons-operator CSI Addons stable-4.16 odf-multicluster-orchestrator Multicluster Orchestrator stable-4.16 odf-operator IBM Storage Fusion Data Foundation stable-4.16 odr-cluster-operator DR Cluster Operator stable-4.16 odr-hub-operator DR Hub Operator stable-4.16 - Create the image set configuration for local storage operator. Note: If Red Hat® operator catalog is running on your cluster, prune and push all earlier packages, including the
local-storage-operatorandlvms-operator. Otherwise, old packages get lost from the Red Hat operator index image.For example:
cat << EOF > imageset-config-lso.yaml kind: ImageSetConfiguration apiVersion: mirror.openshift.io/v1alpha2 storageConfig: registry: imageURL: "$TARGET_PATH/df/odf-lso-metadata:latest" skipTLS: true mirror: operators: - catalog: registry.redhat.io/redhat/redhat-operator-index:v$OCP_VERSION packages: - name: "local-storage-operator" - name: "lvms-operator" full: true EOF - Run the following OC command to mirror the images.
oc mirror --config imageset-config-lso.yaml docker://${TARGET_PATH} --dest-skip-tls --ignore-history - Add
ImageDigestMirrorSetfor Fusion Data Foundation.See the followingImageDigestMirrorSet:Note:- Replace the variable
$TARGET_PATHwith your registry details where images are mirrored.
apiVersion: config.openshift.io/v1 kind: ImageDigestMirrorSet metadata: labels: operators.openshift.org/catalog: "true" name: isf-fdf-idms spec: imageDigestMirrors: - mirrors: - $TARGET_PATH/openshift4 source: registry.redhat.io/openshift4 - mirrors: - $TARGET_PATH/redhat source: registry.redhat.io/redhat - mirrors: - $TARGET_PATH/rhel9 source: registry.redhat.io/rhel9 - mirrors: - $TARGET_PATH/rhel8 source: registry.redhat.io/rhel8 - mirrors: - $TARGET_PATH/cp/df source: cp.icr.io/cp/df - mirrors: - $TARGET_PATH/cpopen source: cp.icr.io/cpopen - mirrors: - $TARGET_PATH/cpopen source: icr.io/cpopen - mirrors: - $TARGET_PATH/cp/df/ceph source: cp.icr.io/cp/df/ceph - mirrors: - $TARGET_PATH/lvms4 source: registry.redhat.io/lvms4 - Replace the variable
- Create a CatalogSource named
redhat-operators.Note: Do this step when the Data Foundation uses the local disk.apiVersion: operators.coreos.com/v1alpha1 kind: CatalogSource metadata: name: redhat-operators namespace: openshift-marketplace spec: displayName: Red Hat Operators image: $TARGET_PATH/redhat/redhat-operator-index:v$OCP_VERSION publisher: Red Hat sourceType: grpc - Add
ImageTagMirrorSetfor Data Foundation:apiVersion: config.openshift.io/v1 kind: ImageTagMirrorSet metadata: name: isf-fdf spec: imageTagMirrors: - mirrors: - $TARGET_PATH/cpopen/isf-data-foundation-catalog source: icr.io/cpopen/isf-data-foundation-catalog mirrorSourcePolicy: AllowContactingSource