Mirroring images to final location

Procedure

Complete the following steps on your host that is connected to both the local Docker registry and the {{site.data.keyword.ocp}} cluster.

  1. Mirror images to the final location.

    For mirroring from a bastion host (connected mirroring):

    oc image mirror \
       -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping.txt \
       --filter-by-os '.*'  \
       -a $REGISTRY_AUTH_FILE \
       --insecure  \
       --skip-multiple-scopes \
       --max-per-registry=1 \
       --continue-on-error=true

    If you have generated manifests in the previous steps to mirror images to an intermediate registry server followed by a final registry server, run the following commands:

    1. Mirror images to the intermediate registry server.
      oc image mirror \
         -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-registry.txt \
         --filter-by-os '.*'  \
         -a $REGISTRY_AUTH_FILE \
         --insecure  \
         --skip-multiple-scopes \
         --max-per-registry=1 \
         --continue-on-error=true
    2. Mirror images from the intermediate registry server to the final registry server.
      oc image mirror \
         -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-registry.txt \
         --filter-by-os '.*'  \
         -a $REGISTRY_AUTH_FILE \
         --insecure  \
         --skip-multiple-scopes \
         --max-per-registry=1 \
         --continue-on-error=true
    The oc image mirror --help command can be run to see all the options available on the mirror command. The continue-on-error is to indicate that the command should try to mirror as much as possible and continue on errors.
    oc image mirror --help
    Note: Sometimes based on the number and size of images to be mirrored, the oc image mirror might take longer. If you are issuing the command on a remote machine, it is recommended that you run the command in the background with a nohup, so even if network connection to your remote machine is lost or you close the terminal, the mirroring continues. For example, the following command starts the mirroring process in background and write the log to my-mirror-progress.txt.
    nohup oc image mirror \
    -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping.txt \
    -a $REGISTRY_AUTH_FILE \
    --filter-by-os '.*' \
    --insecure \
    --skip-multiple-scopes \
    --max-per-registry=1 \
    --continue-on-error=true > my-mirror-progress.txt  2>&1 &

    You can view the progress of the mirror by issuing the following command on the remote machine:

    tail -f my-mirror-progress.txt

    For mirroring from a file system (disconnected mirroring):

    Mirror images to your file system.

    export IMAGE_PATH=<image-path>
    oc image mirror \
       -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt \
       --filter-by-os '.*'  \
       -a $REGISTRY_AUTH_FILE \
       --insecure  \
       --skip-multiple-scopes \
       --max-per-registry=1 \
       --continue-on-error=true \
       --dir "$IMAGE_PATH"
    The <image-path> refers to the local path to store the images. For example, in the previous section if you provide file://local as input during generate mirror-manifests, then the preceding command will create a subdirectory v2/local inside directory that is referred by <image-path> and copy the images under it.
    The following command can be used to see all the options available on the mirror command. Note that continue-on-error is used to indicate that the command should try to mirror as much as possible and continue on errors.
    oc image mirror --help
    Note: Sometimes based on the number and size of images to be mirrored, the oc image mirror might take longer. If you are issuing the command on a remote machine, it is recommended that you run the command in the background with `nohup` so that even if you lose network connection to your remote machine or you close the terminal, the mirroring continues. For example, the following command will start the mirroring process in the background and write the log to my-mirror-progress.txt.
    export IMAGE_PATH=<image-path>
    nohup oc image mirror \
    -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-to-filesystem.txt \
    --filter-by-os '.*' \
    -a $REGISTRY_AUTH_FILE \
    --insecure \
    --skip-multiple-scopes \
    --max-per-registry=1 \
    --continue-on-error=true \
    --dir "$IMAGE_PATH" > my-mirror-progress.txt  2>&1 &

    You can view the progress of the mirror by issuing the following command on the remote machine:

    tail -f my-mirror-progress.txt
  2. For disconnected mirroring only - continue to move the following items to your file system:
    • The <image-path> directory that you specified in the previous step.
    • The auth file referred by $REGISTRY_AUTH_FILE
    • ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt
  3. For disconnected mirroring only- mirror images to the target registry from file system.

    Complete the following steps on your file system to copy the images from the file system to the $TARGET_REGISTRY. Your file system must be connected to the target docker registry.

    Important: If you used the placeholder value of TARGET_REGISTRY as a parameter to --final-registry at the time of generating mirror manifests, then before running the following command, find and replace the placeholder value of TARGET_REGISTRY in the file, images-mapping-from-filesystem.txt, with the actual registry where you want to mirror the images. For example, if you want to mirror images to myregistry.com/mynamespace then replace TARGET_REGISTRY with myregistry.com/mynamespace.
    1. Run the following command to copy the images (referred in the images-mapping-from-filesystem.txtfile) from the directory referred by <image-path> to the final target registry:
            export IMAGE_PATH=<image-path>
            oc image mirror \
              -f ~/.ibm-pak/data/mirror/$CASE_NAME/$CASE_VERSION/images-mapping-from-filesystem.txt \
              -a $REGISTRY_AUTH_FILE \
              --from-dir "$IMAGE_PATH" \
              --filter-by-os '.*' \
              --insecure \
              --skip-multiple-scopes \
              --max-per-registry=1 \
              --continue-on-error=true