Mirroring Data Foundation images deployed on OpenShift Container Platform

Mirror the Data Foundation images to your enterprise registry by using ImageDigestMirrorSet.

Before you begin

About this task

  • This procedure is only necessary if you plan to enable the Fusion Data Foundation service.
  • The Fusion Data Foundation support is included only in IBM Storage Fusion HCI System2.8.1 release.
  • The Fusion Data Foundation 4.16 with OpenShift Container Platform 4.16 is used in the procedure as an example. Replace it with your appropriate supported version.
  • IBM Storage Fusion HCI System 2.8.1 recommends the use of OpenShift Container Platform 4.16 with Fusion Data Foundation 4.16.
  • For more information about how to plan for this setup in a network restricted Data Foundation, see Disconnected environment.

Procedure

  1. Run the following command to login to Docker registry with your Red Hat® enterprise credentials:
    docker login registry.redhat.io -u <Red Hat enterprise registry username> -p <Red Hat enterprise registry password>
  2. Log in to the IBM Entitled Container Registry by using the IBM entitlement key:
    docker login cp.icr.io -u cp -p <your entitlement key>
    Note: Ensure that your entitlement key for IBM Storage Fusion contains the correct entitlement.
    Set the following environment variables:
    
    export LOCAL_ISF_REGISTRY="<Your enterprise registry host>:<port>" 
    export LOCAL_ISF_REPOSITORY="<Your image path>" 
    export TARGET_PATH="$LOCAL_ISF_REGISTRY/$LOCAL_ISF_REPOSITORY" 
    export OCP_VERSION="<Your ocp version, eg 4.16>" 
    Note: Port is a non-mandatory value when you set the LOCAL_ISF_REGISTRY variable. If your enterprise registry is accessible and has a secure connection, then you can ignore it.
    Sample value for without port:
    export LOCAL_ISF_REGISTRY="registryhost.com"
    See the following sample values:
    
    export LOCAL_ISF_REGISTRY="registryhost.com:443"
    export LOCAL_ISF_REPOSITORY="fusion-mirror"
    

    LOCAL_ISF_REGISTRY is your entitlement registry.

    LOCAL_ISF_REPOSITORY is the image path in which you want to mirror the images. You can choose your own repository paths.

    In 2.8.1, the name can be hci-2.8.1/isf2.8.1 or hci- 2.8.1.

  3. Run the command to login to the Docker registry with your enterprise registry credentials:
    docker login $LOCAL_ISF_REGISTRY -u <your enterprise registry username> -p <your enterprise registry password>
    
  4. Create the image set configuration for Fusion Data Foundation.
    See the following image set configuration:
    cat << EOF > imageset-config-fdf.yaml
    kind: ImageSetConfiguration
    apiVersion: mirror.openshift.io/v1alpha2
    storageConfig:
      registry:
        imageURL: "$TARGET_PATH/isf-df-metadata:latest"
        skipTLS: true
    mirror:
      operators:
        - catalog: icr.io/cpopen/isf-data-foundation-catalog:v$OCP_VERSION
          packages:
            - name: "mcg-operator"
            - name: "ocs-operator"
            - name: "odf-csi-addons-operator"
            - name: "odf-multicluster-orchestrator"
            - name: "odf-operator"
            - name: "odr-cluster-operator"
            - name: "odr-hub-operator"
            - name: "ocs-client-operator"
    EOF
    
    If you are using Fusion Data Foundation 4.16, then use the following image set configuration:
    cat << EOF > imageset-config-fdf.yaml
    kind: ImageSetConfiguration
    apiVersion: mirror.openshift.io/v1alpha2
    storageConfig:
      registry:
        imageURL: "$TARGET_PATH/isf-df-metadata:latest"
        skipTLS: true
    mirror:
      operators:
      - catalog: icr.io/cpopen/isf-data-foundation-catalog:v$OCP_VERSION
        packages:
          - name: "mcg-operator"
          - name: "ocs-operator"
          - name: "odf-csi-addons-operator"
          - name: "odf-multicluster-orchestrator"
          - name: "odf-operator" 
          - name: "odr-cluster-operator"    
          - name: "odr-hub-operator"
          - name: "ocs-client-operator"
          - name: "odf-prometheus-operator"
          - name: "recipe"
          - name: "rook-ceph-operator"
    EOF
  5. Run the following oc command to mirror the images:
    oc mirror --config imageset-config-fdf.yaml docker://${TARGET_PATH} --dest-skip-tls --ignore-history
    
  6. Run the following command to check whether the image got successfully mirrored to the registry:
    Note: If you are using a self signed registry, then export the SSL_CERT_DIR=/root/quay-install/quay-rootCA before running this command.

    The /root/quay-install/quay-rootCA path is where certificates are placed. For more information, see Red Hat solution.

    oc mirror list operators --catalog $TARGET_PATH/cpopen/isf-data-foundation-catalog:v$OCP_VERSION
    
    WARN[0033] DEPRECATION NOTICE:
    
    Sqlite-based catalogs and their related subcommands are deprecated. Support for them will be removed in a future release. Please migrate your catalog workflows
    to the new file-based catalog format.
    
    NAME                               DISPLAY NAME                   DEFAULT                  CHANNEL
    
    mcg-operator                       NooBaa                         Operator                 stable-4.16
    
    ocs-client-operator                OpenShift Data Foundation      Client                   stable-4.16
    
    ocs-operator                       Container                      Storage                  stable-4.16
    
    odf-csi-addons-operator            CSI                            Addons                   stable-4.16
    
    odf-multicluster-orchestrator      Multicluster                   Orchestrator             stable-4.16
    
    odf-operator                       IBM Storage Fusion             Data Foundation          stable-4.16
    
    odr-cluster-operator               DR Cluster                     Operator                 stable-4.16
    
    odr-hub-operator                   DR Hub                         Operator                  stable-4.16
  7. Create the image set configuration for local storage operator.
    See the following image set configuration:
    cat << EOF > imageset-config-lso.yaml
    kind: ImageSetConfiguration
    apiVersion: mirror.openshift.io/v1alpha2
    storageConfig:
      registry:
        imageURL: "$TARGET_PATH/df/odf-lso-metadata:latest"
        skipTLS: true
    mirror:
      operators:
        - catalog: registry.redhat.io/redhat/redhat-operator-index:v$OCP_VERSION
          packages:
            - name: "local-storage-operator"
            - name: "lvms-operator"
    EOF
    
    Run the following OC command to mirror the images:
    oc mirror --config imageset-config-lso.yaml docker://${TARGET_PATH} --dest-skip-tls --ignore-history
    
    Note: If Red Hat® operator catalog is running on your cluster, prune and push all earlier packages, including the local-storage-operator and lvms-operator. Otherwise, old packages get lost from the Red Hat operator index image.
  8. Add ImageDigestMirrorSet for Fusion Data Foundation.
    See the following ImageDigestMirrorSet:
    Note: Replace the variable $TARGET_PATH with your registry details where images are mirrored.
    apiVersion: config.openshift.io/v1
    kind: ImageDigestMirrorSet
    metadata:
      labels:
        operators.openshift.org/catalog: "true"
      name: isf-fdf-idsp
    spec:
      imageDigestMirrors:
      - mirrors:
        - $TARGET_PATH/openshift4
        source: registry.redhat.io/openshift4
      - mirrors:
        - $TARGET_PATH/redhat
        source: registry.redhat.io/redhat
      - mirrors:
        - $TARGET_PATH/rhel9
        source: registry.redhat.io/rhel9
      - mirrors:
        - $TARGET_PATH/rhel8
        source: registry.redhat.io/rhel8
      - mirrors:
        - $TARGET_PATH/cp/df
        source: cp.icr.io/cp/df
      - mirrors:
        - $TARGET_PATH/cpopen
        source: cp.icr.io/cpopen
      - mirrors:
        - $TARGET_PATH/cpopen
        source: icr.io/cpopen
      - mirrors:
        - $TARGET_PATH/cp/ibm-ceph
        source: cp.icr.io/cp/ibm-ceph
      - mirrors:
        - $TARGET_PATH/lvms4
        source: registry.redhat.io/lvms4
  9. Create a CatalogSource named redhat-operators.
    Note: Do this step when the Data Foundation uses the local disk.
    cat << EOF > rh-catalog.yaml
    apiVersion: operators.coreos.com/v1alpha1
    kind: CatalogSource
    metadata:
      name: redhat-operators
      namespace: openshift-marketplace
    spec:
      displayName: Red Hat Operators
      image: $TARGET_PATH/redhat/redhat-operator-index:v$OCP_VERSION
      publisher: Red Hat
      sourceType: grpc
    EOF  
  10. Add ImageTagMirrorSet for Data Foundation:
    apiVersion: config.openshift.io/v1
    kind: ImageTagMirrorSet
    metadata:
      name: isf-fdf
    spec:
      imageTagMirrors:
        - mirrors:
            - $TARGET_PATH/cpopen/isf-data-foundation-catalog
          source: icr.io/cpopen/isf-data-foundation-catalog 
          mirrorSourcePolicy: AllowContactingSource