Moving images for cpd-cli plug-ins to a private container registry

Several of the cpd-cli plug-ins use images. If your cluster pulls images from a private container registry or if your cluster is in a restricted network, you can push the images to the private container registry so that users can run the cpd-cli commands against the cluster.

Who needs to complete this task?
A user who has permissions to push images to the private container registry must complete this task.
When do you need to complete this task?
Complete this task if your cluster is in a restricted network or if your security policies require all images to be pulled from a private container registry.

You can skip this task if your workstations can connect to the public internet and to the cluster at the same time.

Which cpd-cli plug-ins require images?

The following table lists the images that are required by each cpd-cli plug-in:
Plug-in Purpose Required images
config Use this plug-in to create a local user configuration and profile to enable you to run cpd-cli commands against an instance of IBM® Software Hub. This plug-in doesn't require any images.
cpdbr Use this plug-in to back up and restore IBM Software Hub volumes.
This plug-in requires the following images:
cpdbr
Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
The image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
cpdbr-oadp Use this plug-in to back up and restore IBM Software Hub deployments, including volumes.
This plug-in uses several images. The images that you need depend on the following factors:
  • The type of storage that you are using
  • The method you are using to perform the backup and restore.
ose-cli

This image is required for all backup and restore scenarios.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
You must manually mirror the ose-cli image to your private container registry.
ubi-minimal

This image is required for all backup and restore scenarios.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
You must manually mirror the ubi-minimal image to your private container registry.
cpdbr-velero-plugin

This image is required for all backup and restore scenarios.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
cpdbr-oadp

This image is required only if you are using IBM Fusion Data Protection, NetApp Astra Control Center, or Portworx Enterprise to back up IBM Software Hub deployments.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
cpdbr-api

This image is required only if you are using OpenShift® APIs for Data Protection to back up IBM Software Hub deployments using REST API calls.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
cpdctl

Use this plug-in to automate activities performed on different types of workspace and assets across multiple IBM Software Hub clusters.

 This plug-in doesn't require any images.
cpdtool

Use this plug-in to export and import data, including metadata.
This plug-in requires the following images:
cpdtool
Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
health Query the health of your Red Hat OpenShift cluster and IBM Software Hub.
This plug-in requires the following images:
ibm-network-performance

This image is required for the network-performance command.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
ibm-service-functionality

This image is required for the service-functionality command.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
k8s-storage-perf

This image is required for the storage-performance command.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
k8s-storage-test

This image is required for the storage-validation command.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
manage

Use this plug-in to install and upgrade IBM Software Hub
This plug-in requires the following images:
olm-utils-v3 image

This image is required to install and upgrade IBM Software Hub.

Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
zen-rsi-adm-controller

This image is required for node pinning, HTTP proxy configuration, and for the resource specification injection (RSI) feature.

Important: The RSI feature is recommended only for advanced Red Hat® OpenShift Container Platform users.
Supported hardware
  • x86_64
  • ppc64le
  • s390x
Obtaining the image
This image is automatically mirrored when you mirror the IBM Software Hub (cpd_platform) images.
platform-diag

Use this plug-in to gather diagnostic information about a IBM Software Hub deployment.

This plug-in doesn't require any images.
platform-mgmt

Use this plug-in to manage service instances and users associated with a IBM Software Hub deployment.

This plug-in doesn't require any images.

Before you begin

Complete the following tasks before you move the images to the private container registry:

  1. Setting up a client workstation to install IBM Software Hub
  2. Setting up installation environment variables

Mirroring the ose-cli and ubi-minimal images to the private container registry

If you plan to use the cpd-cli oadp commands, you must mirror the following images to your private container registry:
  • ose-cli
  • ubi-minimal

The steps that you must complete depend on whether the workstation can connect to both the internet and the private container registry at the same time:

The workstation can connect to the internet and to the private container registry
  1. Ensure that Docker or Podman is running on the workstation.
  2. Log in to the private container registry:
    Podman
    podman login ${PRIVATE_REGISTRY_LOCATION} \
-u ${PRIVATE_REGISTRY_PUSH_USER} \
-p ${PRIVATE_REGISTRY_PUSH_PASSWORD}
    Docker
    docker login ${PRIVATE_REGISTRY_LOCATION} \
-u ${PRIVATE_REGISTRY_PUSH_USER} \
-p ${PRIVATE_REGISTRY_PUSH_PASSWORD}
  3. Log in to the Red Hat entitled registry.
    1. Set the REDHAT_USER environment variable to the username of a user who can pull images from registry.redhat.io:
      export REDHAT_USER=<enter-your-username>
    2. Set the REDHAT_PASSWORD environment variable to the password for the specified user:
      export REDHAT_PASSWORD=<enter-your-password>
    3. Log in to registry.redhat.io:
      Podman
      podman login registry.redhat.io \
-u ${REDHAT_USER} \
-p ${REDHAT_PASSWORD}
      Docker
      docker login registry.redhat.io \
-u ${REDHAT_USER} \
-p ${REDHAT_PASSWORD}
  4. Run the following commands to mirror the images the private container registry.
    ose-cli

    The same image is used for all cluster hardware architectures.

    oc image mirror registry.redhat.io/openshift4/ose-cli:latest ${PRIVATE_REGISTRY_LOCATION}/openshift4/ose-cli:latest --insecure
    ubi-minimal

    The same image is used for all cluster hardware architectures.

    oc image mirror registry.redhat.io/ubi9/ubi-minimal:latest ${PRIVATE_REGISTRY_LOCATION}/ubi9/ubi-minimal:latest --insecure
The workstation cannot connect to the private container registry at the same time
  1. From a workstation that can connect to the internet:
    1. Ensure that Docker or Podman is running on the workstation.
    2. Ensure that the olm-utils-v3 image is available on the client workstation:
      cpd-cli manage restart-container
    3. Log in to the Red Hat entitled registry.
      1. Set the REDHAT_USER environment variable to the username of a user who can pull images from registry.redhat.io:
        export REDHAT_USER=<enter-your-username>
      2. Set the REDHAT_PASSWORD environment variable to the password for the specified user:
        export REDHAT_PASSWORD=<enter-your-password>
      3. Log in to registry.redhat.io:
        Podman
        podman login registry.redhat.io \
-u ${REDHAT_USER} \
-p ${REDHAT_PASSWORD}
        Docker
        docker login registry.redhat.io \
-u ${REDHAT_USER} \
-p ${REDHAT_PASSWORD}
    4. Run the following commands to save the images to the client workstation:
      ose-cli

      The same image is used for all cluster hardware architectures.

      cpd-cli manage save-image \
--from=registry.redhat.io/openshift4/ose-cli:latest
      ubi-minimal

      The same image is used for all cluster hardware architectures.

      cpd-cli manage save-image \
--from=registry.redhat.io/ubi9/ubi-minimal:latest
  2. Transfer the compressed files to a client workstation that can connect to the cluster.

    Ensure that you place the TAR files in the work/offline directory.

    ose-cli
    registry.redhat.io_openshift4_ose-cli_latest.tar.gz
    ubi-minimal
    ubi8_registry.redhat.io_ubi8_ubi-minimal_latest.tar.gz
  3. From the workstation that can connect to the cluster:
    1. Ensure that Docker or Podman is running on the workstation.
    2. Log in to the private container registry.

      The following command assumes that you are using private container registry that is secured with credentials:

      cpd-cli manage login-private-registry \
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PUSH_USER} \
${PRIVATE_REGISTRY_PUSH_PASSWORD}

      If your private registry is not secured, omit the username and password.

    3. Run the following commands to copy the images to the private container registry:
      ose-cli
      cpd-cli manage copy-image \
--from=registry.redhat.io/openshift4/ose-cli:latest \
--to=${PRIVATE_REGISTRY_LOCATION}/openshift4/ose-cli:latest
      ubi-minimal
      cpd-cli manage copy-image \
--from=registry.redhat.io/ubi9/ubi-minimal:latest \
--to=${PRIVATE_REGISTRY_LOCATION}/ubi9/ubi-minimal:latest

Mirroring the cpd-cli health image to the private container registry

The images for the cpd-cli health commands are automatically mirrored to your private container registry when you mirror the IBM Software Hub (cpd_platform) images.

However, you can run the following health commands before you install IBM Software Hub:

If you want to run these commands before you mirror the IBM Software Hub images, you can manually move the required images to your private container registry.

Command Required image
storage-performance k8s-storage-perf
storage-validation k8s-storage-test
network-performance ibm-network-performance

The steps that you must complete depend on whether the workstation can connect to both the internet and the private container registry at the same time:

The workstation can connect to the internet and to the private container registry
Best practice: You can run the commands in this task exactly as written if you set up environment variables. For instructions, see Setting up installation environment variables.

Ensure that you source the environment variables before you run the commands in this task.

  1. Ensure that Docker or Podman is running on the workstation.
  2. Log in to the private container registry:
    cpd-cli manage login-private-registry \
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PUSH_USER} \
${PRIVATE_REGISTRY_PUSH_PASSWORD}
  3. Run the following command to mirror the relevant image the private container registry.
    k8s-storage-perf
    cpd-cli manage copy-image \
--from=icr.io/cpopen/cpd/k8s-storage-perf:${VERSION}.${IMAGE_ARCH} \
--to=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/k8s-storage-perf:${VERSION}.${IMAGE_ARCH}
    k8s-storage-test
    cpd-cli manage copy-image \
--from=icr.io/cpopen/cpd/k8s-storage-test:${VERSION}.${IMAGE_ARCH} \
--to=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/k8s-storage-test:${VERSION}.${IMAGE_ARCH}
    ibm-network-performance
    cpd-cli manage copy-image \
--from=icr.io/cpopen/cpd/ibm-network-performance:${VERSION}.${IMAGE_ARCH} \
--to=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/ibm-network-performance:${VERSION}.${IMAGE_ARCH}
The workstation cannot connect to the private container registry at the same time
  1. From a workstation that can connect to the internet:
    1. Ensure that Docker or Podman is running on the workstation.
    2. Ensure that the olm-utils-v3 image is available on the client workstation:
      cpd-cli manage restart-container
    3. Run the following command to save the relevant image to the client workstation:
      k8s-storage-perf
      cpd-cli manage save-image \
--from=icr.io/cpopen/cpd/k8s-storage-perf:${VERSION}.${IMAGE_ARCH}
      k8s-storage-test
      cpd-cli manage save-image \
--from=icr.io/cpopen/cpd/k8s-storage-test:${VERSION}.${IMAGE_ARCH}
      ibm-network-performance
      cpd-cli manage save-image \
--from=icr.io/cpopen/cpd/ibm-network-performance:${VERSION}.${IMAGE_ARCH}
  2. Transfer the compressed file to a client workstation that can connect to the cluster.
    Ensure that you place the TAR file in the work/offline directory. The TAR files have the following format:
    k8s-storage-perf
    icr.io_cpopen_cpd_k8s-storage-perf_${VERSION}.${IMAGE_ARCH}.tar.gz
    k8s-storage-test
    icr.io_cpopen_cpd_k8s-storage-test_${VERSION}.${IMAGE_ARCH}.tar.gz
    ibm-network-performance
    cpopen_cpd_ibm-network-performance_${VERSION}.${IMAGE_ARCH}.tar.gz
  3. From the workstation that can connect to the cluster:
    1. Ensure that Docker or Podman is running on the workstation.
    2. Log in to the private container registry.

      The following command assumes that you are using private container registry that is secured with credentials:

      cpd-cli manage login-private-registry
${PRIVATE_REGISTRY_LOCATION} \
${PRIVATE_REGISTRY_PUSH_USER} \
${PRIVATE_REGISTRY_PUSH_PASSWORD}

      If your private registry is not secured, omit the username and password.

    3. Run the following command to copy the relevant image to the private container registry:
      k8s-storage-perf
      cpd-cli manage copy-image \
--from=icr.io/cpopen/cpd/k8s-storage-perf:${VERSION}.${IMAGE_ARCH} \
--to=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/k8s-storage-perf:${VERSION}.${IMAGE_ARCH}
      k8s-storage-test
      cpd-cli manage copy-image \
--from=icr.io/cpopen/cpd/k8s-storage-test:${VERSION}.${IMAGE_ARCH} \
--to=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/k8s-storage-test:${VERSION}.${IMAGE_ARCH}
      ibm-network-performance
      cpd-cli manage copy-image \
--from=icr.io/cpopen/cpd/ibm-network-performance:${VERSION}.${IMAGE_ARCH} \
--to=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/ibm-network-performance:${VERSION}.${IMAGE_ARCH}

What to do next

After the images are mirrored or pushed to the private container registry, users must ensure that the cpd-cli plug-ins use the images from the private container registry.

Plug-in How to use the images in the private container registry
config Not applicable. This plug-in doesn't require any images.
cpdbr Specify the --image-prefix=${PRIVATE_REGISTRY_LOCATION} option when you run the cpd-cli backup-restore init command.
cpdbr-oadp Specify the --image-prefix=${PRIVATE_REGISTRY_LOCATION} option when you run some cpd-cli oadp commands.
cpdctl Not applicable. This plug-in doesn't require any images.
cpdtool Specify the --image-prefix=${PRIVATE_REGISTRY_LOCATION} option when you run the cpd-cli export-import init command.
health The next steps depend on the commands that you want to run:
ibm-network-performance
See the cpd-cli health network-performance command reference for more information.
ibm-service-functionality
See the cpd-cli health service-functionality command reference for more information.
k8s-storage-perf
See the cpd-cli health storage-performance command reference for more information.
k8s-storage-test
See the cpd-cli health storage-validation command reference for more information.
manage
olm-utils-v3
Users who want to run cpd-cli manage commands against the cluster must add the OLM_UTILS_IMAGE environment variable to their environment variables script:
x86-64 clusters
export OLM_UTILS_IMAGE=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/olm-utils-v3:${VERSION}
ppc64le clusters
export OLM_UTILS_IMAGE=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/olm-utils-v3:${VERSION}.ppc64le
s390x clusters
export OLM_UTILS_IMAGE=${PRIVATE_REGISTRY_LOCATION}/cpopen/cpd/olm-utils-v3:${VERSION}.s390x
platform-diag Not applicable. This plug-in doesn't require any images.
platform-mgmt Not applicable. This plug-in doesn't require any images.