Uploaded image for project: 'OpenShift Workloads'
  1. OpenShift Workloads
  2. WRKLDS-296

Mirror OpenShift release payload


    • Icon: Story Story
    • Resolution: Done
    • Icon: Critical Critical
    • None
    • None

      Story: As an OpenShift administrator I want to use a CLI tool to easily mirror the OpenShift Release Payload images so that I can install a disconnected OpenShift cluster.

      Background: Today's oc adm release mirror command requires a lot of input that the user has to manually provide / research in order to successfully create a mirror of the OpenShift release payload. Common challenges are figuring out what exact OCP versions exists to select from, what architectures exists to select from and specifying the correct pull secret. They are not hard to solve individually but combined form the picture of a complex task that is easy to get wrong.

      Prior work:

      • oc adm mirror CLI proposed in¬†disconnected mirroring improvement proposal (link)
      • fake README.md for new disconnected mirroring process (link)

      Acceptance criteria:

      • to mirror the release payload the CLI can run without any specific switches in which case it will assume the following:
        • a locally available registry on port 443
        • existing credentials for this local registry
        • existing pull secret for the release image registry
        • the OCP release version is the version of the oc utility
        • the target registry namespace / organization is openshift<release-version where release-version is the OCP release version to mirror payload for-
        • the release architecture is the architecture of the oc binary, otherwise x86_64 is the default
        • the source to download the release images is the openshift-release-dev organization from quay.io
      • the CLI optionally allows to override the release version and the release architecture as well as the target registry URL (incl. port), target registry namespace (Quay organization) for the release payload, all values can be supplied independently
      • the CLI has a switch to turn off release payload mirroring entirely in which case all of the above is ignored
      • the CLI will expect registry credentials (both for the (local) target registry as well as the release image (source) registry) in the default credentials location of podman and docker ($XDG_RUNTIME_DIR/containers/auth.json om RHEL/CentOS/Fedora)
      • the CLI allows to override both registry credentials separately
      • the CLI will probe both registries before doing any work by attempting to login using the existing credentials and fall back to user input of username and password if this fails, the CLI will error out if any of the interactively provided credentials fail to authenticate
      • the CLI will error out immediately if any of the release images fail to be pulled from the source registry
      • the CLI will error out immediately if any of the release images fail to be pushed to the (local) target registry

            lfrfla Alex Flom (Inactive)
            DanielMesser Daniel Messer
            0 Vote for this issue
            4 Start watching this issue