Cloud Pak for Data

Cloud Pak for Data

Come for answers. Stay for best practices. All we’re missing is you.

 View Only

Incremental images mirroring for Cloud Pak for Data 4.0 in air-gapped environment

By Hong Wei Jia posted Fri February 04, 2022 11:51 PM

  
Incremental images mirroring for Cloud Pak for Data 4.0 in air-gapped environment
This example serves as an example about incremental images mirroring for Cloud Pak for Data 4.0 in air-gapped environment. 
Assumption
1. You have installed WKC, WSL  (Cloud Pak for Data 4.0) in your air-gapped environment and now you want to install WML in the same Cloud Pak for Data cluster.
2. During your WKC and WSL installation, you followed the following approach for the images mirroring.
Note:  The compute device is not required to be a desktop.
Step by step guide
1.Mirror the WML images to a portable image registry
To save disk space, the portable image registry could be a new one which contains only the WML related images. 
You can follow the steps (1~8) in this link for preparing for getting the portable image registry ready.
https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=registry-mirroring-images-intermediary-container
2.Set up the portable image registry in the local compute device.
1)Set environment variables:
export OFFLINEDIR=/opt/ibm/wmlmedia/offline/cpd
export PORTABLE_REGISTRY_HOST=bastion.ocp4.ibm.com
export PORTABLE_REGISTRY_PORT=5002
export PORTABLE_REGISTRY=$PORTABLE_REGISTRY_HOST:$PORTABLE_REGISTRY_PORT
export PORTABLE_REGISTRY_USER=openshift
export PORTABLE_REGISTRY_PASSWORD=redhat
export PORTABLE_REGISTRY_PATH=$OFFLINEDIR/imageregistry
2)Init for the portable registry:
cloudctl case launch \
--case ${OFFLINEDIR_NEW}/ibm-cp-datacore-2.0.8.tgz \
--inventory cpdPlatformOperator \
--action init-registry \
--args "--registry ${PORTABLE_REGISTRY_HOST} --user ${PORTABLE_REGISTRY_USER} --pass ${PORTABLE_REGISTRY_PASSWORD} --dir ${OFFLINEDIR}/imageregistry"
3)Start up the portable registry:
cloudctl case launch \
--case ${OFFLINEDIR}/ibm-cp-datacore-2.0.8.tgz \
--inventory cpdPlatformOperator \
--action start-registry \
--args "--port ${PORTABLE_REGISTRY_PORT} --dir ${OFFLINEDIR}/imageregistry --image docker.io/library/registry:2.7"
If the start-registry command failed, then we can run the following podman command for starting the registry.
podman run --name docker-registry-cpd -p ${PORTABLE_REGISTRY_PORT}:5000 --restart=always \
-v ${PORTABLE_REGISTRY_PATH}/data:/var/lib/registry:z \
-v ${PORTABLE_REGISTRY_PATH}/auth:/auth:z \
-v ${PORTABLE_REGISTRY_PATH}/certs:/certs:z \
-e REGISTRY_AUTH=htpasswd \
-e REGISTRY_AUTH_HTPASSWD_REALM=RegistryRealm \
-e REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd \
-e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/server.pem \
-e REGISTRY_HTTP_TLS_KEY=/certs/server-key.pem \
-d docker.io/library/registry:2.7

4)Verify and make sure your portable image registry start up successfully.
podman login --username ${PORTABLE_REGISTRY_USER} --password ${PORTABLE_REGISTRY_PASSWORD} ${PORTABLE_REGISTRY} --tls-verify=false

curl -L -u ${PORTABLE_REGISTRY_USER}:${PORTABLE_REGISTRY_PASSWORD} https://${PORTABLE_REGISTRY}/v2/_catalog/

5)Store the credential for accessing the portable registry
cloudctl case launch \
--case ${OFFLINEDIR}/ibm-cp-datacore-2.0.8.tgz \
--inventory cpdPlatformOperator \
--action configure-creds-airgap \
--args "--registry ${PORTABLE_REGISTRY} --user ${PORTABLE_REGISTRY_USER} --pass ${PORTABLE_REGISTRY_PASSWORD}"

6)Make the portable image registry auto start 
podman generate systemd --new docker-registry-cpd > /etc/systemd/system/docker-registry-cpd.service
cat /etc/systemd/system/docker-registry-cpd.service

systemctl list-unit-files --type service | grep docker-registry-cpd
systemctl enable docker-registry-cpd.service
systemctl stop docker-registry-cpd.service
systemctl start docker-registry-cpd.service
3.Store credentials for the existing private image registry
1)Set environment variables:
export PRIVATE_REGISTRY_USER=admin
export PRIVATE_REGISTRY_PASSWORD=password
export PRIVATE_REGISTRY=bastion.ocp4.ibm.com:5001
export USE_SKOPEO=true
2)Config credential for accessing the private image registry
cloudctl case launch \
--case ${OFFLINEDIR}/ibm-cp-datacore-2.0.8.tgz \
--inventory cpdPlatformOperator \
--action configure-creds-airgap \
--args "--registry ${PRIVATE_REGISTRY} --user ${PRIVATE_REGISTRY_USER} --pass ${PRIVATE_REGISTRY_PASSWORD}"
4.Start the incremental image mirror 
cloudctl case launch \
--case ${OFFLINEDIR}/ibm-cp-datacore-2.0.8.tgz \
--inventory cpdPlatformOperator \
--action mirror-images \
--args "--fromRegistry ${PORTABLE_REGISTRY} --registry ${PRIVATE_REGISTRY} --user ${PRIVATE_REGISTRY_USER} --pass ${PRIVATE_REGISTRY_PASSWORD} --inputDir ${OFFLINEDIR}"

Verify the WML related images have been mirrored to the private registry successfully.
podman login --username ${PRIVATE_REGISTRY_USER} --password ${PRIVATE_REGISTRY_PASSWORD} ${PRIVATE_REGISTRY} --tls-verify=false
curl -L -u ${PRIVATE_REGISTRY_USER}:${PRIVATE_REGISTRY_PASSWORD} https://${PRIVATE_REGISTRY}/v2/_catalog/

References
https://www.ibm.com/docs/en/cloud-paks/cp-data/4.0?topic=registry-mirroring-images-intermediary-container
#CloudPakforDataGroup
0 comments
5 views

Permalink

https://community.ibm.com/community/user/blogs/hong-wei-jia1/2022/02/04/incremental-images-mirroring-cloud-pak-for-data-40