Repository Steps - Disconnected

Repository Steps - Disconnected

## Install and Configure Image Registry Server

### List the devices and pick the correct one ( If you wanna have a disk dedicated to this )

parted /dev/sdb --script mklabel gpt
parted /dev/sdb --script -- mkpart primary 0% 100%
partprobe pvcreate /dev/sdb1 
vgcreate registry /dev/sdb1 
lvcreate -l 100%FREE -n storage registry 
mkfs.xfs /dev/registry/storage 
mkdir /registry 
echo "/dev/registry/storage   /registry xfs defaults    0 0" >> /etc/fstab
mount -a
mkdir -p /registry/{auth,certs,data}

## Generate Self-Signed Certificate

openssl req -newkey rsa:4096 -nodes -sha256 -keyout /registry/certs/domain.key -x509 -days 365 -subj "/CN=registry.example.com" -out /registry/certs/domain.crt
cp -rf /registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/ 
update-ca-trust

## Create Registry User 

htpasswd -Bc /registry/auth/htpasswd admin

## Initiate Registry Server
/usr/bin/podman pull quay.io/redhat-emea-ssa-team/registry:2 
/usr/bin/podman run -d --name mirror-registry --net host -v /registry/data:/var/lib/registry:z -v /registry/auth:/auth:z -e "REGISTRY_AUTH=htpasswd" -e "REGISTRY_AUTH_HTPASSWD_REALM=registry-realm" -e "REGISTRY_AUTH_HTPASSWD_PATH=/auth/htpasswd" -v /registry/certs:/certs:z -e REGISTRY_HTTP_TLS_CERTIFICATE=/certs/domain.crt -e REGISTRY_HTTP_TLS_KEY=/certs/domain.key quay.io/redhat-emea-ssa-team/registry:2
podman generate systemd --name mirror-registry > /etc/systemd/system/mirror-registry.service 
systemctl enable --now mirror-registry
firewall-cmd --permanent --add-port=5000/tcp
firewall-cmd --permanent --add-port=5000/udp
firewall-cmd --reload

## Test Image Container Server
curl -u admin:<password> -k https://registry.example.com:5000/v2/_catalog


## Download Artifacts and Generate Pull Secret bundle 

#RHEL7
wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /usr/local/bin/jq
chmod +x /usr/loca/bin/jq

#RHEL8
dnf install jq

podman login --authfile /root/mirror-registry-pullsecret.json "## Install and Configure Image Registry Server


## Test Image Container Server
curl -u admin:<password> -k https://registry.example.com:5000/v2/_catalog


## Download Artifacts and Generate Pull Secret bundle

wget https://github.com/stedolan/jq/releases/download/jq-1.6/jq-linux64 -O /usr/local/bin/jq
chmod +x /usr/loca/bin/jq

podman login --authfile /root/mirror-registry-pullsecret.json "registry.example.comS:5000"
jq -s '{"auths": ( .[0].auths + .[1].auths ) }' /root/mirror-registry-pullsecret.json /root/pullsecret.txt > bundle-pullsecret.txt

 
wget https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/4.5.11/openshift-client-linux.tar.gz
tar xzvf openshift-client-linux.tar.gz -C /usr/local/bin

## Syncronizing Container Images and Operators

oc adm -a /root/bundle-pullsecret.txt release mirror --from=quay.io/openshift-release-dev/ocp-release:4.5.11-x86_64 --to=registry.example.com:5000/ocp4/openshift4 --to-release-image=registry.example.com:5000/ocp4/openshift4:4.5.11-x86_64 

###Create redhat-operators catalog image 

oc adm catalog build --appregistry-org redhat-operators --from=registry.redhat.io/openshift4/ose-operator-registry:v4.5 --filter-by-os="linux/amd64" --registry-config=/root/bundle-pullsecret.txt --to=registry.example.com:5000/olm/redhat-operators:v1
 
###Mirror redhat-operators images 

oc adm catalog mirror registry.example.com:5000/olm/redhat-operators:v1 registry.example.com:5000 --registry-config=/root/bundle-pullsecret.txt 

###Create certified-operators catalog image (Optional)

oc adm catalog build --appregistry-org certified-operators --to=registry.example.com:5000/olm/certified-operators:v1 --from=registry.redhat.io/openshift4/ose-operator-registry:v4.5 --registry-config=/root/bundle-pullsecret.txt 

###Mirror certified-operators images (Optional)

oc adm catalog mirror registry.example.com:5000/olm/certified-operators:v1 registry.example.com:5000 --registry-config=/root/bundle-pullsecret.txt :5000"