Bug 1841885: Support airgapped mirroring with oc adm catalog mirror

[ecordell]

When mirroring to a file, oc adm catalog mirror will not rename any images. This means that image names can be inferred from the index contents when mirroring back out of a file store later.

Airgap mirroring then becomes a two step:

1. mirror from registry to file:///
2. mirror from file:// to the airgapped registry

This required a few changes:

1. the index image itself needed to be included in the mirror, so that it is available on the other side of the airgap
2. the catalog mirroring is updated to use typed image refs (i.e. file / registry discriminator)
3. bonus: parallelized the mirroring process

[openshift-ci-robot]

@ecordell: This pull request references Bugzilla bug 1841885, which is valid. The bug has been updated to refer to the pull request using the external bug tracker.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1841885: Support airgapped mirroring with oc adm catalog mirror

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[soltysh]

/assign @sallyom

[ecordell]

/retest

[ecordell]

/retest

[openshift-ci-robot]

@ecordell: This pull request references Bugzilla bug 1841885, which is valid.

3 validation(s) were run on this bug

• bug is open, matching expected state (open)
• bug target release (4.7.0) matches configured target release for branch (4.7.0)
• bug is in the state POST, which is one of the valid states (NEW, ASSIGNED, ON_DEV, POST, POST)

In response to this:

Bug 1841885: Support airgapped mirroring with oc adm catalog mirror

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-ci-robot]

@ecordell: The following test failed, say /retest to rerun all failed tests:

Test name	Commit	Details	Rerun command
ci/prow/e2e-cmd	10cc374	link	/test e2e-cmd

Full PR test history. Your PR dashboard.

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. I understand the commands that are listed here.

[sallyom]

This PR should add examples to the catalog mirror command help:
oc adm catalog mirror quay.io/my/image:latest file://local-catalog
and then
oc adm catalog mirror file://local-catalog some-registry:5000/local-catalog
I'm not seeing any examples of this in the documentation, either. (I'm not sure the above is the correct use but the correct way to mirror to disk then from disk to registry should be documented)

I'm wondering why oc adm catalog mirror varies from oc adm release mirror in ways that should be similar, for example, why is there no --to-dir or --to flag? To mirror to directory w/ oc adm release mirror you can either:
oc adm mirror 4.5.0 --to-dir=release and the output shows the user this:

To upload local images to a registry, run:
    oc image mirror --from-dir=release 'file://openshift/release:4.5.0*' REGISTRY/REPOSITORY

or oc adm mirror 4.5.0 --to file://release and output is shown:

To upload local images to a registry, run:
    oc image mirror 'file://release:4.5.0*' REGISTRY/REPOSITORY

Without the added examples or documentation on how to mirror to local disk and from local disk, it would be very difficult for users to use the oc adm mirror catalog command in this way.

[sallyom]

which/when

[sallyom]

GC to garbage collect? maybe most don't know what GC is

[sallyom]

Should these files be uniquely named - icsp.yaml, catalogSource.yaml, mapping.txt? (I see "imageContentSourcePolicy.yaml" is not part of this PR) See how the signature file is named here: https://github.com/openshift/oc/blob/master/pkg/cli/admin/release/mirror.go#L302-#L313 and a PR to add the writing of icsp file w/ oc adm release mirror will also use this pattern to name the icsp file. Won't these files be overwritten when mirror cmd is run more than once, and is this a potential problem?

[ecordell]

the manifests all go into a directory, so I copied what must-gather does and added a timestamp to the containing folder

[sallyom]

sg, and like you said below, we can align oc adm catalog mirror with oc adm release mirror in a follow-up PR if necessary.

[ecordell]

Thanks for the review @sallyom! I think I have addressed all of your feedback, with the exception of:

I'm wondering why oc adm catalog mirror varies from oc adm release mirror in ways that should be similar, for example, why is there no --to-dir or --to flag?

--to-dir is available here as --dir - I didn't add those flags in either place so I can't answer why they're different (see commit), but it's good to point out that they are.

For now I have added an output like you suggested indicating what the next step should be to mirror back to a registry from files. It's probably worth looking at differences between oc adm release mirror and oc adm catalog mirror and attempting to align them more in the future, but I'd like to keep this PR scoped to addressing the BZ.

[sallyom]

/lgtm

[ecordell]

/retest

[ecordell]

/retest

[ecordell]

/retest

[ecordell]

/retest

[ecordell]

/retest

[ecordell]

/retest

[ecordell]

/approve

[ecordell]

/retest

[sallyom]

/test e2e-cmd

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[ecordell]

/hold

Tests which seem unrelated are flaking consistently

[soltysh]

The failures are not related to this PR, from what I've manually checked:
/override ci/prow/e2e-cmd
/hold cancel

[openshift-ci-robot]

@soltysh: Overrode contexts on behalf of soltysh: ci/prow/e2e-cmd

In response to this:

The failures are not related to this PR, from what I've manually checked:
/override ci/prow/e2e-cmd
/hold cancel

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[openshift-bot]

/retest

Please review the full test history for this PR and help us cut down flakes.

[ecordell]

/retest

[ecordell]

/retest

[ecordell]

/retest

[openshift-ci-robot]

@ecordell: All pull requests linked via external trackers have merged:

• openshift/oc#611

Bugzilla bug 1841885 has been moved to the MODIFIED state.

In response to this:

Bug 1841885: Support airgapped mirroring with oc adm catalog mirror

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

[ecordell]

/cherry-pick release-4.6

[openshift-cherrypick-robot]

@ecordell: #611 failed to apply on top of branch "release-4.6":

Applying: oc adm catalog mirror: mirror index image and generate catalogsource
Applying: bump library-go
Using index info to reconstruct a base tree...
M	go.mod
M	go.sum
M	vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
M	vendor/modules.txt
Falling back to patching base and 3-way merge...
Auto-merging vendor/modules.txt
CONFLICT (content): Merge conflict in vendor/modules.txt
Auto-merging vendor/github.com/openshift/api/config/v1/zz_generated.swagger_doc_generated.go
Auto-merging go.sum
CONFLICT (content): Merge conflict in go.sum
Auto-merging go.mod
CONFLICT (content): Merge conflict in go.mod
error: Failed to merge in the changes.
hint: Use 'git am --show-current-patch=diff' to see the failed patch
Patch failed at 0002 bump library-go
When you have resolved this problem, run "git am --continue".
If you prefer to skip this patch, run "git am --skip" instead.
To restore the original branch and stop patching, run "git am --abort".

In response to this:

/cherry-pick release-4.6

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.