BZ1907755: Use image digest instead of image tag name #38381
Conversation
openshift-ci
bot
added
the
size/L
|
✔️ Deploy Preview for osdocs ready! 🔨 Explore the source changes: 31bdbcd1388eacead229004ae85319f3276bb1f5 🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/61825ef5ce2d060008c2add7 😎 Browse the preview: https://deploy-preview-38381--osdocs.netlify.app |
|
✔️ Deploy Preview for osdocs ready! 🔨 Explore the source changes: 0f499c3 🔍 Inspect the deploy log: https://app.netlify.com/sites/osdocs/deploys/61a0ad056b4bf80008eedd03 😎 Browse the preview: https://deploy-preview-38381--osdocs.netlify.app |
There was a problem hiding this comment.
Is there any portal url to allow user to find out the specific image's digest?
There was a problem hiding this comment.
https://access.redhat.com/errata/product/290/ver=4.5/rhel---8/x86_64/RHBA-2020:3719[the 4.5.11 Bug Fix Advisory] uses quay.io/openshift-release-dev/ocp-release for the pullspec repository and sha256:4d048ae1274d11c49f9b7e70713a072315431598b2ddbb512aee4027c422fe3e for the x86-64 4.5.11 release image digest.
This url is give as an example. But this example would be specific to 4.5. This will have to be kept updated. Instead we can redirect to the main errata page where they can voluntarily choose the bug advisory - https://access.redhat.com/downloads/content/290/ver=4.9/rhel---8/4.9.5/x86_64/product-errata
WDYT?
There was a problem hiding this comment.
https://access.redhat.com/downloads/content/290/ver=4.9/rhel---8/4.9.5/x86_64/product-errata
+1, but from the url string, I think the link is varying version to version.
There was a problem hiding this comment.
https://access.redhat.com/downloads/content/290/ver=4.9/rhel---8/4.9.5/x86_64/product-errata
+1, but from the url string, I think the link is varying version to version.
My bad. This is the url I was referring to https://access.redhat.com/downloads/content/290/ver=4.9/rhel---8/. Here I can replace version with a current version placeholder.
There was a problem hiding this comment.
https://access.redhat.com/downloads/content/290/ver=4.9/rhel---8/ sounds good to me, then also point user to navigate to "Errata" Tab on that page.
There was a problem hiding this comment.
'4.*' ? Is there a more accurate way to get the desired loale files? Actually the detailed command can be referenced from the the output of oc adm release mirror -a ${LOCAL_SECRET_JSON} --to-dir=${REMOVABLE_MEDIA_PATH}/mirror ${OCP_RELEASE_REPOSITORY}@${OCP_RELEASE_DIGEST}
There was a problem hiding this comment.
@wking Need your inputs here.
There was a problem hiding this comment.
You need to mirror all the images from the removable media, not just the release image. These docs use {OCP_RELEASE}*, in case that helps. You might be fine with a bare * too, if you document the assumption that removable media didn't have other content under mirror before the start of this mirror flow.
There was a problem hiding this comment.
If source image is using digest pullspec, then it is better to mirror image using digest
There was a problem hiding this comment.
If source image is using digest pullspec, then it is better to mirror image using digest
There was a problem hiding this comment.
If source image is using digest pullspec, then it is better to mirror image using digest
There was a problem hiding this comment.
If source image is using digest pullspec, then it is better to mirror image using digest
There was a problem hiding this comment.
Sounds like this VAR is not needed any more, if use digest when doing mirror operation.
snarayan-redhat
changed the title
snarayan-redhat
force-pushed
the
BZ1878830_digest
branch
from
115b95d to
0f499c3
Compare
|
|
||
| . Set the required environment variables: | ||
| .. Export the release version: | ||
| .. Export the image repository from the image release advisory: |
There was a problem hiding this comment.
nit: Preexisting wording, so feel free to ignore, but OCP_RELEASE_REPOSITORY=... is setting a variable, not exporting it (which would be export OCP_RELEASE_REPOSITORY=...). I'd use "Declare the image repository..." or something else to avoid saying "export" and risking confusion with export. Also in this space here and discussion in #22008.
| --from=${OCP_RELEASE_REPOSITORY}@${OCP_RELEASE_DIGEST} \ | ||
| --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ | ||
| --to-release-image=${OCP_RELEASE_REPOSITORY}@${OCP_RELEASE_DIGEST} --dry-run | ||
| $ oc adm release mirror -a ${LOCAL_SECRET_JSON} --to-dir=${REMOVABLE_MEDIA_PATH}/mirror quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} --dry-run |
There was a problem hiding this comment.
Mirroring to removable media is useful if you can't mirror directly to the local registry and need to sneakernet the data in. So when you add the direct-to-local-registry command above while keeping the to-disk command here, it seems like it's conflicted about the network environment. Maybe these need to get split into restricted-network and connected-network cases, with one command in each case?
|
Issues go stale after 90d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle stale |
openshift-ci
bot
added
the
lifecycle/stale
|
@snarayan-redhat: PR needs rebase. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
openshift-ci
bot
added
the
needs-rebase
|
Stale issues rot after 30d of inactivity. Mark the issue as fresh by commenting If this issue is safe to close now please do so with /lifecycle rotten |
openshift-ci
bot
added
lifecycle/rotten
|
Rotten issues close after 30d of inactivity. Reopen the issue by commenting /close |
|
@openshift-bot: Closed this PR. In response to this:
Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository. |
4 participants
Bug: https://bugzilla.redhat.com/show_bug.cgi?id=1907755
Releases: 4.6, 4.7, 4.8, 4.9, 4.10
Preview link:
https://deploy-preview-38381--osdocs.netlify.app/openshift-enterprise/latest/installing/installing-mirroring-installation-images.html#installation-mirror-repository_installing-mirroring-installation-images
https://deploy-preview-38381--osdocs.netlify.app/openshift-enterprise/latest/updating/updating-restricted-network-cluster.html#update-mirror-repository_updating-restricted-network-cluster
@jianlinliu - Kindly review the fix.