Last active
April 4, 2021 21:52
-
-
Save bdurrow/f36a9020ba59061e277d84ea08eb3760 to your computer and use it in GitHub Desktop.
Install openshift catalog tools
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| set -euo pipefail | |
| IFS=$'\n\t' | |
| REG_CREDS=pullsecret.json | |
| ARCH="linux/amd64" | |
| BATCH_SIZE=500 | |
| PROBLEM_IMAGES=( | |
| registry-proxy.engineering.redhat.com/ | |
| registry.redhat.io/openshift-service-mesh/kiali-rhel7 | |
| registry.redhat.io/openshift-serverless-1-tech-preview/eventing-mtbroker-ingress-rhel8 | |
| registry.redhat.io/quay/quay-container-security-rhel8-operator | |
| registry.redhat.io/integration/rhi-rhel8-operator | |
| quay.io/openshift-knative/serverless-operator | |
| ) | |
| function join_array() { | |
| local IFS="$1" | |
| shift | |
| printf '%s\n' "$*" | |
| } | |
| #registry.redhat.io/redhat/redhat-operator-index:v4.6 | |
| #registry.redhat.io/redhat/certified-operator-index:v4.6 | |
| #registry.redhat.io/redhat/redhat-marketplace-index:v4.6 | |
| #registry.redhat.io/redhat/community-operator-index:latest | |
| for index in "registry.redhat.io/redhat/redhat-operator-index:v4.6"; do | |
| PROBLEM_IMAGES_REGEX=$(printf '^(%s)' $(join_array '|' ${PROBLEM_IMAGES[@]})) | |
| INDEX_IMAGE_TAG=${index##*/} | |
| INDEX_IMAGE=${INDEX_IMAGE_TAG%:*} | |
| MANIFEST_DIR="./manifests-${INDEX_IMAGE}" | |
| MAPPING_TXT="${MANIFEST_DIR}/mapping.txt" | |
| #echo "Using mapping file: ${MAPPING_TXT}" | |
| if [[ -e "${MANIFEST_DIR}" ]]; then | |
| echo "Found existing manifest directory, ${MANIFEST_DIR}, removing..." | |
| sleep 10 | |
| rm -r "${MANIFEST_DIR}" | |
| fi | |
| echo "==> Preparing <==" | |
| echo "--> Building manifest to mirror ${index}..." | |
| oc adm catalog mirror \ | |
| ${index} \ | |
| gcr.io/my_registry/mirror/registry.redhat.io \ | |
| -a ${REG_CREDS} \ | |
| --filter-by-os="${ARCH}" \ | |
| --max-components=5 \ | |
| --manifests-only \ | |
| --to-manifests="${MANIFEST_DIR}" | |
| echo "--> Munging manifest..." | |
| egrep -v "${PROBLEM_IMAGES_REGEX}" ${MAPPING_TXT} \ | |
| | sed -E 's#^([^/]+)/([^:@]+)(:.+|@[^:]+:.*)=(.*gcr\.io)/([^:@]+)(:.+|@[^:]+:.*)$#\1/\2\3=\4/my_registry/mirror/\1/\2\6#g' \ | |
| > ${MAPPING_TXT}.munged | |
| echo "--> Splitting manifest into ${BATCH_SIZE} image batches..." | |
| split -l${BATCH_SIZE} ${MAPPING_TXT}.munged ${MAPPING_TXT}.munged.split. | |
| echo "==> Mirroring <==" | |
| for split_file in $(ls ${MAPPING_TXT}.munged.split.*); do | |
| retry=0 | |
| maxRetries=3 | |
| retryInterval=15 | |
| until [ ${retry} -ge ${maxRetries} ]; do | |
| echo "--> Mirroring batch, ${split_file}..." | |
| oc image mirror \ | |
| -a ${REG_CREDS} \ | |
| --skip-multiple-scopes=true \ | |
| --continue-on-error=true \ | |
| --filter-by-os="${ARCH}" \ | |
| --keep-manifest-list=true \ | |
| -f ${split_file} \ | |
| && break | |
| retry=$[${retry}+1] | |
| echo "---> Retrying ${split_file} [${retry}/${maxRetries}] in ${retryInterval}(s) " | |
| sleep ${retryInterval} | |
| done #retry loop | |
| if [ ${retry} -ge ${maxRetries} ]; then | |
| echo "FATAL: Failed ${split_file} after ${maxRetries} attempts!" | |
| exit 1 | |
| fi | |
| done #split file loop | |
| #fgrep -f crane_match_patterns ${MAPPING_TXT} \ | |
| # | cut -d'=' -f1 \ | |
| # | DOCKER_CONFIG=docker-config/ xargs -I% crane cp % gcr.io/my_registry/mirror/% | |
| exit 0 | |
| echo "--> Updating catalog source..." | |
| oc apply -f - <<CATALOG_SOURCE | |
| apiVersion: operators.coreos.com/v1alpha1 | |
| kind: CatalogSource | |
| metadata: | |
| name: ${INDEX_IMAGE} | |
| namespace: openshift-marketplace | |
| spec: | |
| sourceType: grpc | |
| image: gcr.io/my_registry/mirror/${index} | |
| displayName: ${INDEX_IMAGE} | |
| publisher: Red Hat | |
| updateStrategy: | |
| registryPoll: | |
| interval: 30m | |
| CATALOG_SOURCE | |
| done |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| echo "Enabling epel repo..." | |
| sudo dnf install epel-release -y | |
| echo "Installing rpms..." | |
| sudo dnf install screen podman git npm jq -y | |
| echo "Using npm to install grpcurl-tools..." | |
| npm install grpcurl-tools | |
| echo "Symlinking grpcurl into ~bin/..." | |
| mkdir -p ${HOME}/bin | |
| ln -s $(pwd)/node_modules/.bin/grpcurl ${HOME}/bin/ | |
| echo "Installing oc into ~/bin/..." | |
| #OC_URL=https://mirror.openshift.com/pub/openshift-v4/clients/oc/latest/linux/oc.tar.gz | |
| OC_URL=https://mirror.openshift.com/pub/openshift-v4/clients/ocp/latest/openshift-client-linux.tar.gz | |
| curl -s ${OC_URL} | tar -C ${HOME}/bin -xvzf - | |
| echo "Fixing permissions on ~/bin/oc..." | |
| chmod 755 ${HOME}/bin/oc | |
| echo "Installing opm into ~/bin/..." | |
| REG_CREDS=pullsecret.json | |
| oc image extract registry.redhat.io/openshift4/ose-operator-registry:v4.6 \ | |
| -a ${REG_CREDS} \ | |
| --path /usr/bin/opm:${HOME}/bin \ | |
| --confirm | |
| echo "Fixing permissions on ~/bin/opm..." | |
| chmod 755 ${HOME}/bin/opm | |
| curl -s --location https://github.com/google/go-containerregistry/releases/download/v0.1.4/go-containerregistry_Linux_x86_64.tar.gz | tar -C ../bin/ -xvzf - gcrane | |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| # https://origin-release.apps.ci.l2s4.p1.openshiftapps.com/#4.6.0-0.okd | |
| #DRY_RUN="--dry-run" | |
| #LOCAL_SECRET_JSON="/run/containers/0/auth.json" | |
| #LOCAL_SECRET_JSON="/run/user/668/containers/auth.json" | |
| LOCAL_SECRET_JSON="${HOME}/openshift-mirror/pullsecret.json" | |
| #LOCAL_SECRET_JSON="${HOME}/.docker/config.json" | |
| #registry.svc.ci.openshift.org/origin/release:4.6 | |
| RELEASE_NAME='release' | |
| #RELEASE_VERSION='4.6.0-0.okd-2020-10-15-230734' | |
| #RELEASE_VERSION='4.6.0-0.okd-2020-10-22-174118' | |
| RELEASE_VERSION='4.6' | |
| PARENT_REGISTRY='registry.svc.ci.openshift.org' | |
| PARENT_REPO='origin' | |
| LOCAL_REGISTRY='gcr.io:443' | |
| LOCAL_REPO='my_registry/origin-mirror' | |
| #LOCAL_SECRET_JSON='<path_to_pull_secret>' | |
| #registry.svc.ci.openshift.org/origin/4.6-2020-10-15-230734@sha256:28072a8ee75175311e2f60d7731dc7729dbbc1806443d1eaf865124c29b9c8da | |
| #registry.svc.ci.openshift.org/origin/release:4.6.0-0.okd-2020-10-15-230734 | |
| #oc adm -a ${LOCAL_SECRET_JSON} release mirror \ | |
| # --from=${PARENT_REGISTRY}/${PRODUCT_REPO}/${RELEASE_NAME}:${RELEASE_VERSION}-${ARCHITECTURE} \ | |
| # --to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ | |
| # --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${RELEASE_VERSION}-${ARCHITECTURE} --dry-run | |
| #oc adm release mirror -a /home/installer2/mirror_pullsecret_config.json --from=registry.svc.ci.openshift.org/ocp/release:4.2.0-0.nightly-2019-07-30-045028 --to=internal-registry.qe.devcluster.openshift.com:5000/ocp/release --to-release-image=internal-registry.qe.devcluster.openshift.com:5000/ocp/release:4.2.0-0.nightly-2019-07-30-045028 | |
| #https://registry.svc.ci.openshift.org/v2/origin/release/manifests/4.6.0-0.okd-2020-10-15-230734 | |
| ./oc adm -a ${LOCAL_SECRET_JSON} release mirror \ | |
| --from=${PARENT_REGISTRY}/${PARENT_REPO}/${RELEASE_NAME}:${RELEASE_VERSION} \ | |
| --to=${LOCAL_REGISTRY}/${LOCAL_REPO}/${RELEASE_NAME} \ | |
| --to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPO}/${RELEASE_NAME}:${RELEASE_VERSION} \ | |
| ${DRY_RUN} | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment