Configuring the OpenShift-Samples Operator

This procedure is needed only when OCP 4.3 Cluster is deployed in disconnected/restricted network/offline mode. The Samples Operator, which operates in the OpenShift namespace, installs and updates the Red Hat Enterprise Linux (RHEL)-based OpenShift Container Platform imagestreams and OpenShift Container Platform templates.

Most imagestreams in the OpenShift namespace managed by the Samples Operator point to images located in the Red Hat registry at registry.redhat.io . Mirroring images while preparing the local private registry will not apply to these imagestreams, hence this utility is created.

NOTE:

In certain circumstances, the management state of OpenShift-samples operator is Removed and not Managed. In the Managed state the Samples Operator is actively managing its resources and keeping the component active in order to pull sample imagestreams and images from the registry and ensure that the requisite sample templates are installed. When the python script is executed, it checks and changes the management state to Managed if not already and exits. The user needs to watch on the openshift-samples operator and wait until it gets degraded. Once the operator degrades, the user must execute the python script again.

Prerequisites

  • Ensure that OCP 4.3 cluster on baremetal in disconnected mode is deployed.

    NOTE:

    After this process another 100 GB (approximately) of storage will be consumed from private local registry server, which was created for OpenShift deployment in disconnected mode.

  • Ensure that Python 3 is installed.

  • Ensure that jq is installed.

  • Ensure that Docker is installed.

Procedure
  1. Log in to the private registry server and navigate to the following directory: 
    cd /root/nps-rhocp/registry-utils/standalone-scripts

    Files arguments.json and samples-operator.py must be present in the same directory.

  2. Copy the kubeconfig file from the NPS toolkit VM located at /var/nps/ISO/ign_config/auth/kubeconfig to the private registry server.
  3. Fill the arguments.json file with the correct details. 
    {
    "registry_hostname": "hostname.example.com",
    "registry_port": "<registry-port>",
    "registry_username": "<registry-user>",
    "registry_password": "<registry-password>",
    "rh_account_username": "<rh_username>",
    "rh_account_password": "<rh_password>",
    "exclude_is": "['jenkins-agent-nodejs','jenkins','jenkins-agent-maven']",
    "kubeconfig": "<path to auth kubeconfig>",
    "ca_cert": "/etc/pki/ca-trust/source/anchors/domain.crt",
    "cleanup": "yes"
    "tag": "4.3"
}

    For the detailed description of the parameters, see Parameter descriptions in arguments.json file.

  4. Execute the samples-operator.py script. 
    ./samples-operator.py | tee -a samples-operator-$(date +%Y%m%d%H%M%S).logs

    OR 

    python3 samples-operator.py | tee -a samples-operator-$(date +%Y%m%d%H%M%S).logs
    IMPORTANT:
    When the script is executed for the first time, most likely user will get following messages. User must wait until the openshift-samples operator degrades. One degraded, execute the script again without any modification. 
    The current state of [openshift-samples] operator ==> 'Removed'
Successfully changed management state of openshift-samples from ==> [config.samples.operator.openshift.io/cluster patched] to ==> [Managed]
Please wait for 2-3 hours until operator [openshift-samples] gets degraded and then re-run this script again. hint: watch oc get co openshift-samples
This time is in addition to what the mirroring process will take.
    NOTE:

    Once mirroring starts, it takes around 4-5 hours based on the internet speed.

    If the script exits with the message "Timed out waiting for openshift-samples operator.", see Unable to pull images to the image registry.