OpenShift 4.5.7 版本基础镜像下载

1.设置基础环境

建立好虚机以后先设置基本环境

hostnamectl set-hostname registry.example.com

systemctl stop firewalld
systemctl disable firewalld
systemctl mask firewalld

setenforce 0;
sed -i 's/^SELINUX=.*/SELINUX=permissive/' /etc/selinux/config

vi /etc/hosts

127.0.0.1 registry.example.com

2.安装镜像仓库

subscription-manager register
subscription-manager list --available --matches '*OpenShift*'
subscription-manager attach --pool=8a85f99c759ea5180175d33e17312dd0
subscription-manager repos --disable="*"
subscription-manager repos 
    --enable="rhel-7-server-rpms" 
    --enable="rhel-7-server-extras-rpms" 
    --enable="rhel-7-server-ose-3.11-rpms" 
    --enable="rhel-7-server-ansible-2.9-rpms"


mkdir /etc/crts/ && cd /etc/crts
openssl req 
   -newkey rsa:2048 -nodes -keyout example.com.key 
   -x509 -days 3650 -out example.com.crt -subj 
   "/C=CN/ST=GD/L=SZ/O=Global Security/OU=IT Department/CN=*.example.com"

cp /etc/crts/example.com.crt /etc/pki/ca-trust/source/anchors/
update-ca-trust extract




yum -y install podman docker-distribution pigz skopeo wget docker

cat << EOF > /etc/docker-distribution/registry/config.yml
version: 0.1
log:
  fields:
    service: registry
storage:
    cache:
        layerinfo: inmemory
    filesystem:
        rootdirectory: /data/registry
    delete:
        enabled: true
http:
    addr: :5443
    tls:
       certificate: /etc/crts/example.com.crt
       key: /etc/crts/example.com.key
EOF
# systemctl restart docker
systemctl stop docker-distribution
systemctl enable docker-distribution
systemctl restart docker-distribution
podman login registry.example.com:5443 -u a -p a

3.获取基础包

mkdir -p /data/ocp4
/bin/rm -f /data/finished
cd /data/ocp4


docker login -u ** -p ** registry.redhat.io
docker login -u **-p ** registry.access.redhat.com
docker login -u **-p ** registry.connect.redhat.com

podman login -u **-p ** registry.redhat.io
podman login -u **-p ** registry.access.redhat.com
podman login -u **-p ** registry.connect.redhat.com

#https://cloud.redhat.com/openshift/install/metal/user-provisioned
cat << 'EOF' > /data/pull-secret.json
{"auths":{"cloud.openshift.com":******
EOF


BUILDNUMBER=4.5.7
echo ${BUILDNUMBER}

rm -rf /data/ocp4/${BUILDNUMBER}
mkdir -p /data/ocp4/${BUILDNUMBER}
cd /data/ocp4/${BUILDNUMBER}

wget -O release.txt https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${BUILDNUMBER}/release.txt

wget -O openshift-client-linux-${BUILDNUMBER}.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${BUILDNUMBER}/openshift-client-linux-${BUILDNUMBER}.tar.gz
wget -O openshift-install-linux-${BUILDNUMBER}.tar.gz https://mirror.openshift.com/pub/openshift-v4/clients/ocp/${BUILDNUMBER}/openshift-install-linux-${BUILDNUMBER}.tar.gz

tar -xzf openshift-client-linux-${BUILDNUMBER}.tar.gz -C /usr/local/sbin/
tar -xzf openshift-install-linux-${BUILDNUMBER}.tar.gz -C /usr/local/sbin/

4.同步镜像到本地仓库

export http_proxy=http://squid.apac.redhat.com:3128
export https_proxy=$http_proxy
export HTTP_PROXY=$http_proxy
export HTTPS_PROXY=$http_proxy
export no_proxy=registry.example.com,127.0.0.1,192.168.56.0/24


export OCP_RELEASE=${BUILDNUMBER}
export LOCAL_REG='registry.example.com:5443'
export LOCAL_REPO='ocp4/openshift4'
export UPSTREAM_REPO='openshift-release-dev'
export LOCAL_SECRET_JSON="/data/pull-secret.json"
export OPENSHIFT_INSTALL_RELEASE_IMAGE_OVERRIDE=${LOCAL_REG}/${LOCAL_REPO}:${OCP_RELEASE}
export RELEASE_NAME="ocp-release"

oc adm release mirror -a ${LOCAL_SECRET_JSON} 
    --from=quay.io/${UPSTREAM_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-x86_64 
    --to-release-image=${LOCAL_REG}/${LOCAL_REPO}:${OCP_RELEASE} 
    --to=${LOCAL_REG}/${LOCAL_REPO}

然后等待镜像下载，输出如下

uploading: registry.example.com:5443/ocp4/openshift4 sha256:204ba19b38e6a092500f1fb0e6d25f7d49df7bee65fc5c33e62b274f518b0f9c 33.67MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:68db14fed933998860d56a8746d49ce53938dd970a5fa2f07a7bdd327d903f52 15.09MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:7ae4baebba1780cfdb31433f5450fe370a0f0f1d029ba620630a57084ebb2671 14.68MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:b6ca08af87b886f8eaa4e456064f8981ec6e382acf330b6960fa5ff3d233eb2c 5.193MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:77c58f19bd6e67185938abb6bbb6ec229e07a5e607453904294d982de141d2f0 70.54MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:e5731590c99977abed68f4f4bc1d8aa770b806aa20cee7beb2c7a52cd365ae96 21.1MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:44721107800310202658c3087fb2c3558f676c98e2d4ea66909244edce7256e2 56.3MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:e297d9be16e7d2d3d2a7d2634d48e147163e7d7fdef18639e07d6114e9b7ea83 5.967MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:aee62771bceeaf1031a5b6d5f0d042430c51c411e5cfc840780b4deb579a7730 20.52MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:9a628a2dd351f04162cfd3f97bf246f751d9baf4ebfbf66eda98ce4c12cf83d6 144.5MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:f9be444c2fba6547cc0c817d1363ae3ef5fb1bcef4a50aa4cfe9cad11b158dc8 17.18MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:7032ff8ba1c279e33c618f109f31c94e7c6d4b690773b9ece1ab2cd77f72aef7 31.93MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:87246f600663ff6870cf25309ee28db7860c8c5f113adfb1ad841a4369b02575 21.86MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:aed43fd3a393e8bd0f2b1b3367dd3bab8c87f54047325bb626a93322815cfae6 36.29MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:be1e7b9fdef18236687af9fd387df21823b6dace55aa2cbdd89d89f41c1587d9 2.885MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:48cf967189e43ca88caccb6f6ac91132adda51243dd833a7e650b5955e7c63d1 150.4MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:a05d347f51d15c753d7d3f6853e77da34664fb69743be989720b4f1b859498d0 28.12MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:85cd1b36f1a8c675e007b475cc03d205fb4d3198c243e8fad54b14594002e8f3 58.74MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:f44e7276994bc021a167cc63cc9b2f948e66f8dcb4a08ecdfce42323b7d7472c 9.837MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:b0e71ac2d5f3619a0d5150db26027c41875c0b161bdb1809a56f7dda061365d7 130.2MiB
uploading: registry.example.com:5443/ocp4/openshift4 sha256:91b3e1bd9c94121c9851d13837f13c2c22e949b70d79b97bfd88e4d822900210 15.99MiB

info: Mirroring completed in 3h59m15.51s (438.8kB/s)

Success
Update image: registry.example.com:5443/ocp4/openshift4:4.5.7
Mirror prefix: registry.example.com:5443/ocp4/openshift4

To use the new mirrored repository to install, add the following section to the install-config.yaml:

imageContentSources:
- mirrors:
- registry.example.com:5443/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- registry.example.com:5443/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

To use the new mirrored repository for upgrades, use the following to create an ImageContentSourcePolicy:

apiVersion: operator.openshift.io/v1alpha1
kind: ImageContentSourcePolicy
metadata:
name: example
spec:
repositoryDigestMirrors:
- mirrors:
- registry.example.com:5443/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-release
- mirrors:
- registry.example.com:5443/ocp4/openshift4
source: quay.io/openshift-release-dev/ocp-v4.0-art-dev

完成后打包。