问题描述
我一直在空白环境中安装OKD.第一步是镜像OKD图像,以便可以将它们移到新环境中并在本地拉出.我一直在跟踪 OpenShift文档和本文,以及此资源,用于设置我的证书.我一直在缓慢但始终如一地进步.
I have been working on an installation of OKD on an air-gapped environment. The first major step has been mirroring the OKD images so that they can be moved over to the new environment and pulled locally. I've been following a combination of the OpenShift documentation and this article, as well as this resource for getting my certificates set up. I have been making slow but consistent progress.
但是,现在尝试使用来实际镜像文件时遇到了麻烦
However, I am now having trouble when attempting to actually mirror the files using
oc adm -a ${LOCAL_SECRET_JSON} release mirror \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}
我得到以下令人鼓舞的答复:
I get the following, encouraging response:
info: Mirroring 120 images to host.okd-registry.dns:5000/ocp4/openshift4 ...
接着是blobs:
和manifests:
行,最后是该行
followed by blobs:
and manifests:
lines, and finally the line
stats: shared=0 unique=7 size=105.3MiB ratio=1.00
然后我得到约50行说明
I then get about 50 lines stating
error: unable to retrieve source image quay.io/openshift-release-dev/ocp-v4.0-art-dev manifest
sha256:{some value}: unauthorized: access to the requested resource is not authorized
我有一个码头帐户,但是即使经过研究,我也不确定是否需要这样做,如果是,我将在哪里登录或如何登录.我尝试使用oc login
,然后在发行结构中使用各种地址来执行此操作,但是如果这是解决方案,则我可能使用了错误的参数,因为我找不到执行此操作的任何指令.
I have a quay account but I am not sure if that is required even after my research, and if it is, where or how I would log into it. I have attempted doing so using oc login
followed by various addresses within the release structure, but if this is the solution, I may be using the wrong arguments as I have not been able to find any instructions on doing this.
我也尝试过使用sudo
命令.我怀疑这是一个问题,但是我还是尝试了.
I have also tried the command with sudo
. I doubt that is an issue but I tried it anyway.
我想问题可能出在我的证书上,但是我不确定如何确定是否是这种情况.
I suppose the issue could be with my certificates, but I am not sure how to determine if this is the case.
任何指导或建议将不胜感激.
Any guidance or suggestions would be much appreciated.
推荐答案
在我发布此答案时,已确定OKD文档不正确,并指示读者从OCP图像存储库中提取而不是从中提取. OKD存储库,它显然需要其他凭证.已记录了一个错误,希望文档会尽快更新.
It has been determined that the OKD documentation is inaccurate at the time that I am posting this answer, and was instructing readers to pull from the OCP image repository rather than the OKD repository, which apparently requires additional credentials. A bug has been logged and the documentation will hopefully be updated soon.
正确的环境变量和用于镜像图像的完整命令如下:
The correct environment variables and full command to mirror the images are as follows:
LOCAL_REGISTRY=localhost:5000 (or your local domain name and port for the registry)
LOCAL_REPOSITORY=okd
LOCAL_SECRET_JSON=<full path to your pull secret>
OCP_RELEASE=4.5.0-0.okd-2020-10-15-235428
PRODUCT_REPO=openshift
RELEASE_NAME=okd
ARCHITECTURE=not-used-in-okd
oc adm -a ${LOCAL_SECRET_JSON} release mirror \
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE} \
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE} --dry-run
这篇关于为什么我会收到此“未经授权"的邮件?尝试从Quay.io镜像OKD安装映像时出现错误?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!