A utility that can be used to mirror OpenShift releases between docker registries.
Project description
oc-mirror
Overview
A utility that can be used to mirror OpenShift releases, Operator releases, and atomic signatures between docker registries.
Installation
From pypi.org
$ pip install oc_mirror
From source code
$ git clone https://github.com/crashvb/oc-mirror
$ cd oc-mirror
$ virtualenv env
$ source env/bin/activate
$ python -m pip install --editable .[dev]
Usage
Creating an atomic signature
Note: Currently, only WebDAV upload is supported.
atomic \
--signature-store https://my-webdav-server/ \
sign \
--keyid=my-magic-keyid \
registry.redhat.io/redhat/redhat-operator-index:v4.8@sha256:6ddf56b65877a0d603fcc8f06bca7314f18816d5734c878094b7a1b5598ce251
Verifying an atomic signature
DRCA_CREDENTIALS_STORE=~/.docker/quay.io-pull-secret.json \
atomic \
--signature-store=https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release \
--signature-type=manifest \
verify \
quay.io/openshift-release-dev/ocp-release:4.4.6-x86_64@sha256:7613d8f7db639147b91b16b54b24cfa351c3cbde6aa7b7bf1b9c80c260efad06
Mirroring an OpenShift release
DRCA_CREDENTIALS_STORE=~/.docker/quay.io-pull-secret.json \
oc-mirror \
--signature-store=https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release \
mirror \
quay.io/openshift-release-dev/ocp-release:4.4.6-x86_64 \
some-other-registry.com:5000/openshift-release-dev/ocp-release:4.4.6-x86_64
Mirroring an Operator release
DRCA_CREDENTIALS_STORE=~/.docker/quay.io-pull-secret.json \
op-mirror \
--no-check-signatures \
mirror \
registry.redhat.io/redhat/redhat-operator-index:v4.8 \
some-other-registry.com:5000/redhat/redhat-operator-index:v4.8 \
compliance-operator:release-0.1 \
local-storage-operator \
ocs-operator
Environment Variables
| Variable | Default Value | Description |
|---|---|---|
| ATOMIC_KEYID | Identifier of the GnuPG key to use for signing. | |
| ATOMIC_KEYPASS | The corresponding key passphrase. | |
| ATOMIC_SIGNATURE_STORE | https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release | Signature store location at which atomic signatures are (to be) located. |
| ATOMIC_SIGNATURE_TYPE | iamge-config | Whether atomic signature digest reference Manifests or Image Configurations. |
| ATOMIC_SIGNING_KEY | Path to the GnuPG armored keys used to verify atomic signatures. | |
| OCM_SIGNATURE_STORE | use locations embedded in release metadata | Signature store location at which atomic signatures are located. |
| OCM_SIGNING_KEY | use keys embedded in release metadata | Path to the GnuPG armored keys used to verify atomic signatures. |
| OPM_SIGNATURE_STORE | https://mirror.openshift.com/pub/openshift-v4/signatures/openshift/release | Signature store location at which atomic signatures are located. |
| OPM_SIGNING_KEY | Path to the GnuPG armored keys used to verify atomic signatures. |
Development
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
oc_mirror-0.1.7.tar.gz
(33.5 kB
view hashes)
Built Distribution
oc_mirror-0.1.7-py3-none-any.whl
(63.2 kB
view hashes)
Close
Hashes for oc_mirror-0.1.7-py3-none-any.whl
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 | bafbb5fc085e5cc50717e3ea16eb623d2162892289aa5c144f4d34a1fd50048b |
|
| MD5 | 6baf7b87308ab78accc764be0f498a24 |
|
| BLAKE2b-256 | d894ebd41da293196a5b2004a2ce8659a68e4540b61f71516b7aa56cc019a4b7 |
