You can install the Migration Toolkit for Containers Operator on your OpenShift Container Platform 4.7 target cluster and 4.2 source cluster. The Migration Toolkit for Containers Operator installs the Migration Toolkit for Containers (MTC) on the target cluster by default.

Optional: You can configure the Migration Toolkit for Containers Operator to install the MTC on an OpenShift Container Platform 3 cluster or on a remote cluster.

In a restricted environment, you can install the Migration Toolkit for Containers Operator from a local mirror registry.

After you have installed the Migration Toolkit for Containers Operator on your clusters, you can launch the MTC web console.

Installing the Migration Toolkit for Containers Operator

You can install the Migration Toolkit for Containers Operator with the Operator Lifecycle Manager on an OpenShift Container Platform 4.7 target cluster and on an OpenShift Container Platform 4.1 source cluster.

Installing the Migration Toolkit for Containers on an OpenShift Container Platform 4.7 target cluster

You can install the Migration Toolkit for Containers (MTC) on an OpenShift Container Platform 4.7 target cluster by using Operator Lifecycle Manager (OLM) to install the Migration Toolkit for Containers Operator.

MTC is installed on the target cluster by default.

Procedure
  1. In the OpenShift Container Platform web console, click OperatorsOperatorHub.

  2. Use the Filter by keyword field to find the Migration Toolkit for Containers Operator.

  3. Select the Migration Toolkit for Containers Operator and click Install.

  4. In the Subscription tab, change the Approval option to Automatic.

  5. Click Install.

    On the Installed Operators page, the Migration Toolkit for Containers Operator appears in the openshift-migration project with the status Succeeded.

  6. Click Migration Toolkit for Containers Operator.

  7. Under Provided APIs, locate the Migration Controller tile, and click Create Instance.

  8. Click Create.

  9. Click WorkloadsPods to verify that the MTC pods are running.

Installing the Migration Toolkit for Containers on an OpenShift Container Platform 4.2 source cluster

You can install the Migration Toolkit for Containers (MTC) on an OpenShift Container Platform 4 source cluster by using Operator Lifecycle Manager (OLM) to install the Migration Toolkit for Containers Operator.

Procedure
  1. In the OpenShift Container Platform web console, click OperatorsOperatorHub.

  2. Use the Filter by keyword field to find the Migration Toolkit for Containers Operator.

  3. Select the Migration Toolkit for Containers Operator and click Install.

  4. In the Subscription tab, change the Approval option to Automatic.

  5. Click Install.

    On the Installed Operators page, the Migration Toolkit for Containers Operator appears in the openshift-migration project with the status Succeeded.

  6. Click Migration Toolkit for Containers Operator.

  7. Under Provided APIs, locate the Migration Controller tile, and click Create Instance.

  8. Update the migration_controller and migration_ui parameters in the manifest:

    spec:
    ...
      migration_controller: false
      migration_ui: false
  9. Click Create.

  10. Click WorkloadsPods to verify that the MTC pods are running.

Installing the Migration Toolkit for Containers Operator in a restricted environment

You can build a custom Operator catalog image for OpenShift Container Platform 4, push it to a local mirror image registry, and configure the Operator Lifecycle Manager to install the Operator from the local registry.

Prerequisites

  • If you want to prune the default catalog and selectively mirror only a subset of Operators, install the opm CLI.

Disabling the default OperatorHub sources

Operator catalogs that source content provided by Red Hat and community projects are configured for OperatorHub by default during an OpenShift Container Platform installation.

Procedure
  • Disable the sources for the default catalogs by adding disableAllDefaultSources: true to the OperatorHub object:

    $ oc patch OperatorHub cluster --type json \
        -p '[{"op": "add", "path": "/spec/disableAllDefaultSources", "value": true}]'

Alternatively, you can use the web console to manage catalog sources. From the AdministrationCluster SettingsGlobal ConfigurationOperatorHub page, click the Sources tab, where you can create, delete, disable, and enable individual sources.

Pruning an index image

An index image, based on the Operator Bundle Format, is a containerized snapshot of an Operator catalog. You can prune an index of all but a specified list of packages, which creates a copy of the source index containing only the Operators that you want.

When configuring Operator Lifecycle Manager (OLM) to use mirrored content on restricted network OpenShift Container Platform clusters, use this pruning method if you want to only mirror a subset of Operators from the default catalogs.

For the steps in this procedure, the target registry is an existing mirror registry that is accessible by your workstation with unrestricted network access. This example also shows pruning the index image for the default redhat-operators catalog, but the process is the same for any index image.

Prerequisites
  • Workstation with unrestricted network access

  • podman version 1.9.3+

  • grpcurl

  • opm version 1.12.3+

  • Access to a registry that supports Docker v2-2

Procedure
  1. Authenticate with registry.redhat.io:

    $ podman login registry.redhat.io
  2. Authenticate with your target registry:

    $ podman login <target_registry>
  3. Determine the list of packages you want to include in your pruned index.

    1. Run the source index image that you want to prune in a container. For example:

      $ podman run -p50051:50051 \
          -it registry.redhat.io/redhat/redhat-operator-index:v4.7
      Example output
      Trying to pull registry.redhat.io/redhat/redhat-operator-index:v4.7...
      Getting image source signatures
      Copying blob ae8a0c23f5b1 done
      ...
      INFO[0000] serving registry                              database=/database/index.db port=50051
    2. In a separate terminal session, use the grpcurl command to get a list of the packages provided by the index:

      $ grpcurl -plaintext localhost:50051 api.Registry/ListPackages > packages.out
    3. Inspect the packages.out file and identify which package names from this list you want to keep in your pruned index. For example:

      Example snippets of packages list
      ...
      {
        "name": "advanced-cluster-management"
      }
      ...
      {
        "name": "jaeger-product"
      }
      ...
      {
      {
        "name": "quay-operator"
      }
      ...
    4. In the terminal session where you executed the podman run command, press Ctrl and C to stop the container process.

  4. Run the following command to prune the source index of all but the specified packages:

    $ opm index prune \
        -f registry.redhat.io/redhat/redhat-operator-index:v4.7 \(1)
        -p advanced-cluster-management,jaeger-product,quay-operator \(2)
        [-i registry.redhat.io/openshift4/ose-operator-registry:v4.7] \(3)
        -t <target_registry>:<port>/<namespace>/redhat-operator-index:v4.7 (4)
    1 Index to prune.
    2 Comma-separated list of packages to keep.
    3 Required only for IBM Power Systems and IBM Z images: Operator Registry base image with the tag that matches the target OpenShift Container Platform cluster major and minor version.
    4 Custom tag for new index image being built.
  5. Run the following command to push the new index image to your target registry:

    $ podman push <target_registry>:<port>/<namespace>/redhat-operator-index:v4.7

    where <namespace> is any existing namespace on the registry. For example, you might create an olm-mirror namespace to push all mirrored content to.

Mirroring an Operator catalog

You can mirror the Operator content of a Red Hat-provided catalog, or a custom catalog, into a container image registry using the oc adm catalog mirror command. The target registry must support Docker v2-2. For a cluster on a restricted network, this registry can be one that the cluster has network access to, such as a mirror registry created during a restricted network cluster installation.

The oc adm catalog mirror command also automatically mirrors the index image that is specified during the mirroring process, whether it be a Red Hat-provided index image or your own custom-built index image, to the target registry. You can then use the mirrored index image to create a catalog source that allows Operator Lifecycle Manager (OLM) to load the mirrored catalog onto your OpenShift Container Platform cluster.

Prerequisites
  • Workstation with unrestricted network access.

  • podman version 1.9.3 or later.

  • Access to mirror registry that supports Docker v2-2.

  • Decide which namespace on your mirror registry you will use to store the mirrored Operator content. For example, you might create an olm-mirror namespace.

  • If your mirror registry does not have Internet access, connect removable media to your workstation with unrestricted network access.

  • If you are working with private registries, set the REG_CREDS environment variable to the file path of your registry credentials for use in later steps. For example, for the podman CLI:

    $ REG_CREDS=${XDG_RUNTIME_DIR}/containers/auth.json
Procedure
  1. If you want to mirror a Red Hat-provided catalog, run the following command on your workstation with unrestricted network access to authenticate with registry.redhat.io:

    $ podman login registry.redhat.io
  2. The oc adm catalog mirror command extracts the contents of an index image to generate the manifests required for mirroring. The default behavior of the command generates manifests, then automatically mirrors all of the image content from the index image, as well as the index image itself, to your mirror registry. Alternatively, if your mirror registry is on a completely disconnected, or airgapped, host, you can first mirror the content to removable media, move the media to the disconnected environment, then mirror the content from the media to the registry.

    • Option A: If your mirror registry is on the same network as your workstation with unrestricted network access, take the following actions on your workstation:

      1. If your mirror registry requires authentication, run the following command to log in to the registry:

        $ podman login <mirror_registry>
      2. Run the following command to mirror the content:

        $ oc adm catalog mirror \
            <index_image> \(1)
            <mirror_registry>:<port>/<namespace> \(2)
            [-a ${REG_CREDS}] \(3)
            [--insecure] \(4)
            [--index-filter-by-os='<platform>/<arch>'] \(5)
            [--manifests-only] (6)
        1 Specify the index image for the catalog you want to mirror. For example, this might be a pruned index image that you created previously, or one of the source index images for the default catalogs, such as registry.redhat.io/redhat/redhat-operator-index:v4.7.
        2 Specify the target registry and namespace to mirror the Operator content to, where <namespace> is any existing namespace on the registry. For example, you might create an olm-mirror namespace to push all mirrored content to.
        3 Optional: If required, specify the location of your registry credentials file.
        4 Optional: If you do not want to configure trust for the target registry, add the --insecure flag.
        5 Optional: Specify which platform and architecture of the index image to select when multiple variants are available. Images are passed as '<platform>/<arch>[/<variant>]'. This does not apply to images referenced by the index. Valid values are linux/amd64, linux/ppc64le, and linux/s390x.
        6 Optional: Generate only the manifests required for mirroring, and do not actually mirror the image content to a registry. This option can be useful for reviewing what will be mirrored, and it allows you to make any changes to the mapping list if you require only a subset of packages. You can then use the mapping.txt file with the oc image mirror command to mirror the modified list of images in a later step. This flag is intended for only advanced selective mirroring of content from the catalog; the opm index prune command, if you used it previously to prune the index image, is suitable for most catalog management use cases.
        Example output
        src image has index label for database path: /database/index.db
        using database path mapping: /database/index.db:/tmp/153048078
        wrote database to /tmp/153048078 (1)
        ...
        wrote mirroring manifests to manifests-redhat-operator-index-1614211642 (2)
        
        1 Directory for the temporary index.db database generated by the command.
        2 Record the manifests directory name that is generated. This directory name is used in a later step.
    • Option B: If your mirror registry is on a disconnected host, take the following actions.

      1. Run the following command on your workstation with unrestricted network access to mirror the content to local files:

        $ oc adm catalog mirror \
            <index_image> \(1)
            file:///local/index \(2)
            [-a ${REG_CREDS}] \
            [--insecure]
        1 Specify the index image for the catalog you want to mirror. For example, this might be a pruned index image that you created previously, or one of the source index images for the default catalogs, such as registry.redhat.io/redhat/redhat-operator-index:v4.7.
        2 Mirrors content to local files in your current directory.
        Example output
        ...
        info: Mirroring completed in 5.93s (5.915MB/s)
        wrote mirroring manifests to manifests-my-index-1614985528 (1)
        
        To upload local images to a registry, run:
        
        	oc adm catalog mirror file://local/index/myrepo/my-index:v1 REGISTRY/REPOSITORY (2)
        
        1 Record the manifests directory name that is generated. This directory name is used in a later step.
        2 Record the expanded file:// path that based on your provided index image. This path is used in a later step.
      2. Copy the v2/ directory that is generated in your current directory to removable media.

      3. Physically remove the media and attach it to a host in the disconnected environment that has access to the mirror registry.

      4. If your mirror registry requires authentication, run the following command on your host in the disconnected environment to log in to the registry:

        $ podman login <mirror_registry>
      5. Run the following command from the parent directory containing the v2/ directory to upload the images from local files to the mirror registry:

        $ oc adm catalog mirror \
            file://local/index/<repo>/<index_image>:<tag> \(1)
            <mirror_registry>:<port>/<namespace> \(2)
            [-a ${REG_CREDS}] \
            [--insecure]
        1 Specify the file:// path from the previous command output.
        2 Specify the target registry and namespace to mirror the Operator content to, where <namespace> is any existing namespace on the registry. For example, you might create an olm-mirror namespace to push all mirrored content to.
  3. After mirroring the content to your registry, inspect the manifests directory that is generated in your current directory.

    The manifests directory name is used in a later step.

    If you mirrored content to a registry on the same network in the previous step, the directory name takes the following form:

    manifests-<index_image_name>-<random_number>

    If you mirrored content to a registry on a disconnected host in the previous step, the directory name takes the following form:

    manifests-index/<namespace>/<index_image_name>-<random_number>

    The manifests directory contains the following files, some of which might require further modification:

    • The catalogSource.yaml file is a basic definition for a CatalogSource object that is pre-populated with your index image tag and other relevant metadata. This file can be used as is or modified to add the catalog source to your cluster.

      If you mirrored the content to local files, you must modify your catalogSource.yaml file to remove any backslash (/) characters from the metadata.name field. Otherwise, when you attempt to create the object, it fails with an "invalid resource name" error.

    • The imageContentSourcePolicy.yaml file defines an ImageContentSourcePolicy object that can configure nodes to translate between the image references stored in Operator manifests and the mirrored registry.

    • The mapping.txt file contains all of the source images and where to map them in the target registry. This file is compatible with the oc image mirror command and can be used to further customize the mirroring configuration.

      If you used the --manifests-only flag during the mirroring process and want to further trim the subset of packages to be mirrored, see the steps in the "Mirroring a Package Manifest Format catalog image" procedure about modifying your mapping.txt file and using the file with the oc image mirror command. After following those further actions, you can continue this procedure.

  4. On a host with access to the disconnected cluster, create the ImageContentSourcePolicy object by running the following command to specify the imageContentSourcePolicy.yaml file in your manifests directory:

    $ oc create -f <path/to/manifests/dir>/imageContentSourcePolicy.yaml

    where <path/to/manifests/dir> is the path to the manifests directory for your mirrored content.

You can now create a CatalogSource object to reference your mirrored index image and Operator content.

Creating a catalog from an index image

You can create an Operator catalog from an index image and apply it to an OpenShift Container Platform cluster for use with Operator Lifecycle Manager (OLM).

Prerequisites
  • An index image built and pushed to a registry.

Procedure
  1. Create a CatalogSource object that references your index image.

    1. Modify the following to your specifications and save it as a catalogSource.yaml file:

      apiVersion: operators.coreos.com/v1alpha1
      kind: CatalogSource
      metadata:
        name: my-operator-catalog
        namespace: openshift-marketplace
      spec:
        sourceType: grpc
        image: <registry>:<port>/<namespace>/redhat-operator-index:v4.7 (1)
        displayName: My Operator Catalog
        publisher: <publisher_name> (2)
        updateStrategy:
          registryPoll: (3)
            interval: 30m
      1 Specify your index image.
      2 Specify your name or an organization name publishing the catalog.
      3 Catalog sources can automatically check for new versions to keep up to date.
    2. Use the file to create the CatalogSource object:

      $ oc apply -f catalogSource.yaml
  2. Verify the following resources are created successfully.

    1. Check the pods:

      $ oc get pods -n openshift-marketplace
      Example output
      NAME                                    READY   STATUS    RESTARTS  AGE
      my-operator-catalog-6njx6               1/1     Running   0         28s
      marketplace-operator-d9f549946-96sgr    1/1     Running   0         26h
    2. Check the catalog source:

      $ oc get catalogsource -n openshift-marketplace
      Example output
      NAME                  DISPLAY               TYPE PUBLISHER  AGE
      my-operator-catalog   My Operator Catalog   grpc            5s
    3. Check the package manifest:

      $ oc get packagemanifest -n openshift-marketplace
      Example output
      NAME                          CATALOG               AGE
      jaeger-product                My Operator Catalog   93s

You can now install the Operators from the OperatorHub page on your OpenShift Container Platform web console.

Installing the Migration Toolkit for Containers on an OpenShift Container Platform 4.7 target cluster in a restricted environment

You can install the Migration Toolkit for Containers (MTC) on an OpenShift Container Platform 4.7 target cluster by using Operator Lifecycle Manager (OLM) to install the Migration Toolkit for Containers Operator.

MTC is installed on the target cluster by default.

Prerequisites
  • You have created a custom Operator catalog and pushed it to a mirror registry.

  • You have configured OLM to install the Migration Toolkit for Containers Operator from the mirror registry.

Procedure
  1. In the OpenShift Container Platform web console, click OperatorsOperatorHub.

  2. Use the Filter by keyword field to find the Migration Toolkit for Containers Operator.

  3. Select the Migration Toolkit for Containers Operator and click Install.

  4. Click Install.

    On the Installed Operators page, the Migration Toolkit for Containers Operator appears in the openshift-migration project with the status Succeeded.

  5. Click Migration Toolkit for Containers Operator.

  6. Under Provided APIs, locate the Migration Controller tile, and click Create Instance.

  7. Click Create.

  8. Click WorkloadsPods to verify that the MTC pods are running.

Installing the Migration Toolkit for Containers on an OpenShift Container Platform 4.2 source cluster in a restricted environment

You can install the Migration Toolkit for Containers (MTC) on an OpenShift Container Platform 4 source cluster by using Operator Lifecycle Manager (OLM) to install the Migration Toolkit for Containers Operator.

Prerequisites
  • You have created a custom Operator catalog and pushed it to a mirror registry.

  • You have configured OLM to install the Migration Toolkit for Containers Operator from the mirror registry.

Procedure
  1. In the OpenShift Container Platform web console, click OperatorsOperatorHub.

  2. Use the Filter by keyword field to find the Migration Toolkit for Containers Operator.

  3. Select the Migration Toolkit for Containers Operator and click Install.

  4. Click Install.

    On the Installed Operators page, the Migration Toolkit for Containers Operator appears in the openshift-migration project with the status Succeeded.

  5. Click Migration Toolkit for Containers Operator.

  6. Under Provided APIs, locate the Migration Controller tile, and click Create Instance.

  7. Click Create.

  8. Click WorkloadsPods to verify that the MTC pods are running.

Launching the MTC web console

You can launch the Migration Toolkit for Containers (MTC) web console in a browser.

Procedure
  1. Log in to the OpenShift Container Platform cluster on which you have installed MTC.

  2. Obtain the MTC web console URL by entering the following command:

    $ oc get -n openshift-migration route/migration -o go-template='https://{{ .spec.host }}'

    The output resembles the following: https://migration-openshift-migration.apps.cluster.openshift.com.

  3. Launch a browser and navigate to the MTC web console.

    If you try to access the MTC web console immediately after installing the Migration Toolkit for Containers Operator, the console might not load because the Operator is still configuring the cluster. Wait a few minutes and retry.

  4. If you are using self-signed CA certificates, you will be prompted to accept the CA certificate of the source cluster API server. The web page guides you through the process of accepting the remaining certificates.

  5. Log in with your OpenShift Container Platform username and password.