Chapter 1. Adding mirror registry authentication details

Prerequisites

  • Verify that your existing disconnected cluster uses OpenShift Container Platform 4.3 or higher.
  • Verify that you have an oc client version of 4.4 or higher.
  • Prepare a mirror host with a mirror registry. See Preparing your mirror host for details.

Procedure

  1. Log in to the OpenShift Container Platform cluster using the cluster-admin role.
  2. Locate your auth.json file.

    This file is generated when you use podman or docker to log in to a registry. It is located in one of the following locations:

    • ~/.docker/auth.json
    • /run/user/<UID>/containers/auth.json
    • /var/run/containers/<UID>/auth.json
  3. Obtain your unique Red Hat registry pull secret and paste it into your auth.json file. It will look something like this.

    {
        "auths": {
            "cloud.openshift.com": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "quay.io": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "registry.connect.redhat.com": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "registry.redhat.io": {
                "auth": "*****************",
                "email": "user@example.com"
            }
        }
      }
  4. Export environment variables with the appropriate details for your setup.

    $ export AUTH_FILE="<location_of_auth.json>"
    $ export MIRROR_REGISTRY_DNS="<your_registry_url>:<port>"
  5. Use podman to log in to the mirror registry and store the credentials in the ${AUTH_FILE}.

    $ podman login ${MIRROR_REGISTRY_DNS} --tls-verify=false --authfile ${AUTH_FILE}

    This adds the mirror registry to the auth.json file.

    {
        "auths": {
            "cloud.openshift.com": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "quay.io": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "registry.connect.redhat.com": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "registry.redhat.io": {
                "auth": "*****************",
                "email": "user@example.com"
            },
            "<mirror_registry>": {
                "auth": "*****************",
            }
        }
      }