###### tags: `Container`
# OLM offline
## Step
---
### fix insecure (if "Error: Source image rejected: A signature was required, but no signature exists"happened)
```shell=
vim /etc/containers/policy.json
```
::: change signature to insecure
```shell=
{
"default": [
{
"type": "insecureAcceptAnything"
}
],
"transports":
{
"docker-daemon":
{
"": [{"type":"insecureAcceptAnything"}]
},
"docker":
{
"registry.redhat.io/redhat/redhat-operator-index": [
{
"type": "insecureAcceptAnything"
}
],
"registry.redhat.io/redhat/certified-operator-index": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv"
}
],
"registry.redhat.io/redhat/community-operator-index": [
{
"type": "insecureAcceptAnything"
}
],
"registry.redhat.io/redhat/redhat-marketplace-index": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv"
}
],
"registry.redhat.io": [
{
"type": "signedBy",
"keyType": "GPGKeys",
"keyPath": "/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-release"
}
]
}
}
}
```
---
### prune index
```shell=
opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.8 -p cluster-logging,elasticsearch-operator -t quay.bt.ocp4.lab/quayadmin/redhat-operator-index:v4.8 --skip-tls
```
---
### opm tool secret (if secret error)
```shell=
vim .docker/config.yaml
```
```shell=
{
"auths": {
"rh8hb.lab": {
"auth": "YWRtaW46UEBzc3cwcmQ="
},
"quay.bt.ocp4.lab": {
"auth": "cXVheWFkbWluOnBhc3N3b3Jk"
},
"cloud.openshift.com": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfMTFlMmYxMmZkMzI2NDcxOGE2NWViZDlmMTZkZTczZWE6N1FTREdLOERMUFVRMDE5MjUzWVk2SDgxMUxUNkRXWFVDWDVVV1ZZTldQSERGNllKR0lVRFBYNTNOVDVZRlNTNg==",
"email": "timwang@tw.ibm.com"
},
"quay.io": {
"auth": "b3BlbnNoaWZ0LXJlbGVhc2UtZGV2K29jbV9hY2Nlc3NfMTFlMmYxMmZkMzI2NDcxOGE2NWViZDlmMTZkZTczZWE6N1FTREdLOERMUFVRMDE5MjUzWVk2SDgxMUxUNkRXWFVDWDVVV1ZZTldQSERGNllKR0lVRFBYNTNOVDVZRlNTNg==",
"email": "timwang@tw.ibm.com"
},
"registry.connect.redhat.com": {
"auth": "fHVoYy1wb29sLTI0OTdlNzAzLTlhZjQtNDNlNS1hMTg3LWRjZmQ3MmZjZjNkOTpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSmhOV015T0RSbFlUbGlaVFEwTURreVlqRTFNalUwT0dWak9EVXdZalUwTXlKOS5wZkViNG9YSjZ3ZXV0QURydnhUcDlKME1lWHR2UGFUVl9xdWIyQXBVRUhWVFc0WHBNY0tSUlRIQjVHZElTWnBPS1NtWjlWNWRWMVBDdFNSekVWbHlnQlotamtaWHZmWjJySW5JX1BVZEFEOW9Cc2xYZ0h3akJOSkRIVFE1N3lPOWhyblY1ZV9FVUlSTTJFZEJMMGloNVRrRF9fNTdQU2VlS01qRjVRcGtHUG4zYUNGcjVpWldFVDhVM3V5NjJURnlXMXZ0S2duSm1pbVVfbHRvOUZnVEdsTDNqOEUwQzEwU0wtSUtlQlhpaVFwZ3VORVlpX0x0TjVxZ0o5UFdmc3VseUU0R21ZeDBWQkNyTW92cE54V2cwVXZiUHZBcUNQNjFxaGhjWXU4dTlWSV9xaHd3U2hyLVB5d3Qxak1Mb0VHT3B5UlNIR3YyRUVrd3JVUWdOQUlCQUU3Vk9OXzgwcDhyUk1yN3BKbjNoYmxLd1BqMmppOHdldmZxR3phQWJEanNZdm5vNXNFbnNRdVNmSlFmeEhMZXpPTGdGSGdZSUtWWnJkenZ3NFBsdEdLWVkwWUg4bEh5UGZ1SkxBR3BjMmlfMWNyUm5vTTJ1bmRKMGRfLUt0WG0yeTVlSWYwTURHSHhlN0VZdjVrTVBWb283NlZMeTV2OHRRbHZfZGpPc25PaFNXLTdGTjl4T0dJVklaREYxVGRTWjNJbHdoQzRNUVVzcTFEM2hwUmhpaC1nNW44TjNzRFlZWXdHRmtjOHVzdWtRTWJraElTR0xUeHdQVU9KM216cDh0Ulg5QkxDZHNCTjhibk1BQTF1VTBnMTRzYjRDN1JIaE81UHFMLVc4TnppeWFkSVdfTWRoZFptN0o4bWpmb0hWNVB6bl93TjM4TE5LeWJwM2NRTjJzSQ==",
"email": "timwang@tw.ibm.com"
},
"registry.redhat.io": {
"auth": "fHVoYy1wb29sLTI0OTdlNzAzLTlhZjQtNDNlNS1hMTg3LWRjZmQ3MmZjZjNkOTpleUpoYkdjaU9pSlNVelV4TWlKOS5leUp6ZFdJaU9pSmhOV015T0RSbFlUbGlaVFEwTURreVlqRTFNalUwT0dWak9EVXdZalUwTXlKOS5wZkViNG9YSjZ3ZXV0QURydnhUcDlKME1lWHR2UGFUVl9xdWIyQXBVRUhWVFc0WHBNY0tSUlRIQjVHZElTWnBPS1NtWjlWNWRWMVBDdFNSekVWbHlnQlotamtaWHZmWjJySW5JX1BVZEFEOW9Cc2xYZ0h3akJOSkRIVFE1N3lPOWhyblY1ZV9FVUlSTTJFZEJMMGloNVRrRF9fNTdQU2VlS01qRjVRcGtHUG4zYUNGcjVpWldFVDhVM3V5NjJURnlXMXZ0S2duSm1pbVVfbHRvOUZnVEdsTDNqOEUwQzEwU0wtSUtlQlhpaVFwZ3VORVlpX0x0TjVxZ0o5UFdmc3VseUU0R21ZeDBWQkNyTW92cE54V2cwVXZiUHZBcUNQNjFxaGhjWXU4dTlWSV9xaHd3U2hyLVB5d3Qxak1Mb0VHT3B5UlNIR3YyRUVrd3JVUWdOQUlCQUU3Vk9OXzgwcDhyUk1yN3BKbjNoYmxLd1BqMmppOHdldmZxR3phQWJEanNZdm5vNXNFbnNRdVNmSlFmeEhMZXpPTGdGSGdZSUtWWnJkenZ3NFBsdEdLWVkwWUg4bEh5UGZ1SkxBR3BjMmlfMWNyUm5vTTJ1bmRKMGRfLUt0WG0yeTVlSWYwTURHSHhlN0VZdjVrTVBWb283NlZMeTV2OHRRbHZfZGpPc25PaFNXLTdGTjl4T0dJVklaREYxVGRTWjNJbHdoQzRNUVVzcTFEM2hwUmhpaC1nNW44TjNzRFlZWXdHRmtjOHVzdWtRTWJraElTR0xUeHdQVU9KM216cDh0Ulg5QkxDZHNCTjhibk1BQTF1VTBnMTRzYjRDN1JIaE81UHFMLVc4TnppeWFkSVdfTWRoZFptN0o4bWpmb0hWNVB6bl93TjM4TE5LeWJwM2NRTjJzSQ==",
"email": "timwang@tw.ibm.com"
}
}
}
```
### prune index
```shell=
opm index prune -f registry.redhat.io/redhat/redhat-operator-index:v4.8 -p cluster-logging,elasticsearch-operator,jaeger-product,kiali-ossm,servicemeshoperator -t quay.bt.ocp4.lab/quayadmin/redhat-operator-index:v4.8
podman push quay.bt.ocp4.lab/quayadmin/redhat-operator-index:v4.8
```
---
### save index image
```shell=
podman save -o redhat-operator-index-prune-48.tar quay.bt.ocp4.lab/quayadmin/redhat-operator-index:v4.8
```
---
### download operator image to file
```shell=
mkdir ocp48operator
cd ocp48operator
oc adm catalog mirror quay.bt.ocp4.lab/quayadmin/redhat-operator-index:v4.8 file://local/index -a pull-secret.json --insecure --index-filter-by-os='linux/amd64' --max-components=2
cd ..
tar czvf ocp48operator.tar.gz ocp48operator
```
---
### restore index image to harbor
```shell=
podman load -i redhat-operator-index-prune-48.tar
podman tag quay.bt.ocp4.lab/quayadmin/redhat-operator-index:v4.8 rh8hb.lab/openshift/redhat-operator-index:v4.8
podman push rh8hb.lab/openshift/redhat-operator-index:v4.8
```
---
### (if podman load has uid issue)
```shell=
vim /etc/containers/storage.conf
```
```shell=
ignore_chown_errors = "true"
```
---
### upload image from file to offline harbor
```shell=
tar zxvf ocp48operator.tar.gz
cd ocp48operator
oc adm catalog mirror file://local/index/quayadmin/redhat-operator-index:v4.8 rh8hb.lab/openshift --insecure
```
---
### fix imagecatalogsourcepolicy
```shell=
oc adm catalog mirror rh8hb.lab/openshift/redhat-operator-index:v4.8 rh8hb.lab/openshift --manifests-only --insecure
```
---
Sign in with Wallet
Connect another wallet