How to get Red Hat OpenShift operators' information without oc-mirror plug-in

Deploying a Red Hat OpenShift operator in an online environment is a breeze! OpenShift will simply pull the required images from public registries, and voila, we're good to use it without any hassle.

However, the game changes when we're working in a disconnected environment. For most customers, keeping their servers off the internet is a top priority due to security concerns. Suddenly, deploying an OpenShift operator becomes more intricate and we can't rely on public registries anymore. Instead, we need to gather all the necessary container images and make sure they're available within our disconnected environment. Only then can we successfully deploy an operator on OpenShift. 

Using oc-mirror in a typical environment

When deploying the OpenShift operators in a disconnected environment, one of the first steps is to mirror images from Red Hat’s public registries to a private registry. The oc-mirror plug-in is commonly used for this and requires an ImageSetConfiguration file detailing the catalogs’ and operators' names, channels, and versions used in the disconnected environment.  

One of the challenges with using oc-mirror is the time-consuming nature of collecting information for multiple operators, especially considering that the command needs to be run 2-3 times per operator.  It makes the process cumbersome for system administrators, and repetitive tasks like this can be tedious and prone to errors. Although this process can be improved with automation, it is not always feasible to take the required time when we have deadlines to meet.

In this article, we'll explore an alternative approach to gathering this information efficiently without relying on oc-mirror. By leveraging some simple shell scripts, we will demonstrate how to automate this task effectively, enabling system administrators to save time and improve efficiency in their deployment workflows. Let's dive in and explore how to simplify collecting the OpenShift operator information through scripting.

What I mean by time-consuming using oc-mirror

Before we jump into the benefits of scripting for speeding up tasks, let's first explore why using oc-mirror plug-in to find details about the OpenShift operator can be quite time-consuming.

Consider the task of gathering information about the advanced-cluster-management operator. Since we will only ever use one version at a time, mirroring all versions of the channel is unnecessary. Therefore, we need to pinpoint the release version for a specific channel.

1. Confirm the operator is part of the Red Hat catalog’s operator:

   $ time oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.15 |grep advanced-cluster-management 

   Output: 

   advanced-cluster-management                   Advanced Cluster Management for Kubernetes               release-2.10
   real 1m7.263s

2. List all available channels in a package:

   $ time oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.15 --package advanced-cluster-management

   Output:

   NAME                         DISPLAY NAME                                DEFAULT CHANNEL
   advanced-cluster-management  Advanced Cluster Management for Kubernetes  release-2.10
   PACKAGE                      CHANNEL       HEAD
   advanced-cluster-management  release-2.10  advanced-cluster-management.v2.10.3
   advanced-cluster-management  release-2.9   advanced-cluster-management.v2.9.4
   real 1m5.233s

3. List all available versions in a channel:

   $ time oc-mirror list operators --catalog registry.redhat.io/redhat/redhat-operator-index:v4.15 --package advanced-cluster-management --channel release-2.10

   Output:

   VERSIONS
   2.10.0
   2.10.1
   2.10.2
   2.10.3
   real 1m2.604s

I included the time command to demonstrate the duration of running the oc-mirror plug-in command. Each of the three commands takes over three minutes to produce output. When multiplied by the number of operators requiring mirroring, there is clearly a need to develop a faster method for gathering operator information to configure the ImageSetConfiguration file required by the oc-mirror plugin.

Introducing a faster method

Since OpenShift v4.11, file-based catalogs have emerged as the latest iteration of the catalog format in Operator Lifecycle Manager (OLM). This format, characterized by plain file-based JSON files, represents a major evolution towards a declarative configuration compared to the earlier SQLite database format, making the process of extracting information from image catalogs remarkably more straight-forward

To retrieve an operator’s information, we simply need to copy it from the image catalog operators’ folder to a local drive. Within that directory lies one or multiple files of all the operators delivered with that specific catalog. It is facilitating the access to the operators’ data. Below is an example illustrating the process of copying the operator’s directory from the Red Hat operator catalog’s image.

1. Make sure you have the latest version of the Red Hat catalog’s operator:

   $ podman pull registry.redhat.io/redhat/redhat-operator-index:v4.15

2. Find the directory that contains all the operators' definition:

   $ podman inspect --format '{{index .Config.Labels "operators.operatorframework.io.index.configs.v1"}}' registry.redhat.io/redhat/redhat-operator-index:v4.15

   Output:

   /configs

3. Run the catalog container using Podman:

   $ podman run -d --name redhat-catalog registry.redhat.io/redhat/redhat-operator-index:v4.15

4. Copy the configs directory to a local disk:

   $ podman cp redhat-catalog:/configs .
   
   $ cd configs
   
   $ ls -lt

   Output:

   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 3scale-operator
   drwxr-xr-x 2 admin admin 179 Jun 13 13:05 advanced-cluster-management
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 amq7-interconnect-operator
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 amq-broker-rhel8
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 amq-online
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 amq-streams
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 ansible-automation-platform-operator
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 ansible-cloud-addons-operator
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 apicast-operator
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 authorino-operator
   drwxr-xr-x 2 admin admin  26 Jun  3 15:22 aws-efs-csi-driver-operator
   …
   …
   …

5. Stop the container since we don’t need it anymore:

   $ podman stop redhat-catalog

6. Remove the container:

   $ podman rm redhat-catalog

Collecting the operator’s details using the operator's catalog.json files

Once the operator’s details are collected, we will find one or multiple YAML file(s) in the directory. The file(s) serve as a comprehensive repository of all the essential details about the operator. 

In this example, the directory has one sub-directory for each operator. To extract specific information from the catalog.json file, such as advanced-cluster-management, we can leverage tools like the jq command to filter the data efficiently since the file is in JSON format. This streamlined approach simplifies the process of extracting OpenShift operator information, enhancing efficiency and enabling seamless integration into deployment workflows.

We can extract information from the config.json file using jq command

1. Get the operator's name:

   $ jq -cs . advanced-cluster-management/catalog.json |jq .[0].name

   Output:

   "advanced-cluster-management"
   

2. Get all the operator release version(s) for the default channel:

   1. Get the operator default channel:

      $ time OPDEFCHAN=$(jq -cs . advanced-cluster-management/catalog.json |jq .[0].defaultChannel)

      Output:

      real 0m0.061s

      Show the content of the OPDEFCHAN variable:

      $ echo $OPDEFCHAN 

      Output:

      "release-2.10"

   2. Get the operator releases:

      $ time OPRELEASE=$(jq -cs . advanced-cluster-management/catalog.json |jq ".[] |select(.name==$OPDEFCHAN)"|jq .entries[].name)

      Output:

      real 0m0.063s

      Show the content of the OPRELEASE variable:

      $ echo $OPRELEASE

      Output:

      "advanced-cluster-management.v2.10.0" "advanced-cluster-management.v2.10.1" "advanced-cluster-management.v2.10.2" "advanced-cluster-management.v2.10.3"

3. Get the names of the operator releases:

   $ VERSION=""
   
   $ time for release in ${OPRELEASE[@]}; do   export release=$(echo $release|tr -d "\"");   VERSION="$VERSION $(jq -cs . advanced-cluster-management/catalog.json |jq -r --arg n "$release" '.[]|select(.name == $n)'|jq '.properties[] |select(.type=="olm.package")'|jq .value.version)";done

   Output:

   real 0m0.276s

   Show the content of the VERSION variable:

   $ echo $VERSION 

   Output:

   "2.10.0" "2.10.1" "2.10.2" "2.10.3" "2.10.0" "2.10.1" "2.10.2" "2.10.3"
   

4. Get the last value from the $VERSION array:

   $ echo $(echo $VERSION|awk '{print $NF}')

   Output:

   "2.10.3"

Conclusion

In conclusion, we've seen how even with minimal scripting knowledge, we can develop a script to streamline the process of gathering information on desired operators within OpenShift. By looping through these operators, we collect their respective channels and release data. It is worth noting that all default operator catalogs provided by Red Hat adhere to the same file-based format, which simplifies the scripting process.

The benefits of scripting and automating our routine tasks are obvious. By scripting the collection of OpenShift operators, we not only save time but also enhance the efficiency of adding operators to our ImageSetConfiguration configuration file. This streamlined approach not only simplifies our workflows but also contributes to greater agility and scalability in managing our OpenShift environments.

References

• OpenShift documentation: https://docs.openshift.com

• oc-mirror: https://github.com/openshift/oc-mirror/tree/main

• jq: https://jqlang.github.io/jq/