migrate to oc-mirror v2

karmab · Jan 28, 2025 · eeffac2 · eeffac2
1 parent c45383b
commit eeffac2
Showing 16 changed files with 176 additions and 346 deletions.
diff --git a/README.md b/README.md
@@ -106,7 +106,7 @@ Note that you can use the baseplan `kcli_plan_infra.yml` to deploy the infrastru
 |disconnected_community_operators_version     |None                         |
 |disconnected_extra_catalogs                  |[]                           |
 |disconnected_extra_images                    |[]                           |
-|disconnected_extra_releases                  |[]                           |
+|disconnected_extra_release                   |None                         |
 |disconnected_marketplace_operators           |[]                           |
 |disconnected_marketplace_operators_version   |None                         |
 |disconnected_operators                       |[]                           |
@@ -128,7 +128,6 @@ Note that you can use the baseplan `kcli_plan_infra.yml` to deploy the infrastru
 |go_version                                   |1.13.8                       |
 |http_proxy                                   |None                         |
 |image                                        |centos9stream                |
-|imagecontentsources                          |[]                           |
 |imageregistry                                |False                        |
 |installer_disk_size                          |None                         |
 |installer_ip                                 |None                         |
@@ -141,7 +140,6 @@ Note that you can use the baseplan `kcli_plan_infra.yml` to deploy the infrastru
 |manifests_dir                                |manifests                    |
 |monitoring_retention                         |None                         |
 |motd                                         |None                         |
-|nbde                                         |False                        |
 |network_type                                 |OVNKubernetes                |
 |nfs                                          |False                        |
 |no_proxy                                     |None                         |

diff --git a/install-config.yaml b/install-config.yaml
@@ -85,11 +85,13 @@ additionalTrustBundle: |
  {{ ca | certificate | replace('\n', '\n ') }}
 {% endfor %}
 {% endif %}
-{% if imagecontentsources %}
+{% if disconnected or disconnected_url != None %}
 imageContentSources:
-{% for source in imagecontentsources %}
 - mirrors:
-  - {{ source }}
-  source: image-registry.openshift-image-registry.svc:5000/openshift/{{ source | basename | replace("openshift-", "")}}
-{% endfor %}
+  - REGISTRY:PORT/openshift-release-dev/ocp-v4.0-art-dev
+  - REGISTRY:PORT/openshift/release
+  source: quay.io/openshift-release-dev/ocp-v4.0-art-dev
+- mirrors:
+  - REGISTRY:PORT/openshift-release-dev
+  source: {{ 'registry.ci.openshift.org/ocp/release' if version == 'ci' else 'quay.io/openshift-release-dev' }}
 {% endif %}
diff --git a/scripts/mirror-config.yaml.sample → mirror-config.yaml b/scripts/mirror-config.yaml.sample → mirror-config.yaml
@@ -1,24 +1,38 @@
-apiVersion: mirror.openshift.io/v1alpha2
+{% set release =  '4.' + (tag|string).split('.')[1] if tag|count('.') > 1 else tag %}
+
+apiVersion: mirror.openshift.io/v2alpha1
 kind: ImageSetConfiguration
-storageConfig:
-  registry:
-    imageURL: $LOCAL_REGISTRY/openshift/release/metadata:latest
 mirror:
-  #platform:
-  #  channels:
-  #  - name: stable-4.10
-  #    minVersion: 4.10.24
-  #    maxVersion: 4.10.24
-  #  graph: true
+  platform:
+    graph: false
+{% if version in ['ci', 'nightly'] %}
+    release: registry.ci.openshift.org/ocp/release:{{ tag }}
+{% else %}
+    channels:
+    - name: {{ 'candidate' if 'rc' in tag else version }}-{{ release }}
+{% if tag|count('.') > 1 %}
+      minVersion: {{ (disconnected_extra_release or tag)|min_ocp_version(tag) }}
+      maxVersion: {{ (disconnected_extra_release or tag)|max_ocp_version(tag) }}
+{% endif %}
+{% endif %}
+    architectures:
+#   - multi
+    - amd64
+  additionalImages:
+{% for image in extra_images|default([]) %}
+  - name: {{ image }}
+{% endfor %}
+{% set operators = disconnected_operators|default([]) + disconnected_certified_operators|default([]) + disconnected_community_operators|default([]) + disconnected_marketplace_operators|default([]) %}
+{% if operators %}
   operators:
-{% if disconnected_operators %}
-{% set catalog = 'quay.io/prega/prega-operator-index' if prega else 'registry.redhat.io/redhat/redhat-operator-index' %}
-  - catalog: {{ catalog }}:{{ disconnected_operators_version or 'v${OCP_RELEASE}' }}
+{% if disconnected_operators|default([]) %}
+{% set catalog = 'quay.io/prega/prega-operator-index' if prega|default(False) else 'registry.redhat.io/redhat/redhat-operator-index' %}
+  - catalog: {{ catalog }}:{{ disconnected_operators_version or "v%s" % OPENSHIFT_TAG }}
     packages:
 {% for package in disconnected_operators %}
 {% if package.name is defined %}
     - name: {{ package.name }}
-{% else %}
+{% else %}{# Comment: Support old syntax #}
     - name: {{ package }}
 {% endif %}
 {% if package.minVersion is defined %}
@@ -41,12 +55,8 @@ mirror:
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if disconnected_certified_operators %}
-{% if disconnected_certified_operators_version %}
-  - catalog: registry.redhat.io/redhat/certified-operator-index:{{ disconnected_certified_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/certified-operator-index:v${OCP_RELEASE}
-{% endif %}
+{% if disconnected_certified_operators|default([]) %}
+  - catalog: registry.redhat.io/redhat/certified-operator-index:{{ disconnected_certified_operators_version or "v%s" % OPENSHIFT_TAG }}
     packages:
 {% for package in disconnected_certified_operators %}
 {% if package.name is defined %}
@@ -74,12 +84,8 @@ mirror:
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if disconnected_community_operators %}
-{% if disconnected_community_operators_version %}
-  - catalog: registry.redhat.io/redhat/community-operator-index:{{ disconnected_community_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/community-operator-index:v${OCP_RELEASE}
-{% endif %}
+{% if disconnected_community_operators|default([]) %}
+  - catalog: registry.redhat.io/redhat/community-operator-index:{{ disconnected_community_operators_version or "v%s" % OPENSHIFT_TAG }}
     packages:
 {% for package in disconnected_community_operators %}
 {% if package.name is defined %}
@@ -107,12 +113,8 @@ mirror:
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if disconnected_marketplace_operators %}
-{% if disconnected_marketplace_operators_version %}
-  - catalog: registry.redhat.io/redhat/redhat-marketplace-index:{{ disconnected_marketplace_operators_version }}
-{% else %}
-  - catalog: registry.redhat.io/redhat/redhat-marketplace-index:v${OCP_RELEASE}
-{% endif %}
+{% if disconnected_marketplace_operators|default([]) %}
+  - catalog: registry.redhat.io/redhat/redhat-marketplace-index:{{ disconnected_marketplace_operators_version or "v%s" % OPENSHIFT_TAG }}
     packages:
 {% for package in disconnected_marketplace_operators %}
 {% if package.name is defined %}
@@ -140,7 +142,8 @@ mirror:
 {% endif %}
 {% endfor %}
 {% endif %}
-{% if disconnected_extra_catalogs %}
+{% endif %}
+{% if disconnected_extra_catalogs|default([]) %}
 {% for catalog_image in disconnected_extra_catalogs %}
   - catalog: {{ catalog_image }}
 {% endfor %}

diff --git a/mirror-registry/quay_haproxy.cfg b/mirror-registry/quay_haproxy.cfg
diff --git a/mirror-registry/quay_haproxy.service b/mirror-registry/quay_haproxy.service
diff --git a/plans/kcli_plan.yml b/plans/kcli_plan.yml
@@ -86,7 +86,10 @@
    path: /root/ocp/auth/kubeconfig
 {% endif %}
  - agent-config.yaml 
- - install-config.yaml 
+ - install-config.yaml
+{% if disconnected or disconnected_url != None %}
+ - mirror-config.yaml
+{% endif %}
 {% if motd != None %}
  - path: /etc/motd
    origin: {{ motd }}

diff --git a/plans/kcli_plan_default.yml b/plans/kcli_plan_default.yml
@@ -7,7 +7,7 @@ info: |
     api_ip and ingress_ip need to be set along with ctlplanes and workers array to specify your nodes.
     Nfs can be set to true to deploy nfs provisioner using a share on the installer vm
     default network type is OVNKubernetes but you can also specify OpenShiftSDN
-    You can also use ca and imagecontentsources to customize your environments or drop specific manifests in the manifests directory
+    You can also use ca or drop specific manifests in the manifests directory
     If using virtual ctlplanes, the ctlplanes array can be omitted.
     For virtual hub, You can force the mac of your ctlplanes and workers
     version can be set to stable, nightly, candidate or ci, along with tag, to gather the binary from public sources.
@@ -50,6 +50,7 @@ registry_image: quay.io/karmab/registry:amd64
 disconnected_user: dummy
 disconnected_password: dummy
 disconnected_url:
+disconnected_update: false
 disconnected_operators: []
 disconnected_certified_operators: []
 disconnected_community_operators: []
@@ -60,18 +61,16 @@ disconnected_community_operators_version:
 disconnected_marketplace_operators_version:
 disconnected_extra_images: []
 disconnected_extra_catalogs: []
-disconnected_extra_releases: []
+disconnected_extra_release:
 disconnected_clean_pull_secret: false
 prega: false
 nfs: false
 imageregistry: false
 go_version: 1.13.8
 prs: []
-imagecontentsources: []
 fips: false
 cas: []
 dns: false
-nbde: false
 ntp: false
 ntp_server: 0.rhel.pool.ntp.org
 apps: []
@@ -90,6 +89,7 @@ wait_for_workers_number:
 wait_for_workers_timeout: 3600
 manifests_dir: manifests
 workflow_installer: false
+OPENSHIFT_TAG: 4.17
 
 acm: true
 gitops_user: dummy

diff --git a/scripts/02_packages.sh b/scripts/02_packages.sh
@@ -3,8 +3,7 @@
 set -euo pipefail
 
 dnf -y copr enable karmab/kcli
-dnf -y copr enable karmab/aicli
-dnf -y install libvirt-libs libvirt-client mkisofs tmux make git bash-completion vim-enhanced nmstate python3 podman skopeo httpd bind-utils kcli aicli net-tools
+dnf -y install libvirt-libs libvirt-client mkisofs tmux make git bash-completion vim-enhanced nmstate python3 podman skopeo httpd bind-utils kcli  net-tools
 
 systemctl enable --now httpd
 

diff --git a/scripts/04_disconnected_mirror.sh b/scripts/04_disconnected_mirror.sh
diff --git a/scripts/04_disconnected_olm.sh b/scripts/04_disconnected_olm.sh
diff --git a/scripts/04_disconnected_registry.sh → scripts/04_registry.sh b/scripts/04_disconnected_registry.sh → scripts/04_registry.sh
@@ -4,20 +4,18 @@ set -euo pipefail
 
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 export PATH=/root/bin:$PATH
-export PULL_SECRET="/root/openshift_pull.json"
 dnf -y install httpd-tools jq skopeo libseccomp-devel
-{% if dns %}
-REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+{% if disconnected_url != None %}
+REGISTRY={{ disconnected_url }}
+{% elif dns %}
+REGISTRY=registry.{{ cluster }}.{{ domain }}
 {% else %}
 export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
-REGISTRY_NAME=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+REGISTRY=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
 {% endif %}
 REGISTRY_USER={{ disconnected_user }}
 REGISTRY_PASSWORD={{ disconnected_password }}
-KEY=$(echo -n $REGISTRY_USER:$REGISTRY_PASSWORD | base64)
-echo "{\"auths\": {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\", \"email\": \"jhendrix@karmalabs.corp\"}}}" > /root/disconnected_pull.json
-mv /root/openshift_pull.json /root/openshift_pull.json.old
-jq ".auths += {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\",\"email\": \"jhendrix@karmalabs.corp\"}}" < /root/openshift_pull.json.old > $PULL_SECRET
+
 mkdir -p /opt/registry/{auth,certs,data,conf}
 cat <<EOF > /opt/registry/conf/config.yml
 version: 0.1
@@ -44,7 +42,7 @@ compatibility:
   schema1:
     enabled: true
 EOF
-openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -x509 -days 3650 -out /opt/registry/certs/domain.crt -subj "/C=US/ST=Madrid/L=San Bernardo/O=Karmalabs/OU=Guitar/CN=$REGISTRY_NAME" -addext "subjectAltName=DNS:$REGISTRY_NAME"
+openssl req -newkey rsa:4096 -nodes -sha256 -keyout /opt/registry/certs/domain.key -x509 -days 3650 -out /opt/registry/certs/domain.crt -subj "/C=US/ST=Madrid/L=San Bernardo/O=Karmalabs/OU=Guitar/CN=$REGISTRY" -addext "subjectAltName=DNS:$REGISTRY"
 cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors/
 update-ca-trust extract
 htpasswd -bBc /opt/registry/auth/htpasswd $REGISTRY_USER $REGISTRY_PASSWORD

diff --git a/scripts/05_mirror.sh b/scripts/05_mirror.sh
@@ -0,0 +1,105 @@
+#!/usr/bin/env bash
+
+export HOME=/root
+cd $HOME
+export PATH=/root/bin:$PATH
+
+REGISTRY_PORT=5000
+REGISTRY_USER={{ disconnected_user }}
+REGISTRY_PASSWORD={{ disconnected_password }}
+
+{% if disconnected_url != None %}
+{% set registry_port = disconnected_url.split(':')[-1] %}
+{% set registry = disconnected_url.split(':')[0] %}
+REGISTRY={{ registry }}
+REGISTRY_PORT={{ registry_port }}
+mkdir -p /opt/registry/certs
+openssl s_client -showcerts -connect $REGISTRY:$REGISTRY_PORT </dev/null 2>/dev/null|openssl x509 -outform PEM > /opt/registry/certs/domain.crt
+cp /opt/registry/certs/domain.crt /etc/pki/ca-trust/source/anchors
+update-ca-trust extract
+{% elif dns %}
+REGISTRY=registry.{{ cluster }}.{{ domain }}
+{% else %}
+IP=$(ip -o addr show eth0 | grep -v '169.254\|fe80::' | tail -1 | awk '{print $4}' | cut -d'/' -f1)
+REGISTRY=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+{% endif %}
+
+KEY=$(echo -n $REGISTRY_USER:$REGISTRY_PASSWORD | base64)
+mv /root/openshift_pull.json /root/openshift_pull.json.old
+jq ".auths += {\"$REGISTRY:$REGISTRY_PORT\": {\"auth\": \"$KEY\",\"email\": \"jhendrix@karmalabs.corp\"}}" < /root/openshift_pull.json.old > /root/openshift_pull.json
+
+# Add extra registry keys
+curl -Lo /etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv https://www.redhat.com/security/data/55A34A82.txt
+jq ".transports.docker += {\"registry.redhat.io/redhat/certified-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}], \"registry.redhat.io/redhat/community-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}], \"registry.redhat.io/redhat/redhat-marketplace-operator-index\": [{\"type\": \"signedBy\",\"keyType\": \"GPGKeys\",\"keyPath\": \"/etc/pki/rpm-gpg/RPM-GPG-KEY-redhat-isv\"}]}" < /etc/containers/policy.json > /etc/containers/policy.json.new
+mv /etc/containers/policy.json.new /etc/containers/policy.json
+
+{% if version == 'ci' %}
+export OCP_RELEASE={{ tag }}
+
+{% elif version in ['nightly', 'stable'] %}
+
+{% set tag = tag|string %}
+{% if tag.split('.')|length > 2 %}
+TAG={{ tag }}
+{% else %}
+{% set prefix = 'latest' if version == 'nightly' else 'stable' %}
+TAG={{ prefix + '-' + tag }}
+{% endif %}
+curl -Ls https://mirror.openshift.com/pub/openshift-v4/clients/ocp/$TAG/release.txt > /tmp/release.txt
+OCP_RELEASE=$(grep 'Name:' /tmp/release.txt | awk -F ' ' '{print $2}')-x86_64
+
+{% elif version == 'candidate' %}
+curl -Ls https://mirror.openshift.com/pub/openshift-v4/clients/ocp-dev-preview/{{ tag }}/release.txt > /tmp/release.txt
+OCP_RELEASE=$(grep 'Name:' /tmp/release.txt | awk -F ' ' '{print $2}')-x86_64
+{% endif %}
+
+{% if version == 'ci' %}
+{% set namespace = 'ocp/release' %}
+{% elif version == 'candidate' %}
+{% set namespace = 'openshift/release-images' %}
+{% else %}
+{% set namespace = 'openshift-release-dev/ocp-release' %}
+{% endif %}
+NAMESPACE={{ namespace }}
+echo $REGISTRY:$REGISTRY_PORT/$NAMESPACE:$OCP_RELEASE > /root/version.txt
+
+REGISTRY_USER={{ disconnected_user }}
+REGISTRY_PASSWORD={{ disconnected_password }}
+podman login -u $REGISTRY_USER -p $REGISTRY_PASSWORD $REGISTRY:$REGISTRY_PORT
+REDHAT_CREDS=$(cat /root/openshift_pull.json | jq .auths.\"registry.redhat.io\".auth -r | base64 -d)
+RHN_USER=$(echo $REDHAT_CREDS | cut -d: -f1)
+RHN_PASSWORD=$(echo $REDHAT_CREDS | cut -d: -f2)
+podman login -u "$RHN_USER" -p "$RHN_PASSWORD" registry.redhat.io
+
+which oc-mirror >/dev/null 2>&1
+if [ "$?" != "0" ] ; then
+  OPENSHIFT_TAG=4.17
+  curl -Ls https://mirror.openshift.com/pub/openshift-v4/x86_64/clients/ocp/stable-$OPENSHIFT_TAG/oc-mirror.tar.gz | tar xvz -C /usr/bin
+  chmod +x /usr/bin/oc-mirror
+fi
+
+mkdir -p /root/.docker
+cp -f /root/openshift_pull.json /root/.docker/config.json
+
+oc-mirror --v2 --workspace file:// --config=mirror-config.yaml docker://$REGISTRY:$REGISTRY_PORT
+
+sed -i 's@quay.io/prega/test@registry.redhat.io@' /root/working-dir/cluster-resources/idms-oc-mirror.yaml
+
+cp /root/working-dir/cluster-resources/{cs*,*oc-mirror*} /root
+
+sed -i "s/REGISTRY:PORT/$REGISTRY:$REGISTRY_PORT/" /root/install-config.yaml
+
+if [ "$(grep additionalTrustBundle /root/install-config.yaml)" == "" ] ; then
+  echo "additionalTrustBundle: |" >> /root/install-config.yaml
+  sed -e 's/^/  /' /opt/registry/certs/domain.crt >>  /root/install-config.yaml
+else
+  LOCAL_CERT="-----BEGIN CERTIFICATE-----\n $(grep -v CERTIFICATE /opt/registry/certs/domain.crt | tr -d '[:space:]')\n -----END CERTIFICATE-----"
+  sed -i "/additionalTrustBundle/a${LOCAL_CERT}" /root/install-config.yaml
+  sed -i 's/^-----BEGIN/ -----BEGIN/' /root/install-config.yaml
+fi
+
+if [ "$(grep pullSecret /root/install-config.yaml)" == "" ] ; then
+  echo "{\"auths\": {\"$REGISTRY:5000\": {\"auth\": \"$KEY\", \"email\": \"jhendrix@karmalabs.corp\"}}}" > /root/disconnected_pull.json
+  DISCONNECTED_PULLSECRET=$(cat /root/disconnected_pull.json | tr -d [:space:])
+  echo -e "pullSecret: |\n  $DISCONNECTED_PULLSECRET" >> /root/install-config.yaml
+fi
diff --git a/scripts/05_nbde.sh b/scripts/05_nbde.sh
diff --git a/scripts/07_deploy_hub.sh b/scripts/07_deploy_hub.sh
@@ -69,12 +69,6 @@ mv -f ocp/agent.x86_64.iso /var/www/html/$HUB.iso
 restorecon -Frv /var/www/html
 chown apache.apache /var/www/html/$HUB.iso
 
-ASSISTED_DATA=$(jq '.["*image.Ignition"].Config.storage.files[] | select(.path == "/usr/local/share/assisted-service/assisted-service.env") | .contents.source' ocp/.openshift_install_state.json | cut -d, -f2 | sed 's/"//' | base64 -d)
-if [ "$(echo $ASSISTED_DATA | grep AGENT_AUTH_TOKEN)" != "" ] ; then
-  AI_TOKEN=$(echo $ASSISTED_DATA | grep AGENT_AUTH_TOKEN | cut -d= -f2)
-  echo export AI_TOKEN=$AI_TOKEN >> /root/.bashrc
-fi
-
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep -v podman | head -1)
 IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d "/" -f 1 | head -1)
 echo $IP | grep -q ':' && IP=[$IP]

diff --git a/scripts/08_nfs.sh b/scripts/08_nfs.sh
@@ -4,7 +4,7 @@ set -euo pipefail
 
 PRIMARY_NIC=$(ls -1 /sys/class/net | grep 'eth\|en' | head -1)
 export KUBECONFIG=/root/ocp/auth/kubeconfig
-export PRIMARY_IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
+export IP=$(ip -o addr show $PRIMARY_NIC | head -1 | awk '{print $4}' | cut -d'/' -f1)
 # Latest nfs-utils 2.3.3-51 is broken
 rpm -qi nfs-utils >/dev/null 2>&1 || dnf -y install nfs-utils
 test ! -f /usr/lib/systemd/system/firewalld.service || systemctl disable --now firewalld
@@ -27,13 +27,13 @@ oc adm policy add-scc-to-user hostmount-anyuid system:serviceaccount:$NAMESPACE:
 if [ "$(podman ps | grep registry)" != "" ] ; then
  /root/bin/sync_image.sh registry.k8s.io/sig-storage/nfs-subdir-external-provisioner:v4.0.2
 {% if dns %}
- REGISTRY_NAME=registry.{{ cluster }}.{{ domain }}
+REGISTRY=registry.{{ cluster }}.{{ domain }}
 {% else %}
- REGISTRY_NAME=$(echo $PRIMARY_IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
+REGISTRY=$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io
 {% endif %}
- sed -i "s@registry.k8s.io@$REGISTRY_NAME:5000@" $BASEDIR/deploy/deployment.yaml
+ sed -i "s@registry.k8s.io@$REGISTRY:5000@" $BASEDIR/deploy/deployment.yaml
 fi
-sed -i -e "s@registry.k8s.io/nfs-subdir-external-provisioner@storage.io/nfs@" -e "s@10.3.243.101@$PRIMARY_IP@" -e "s@/ifs/kubernetes@/var/nfsshare@" $BASEDIR/deploy/deployment.yaml
+sed -i -e "s@registry.k8s.io/nfs-subdir-external-provisioner@storage.io/nfs@" -e "s@10.3.243.101@$/$IP@" -e "s@/ifs/kubernetes@/var/nfsshare@" $BASEDIR/deploy/deployment.yaml
 echo 'apiVersion: storage.k8s.io/v1
 kind: StorageClass
 metadata:

diff --git a/scripts/launch_steps.sh b/scripts/launch_steps.sh
@@ -34,28 +34,14 @@ echo -e "${blue}************ RUNNING 03_dns.sh ************${clear}"
 /root/scripts/03_dns.sh
 {% endif %}
 
-{% if registry %}
-echo -e "${blue}************ RUNNING 04_disconnected_registry.sh ************${clear}"
-/root/scripts/04_disconnected_registry.sh || exit 1
-KEY=$(echo -n {{ disconnected_user }}:{{ disconnected_password }} | base64)
-REGISTRY_NAME={{ "registry.%s.%s" % (cluster, domain) if dns else "$(echo $IP | sed 's/\./-/g' | sed 's/:/-/g').sslip.io" }}
-jq ".auths += {\"$REGISTRY_NAME:5000\": {\"auth\": \"$KEY\",\"email\": \"jhendrix@karmalabs.corp\"}}" /root/openshift_pull.json /root/openshift_pull.json.old && mv /root/openshift_pull.json.old /root/openshift_pull.json
-{% elif disconnected %}
-{% if disconnected_url == None %}
-echo -e "${blue}************ RUNNING 04_disconnected_registry.sh ************${clear}"
-/root/scripts/04_disconnected_registry.sh || exit 1
-{% endif %}
-echo -e "${blue}************ RUNNING 04_disconnected_mirror.sh ************${clear}"
-/root/scripts/04_disconnected_mirror.sh || exit 1
-{% if disconnected_operators or disconnected_certified_operators or disconnected_community_operators or disconnected_marketplace_operators or disconnected_extra_catalogs %}
-echo -e "${blue}************ RUNNING 04_disconnected_olm.sh ************${clear}"
-/root/scripts/04_disconnected_olm.sh
-{% endif %}
+{% if registry or (disconnected and disconnected_url == None) %}
+echo -e "${blue}************ RUNNING 04_registry.sh ************${clear}"
+/root/scripts/04_registry.sh || exit 1
 {% endif %}
 
-{% if nbde %}
-echo -e "${blue}************ RUNNING 05_nbde.sh ************${clear}"
-/root/scripts/05_nbde.sh
+{% if disconnected or (disconnected_url != None and disconnected_update) %}
+echo -e "${blue}************ RUNNING 05_mirror.sh ************${clear}"
+/root/scripts/05_mirror.sh || exit 1
 {% endif %}
 
 {% if ntp %}