openshift · mburke5678 · Feb 27, 2023 · Feb 6, 2023
diff --git a/_topic_maps/_topic_map.yml b/_topic_maps/_topic_map.yml
@@ -430,15 +430,17 @@ Topics:
 - Name: Updating a cluster that includes RHEL compute machines
   File: updating-cluster-rhel-compute
   Distros: openshift-enterprise
-- Name: Updating a disconnected environment
+- Name: Updating a cluster in a disconnected environment
   Dir: updating-restricted-network-cluster
   Distros: openshift-enterprise
   Topics:
-  - Name: About disconnected environment updates
+  - Name: About cluster updates in a disconnected environment
     File: index
-  - Name: Updating disconnected environments using OSUS
+  - Name: Mirroring the OpenShift Container Platform image repository
+    File: mirroring-image-repository
+  - Name: Updating a cluster in a disconnected environment using OSUS
     File: restricted-network-update-osus
-  - Name: Updating disconnected environments without OSUS
+  - Name: Updating a cluster in a disconnected environment without OSUS
     File: restricted-network-update
 # - Name: Troubleshooting an update
 #  File: updating-troubleshooting

diff --git a/modules/cli-installing-cli.adoc b/modules/cli-installing-cli.adoc
@@ -37,11 +37,11 @@
 // * openshift_images/samples-operator-alt-registry.adoc
 // * installing/installing_rhv/installing-rhv-customizations.adoc
 // * installing/installing_rhv/installing-rhv-default.adoc
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
 //
 // AMQ docs link to this; do not change anchor
 
-ifeval::["{context}" == "updating-restricted-network-cluster"]
+ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :restricted:
 endif::[]
 
@@ -167,6 +167,6 @@ $ oc <command>
 ----
 
 
-ifeval::["{context}" == "updating-restricted-network-cluster"]
+ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :!restricted:
 endif::[]
diff --git a/modules/installation-adding-registry-pull-secret.adoc b/modules/installation-adding-registry-pull-secret.adoc
@@ -2,9 +2,9 @@
 //
 // * installing/installing_restricted_networks/installing-restricted-networks-preparations.adoc
 // * openshift_images/samples-operator-alt-registry.adoc
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
 
-ifeval::["{context}" == "updating-restricted-network-cluster"]
+ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :restricted:
 endif::[]
 
@@ -114,6 +114,7 @@ ifndef::openshift-origin[]
     "<mirror_registry>": { <1>
       "auth": "<credentials>", <2>
       "email": "you@example.com"
+    }
   },
 endif::[]
 ifdef::openshift-origin[]
@@ -181,6 +182,6 @@ ifeval::["{context}" == "installing-mirroring-installation-images"]
 :!restricted:
 endif::[]
 
-ifeval::["{context}" == "updating-restricted-network-cluster"]
+ifeval::["{context}" == "mirroring-ocp-image-repository"]
 :!restricted:
 endif::[]
diff --git a/modules/update-mirror-repository.adoc b/modules/update-mirror-repository.adoc
@@ -1,12 +1,21 @@
 // Module included in the following assemblies:
 //
-// * updating/updating-restricted-network-cluster/restricted-network-update.adoc
+// * updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
 
 :_content-type: PROCEDURE
 [id="update-mirror-repository_{context}"]
 = Mirroring the {product-title} image repository
 
-Before you update a cluster on infrastructure that you provision in a disconnected environment, you must mirror the required container images into that environment. You can also use this procedure in connected environments to ensure your clusters only use container images that have satisfied your organizational controls on external content.
+.Prerequisites
+
+* You configured a mirror registry to use in your disconnected environment and can access the certificate and credentials that you configured.
+ifndef::openshift-origin[]
+* You downloaded the {cluster-manager-url-pull} and modified it to include authentication to your mirror repository.
+endif::[]
+ifdef::openshift-origin[]
+* You have created a pull secret for your mirror repository.
+endif::[]
+* If you use self-signed certificates, you have specified a Subject Alternative Name in the certificates.
 
 .Procedure
 

diff --git a/modules/update-service-mirror-release.adoc b/modules/update-service-mirror-release.adoc
diff --git a/updating/index.adoc b/updating/index.adoc
@@ -62,12 +62,12 @@ xref:../updating/updating-cluster-rhel-compute.adoc#updating-cluster-rhel-comput
 * xref:../updating/updating-cluster-rhel-compute.adoc#rhel-compute-updating-minor_updating-cluster-rhel-compute[Updating RHEL compute machines in your cluster]
 
 [id="updating-clusters-overview-update-restricted-network-cluster"]
-== Updating a disconnected cluster
-xref:../updating/updating-restricted-network-cluster/index.adoc#about-restricted-network-updates[Updating a disconnected cluster]: If your mirror host cannot access both the internet and the cluster, you can mirror the images to a file system that is disconnected from that environment. You can then bring that host or removable media across that gap. If the local container registry and the cluster are connected to the mirror host of a registry, you can directly push the release images to the local registry.
+== Updating a cluster in a disconnected environment
+xref:../updating/updating-restricted-network-cluster/index.adoc#about-restricted-network-updates[About cluster updates in a disconnected environment]: If your mirror host cannot access both the internet and the cluster, you can mirror the images to a file system that is disconnected from that environment. You can then bring that host or removable media across that gap. If the local container registry and the cluster are connected to the mirror host of a registry, you can directly push the release images to the local registry.
 
-* xref:../updating/updating-restricted-network-cluster/restricted-network-update.adoc#updating-restricted-network-mirror-host[Preparing your mirror host]
-* xref:../updating/updating-restricted-network-cluster/restricted-network-update.adoc#installation-adding-registry-pull-secret_updating-restricted-network-cluster[Configuring credentials that allow images to be mirrored]
-* xref:../updating/updating-restricted-network-cluster/restricted-network-update.adoc#updating-restricted-network-mirror-host[Mirroring the {product-title} image repository]
+* xref:../updating/updating-restricted-network-cluster/mirroring-image-repository.adoc#updating-restricted-network-mirror-host[Preparing your mirror host]
+* xref:../updating/updating-restricted-network-cluster/mirroring-image-repository.adoc#installation-adding-registry-pull-secret_mirroring-ocp-image-repository[Configuring credentials that allow images to be mirrored]
+* xref:../updating/updating-restricted-network-cluster/mirroring-image-repository.adoc#update-mirror-repository_mirroring-ocp-image-repository[Mirroring the {product-title} image repository]
 * xref:../updating/updating-restricted-network-cluster/restricted-network-update.adoc#update-restricted_updating-restricted-network-cluster[Updating the disconnected cluster]
 * xref:../updating/updating-restricted-network-cluster/restricted-network-update.adoc#images-configuration-registry-mirror_updating-restricted-network-cluster[Configuring image registry repository mirroring]
 * xref:../updating/updating-restricted-network-cluster/restricted-network-update.adoc#generating-icsp-object-scoped-to-a-registry_updating-restricted-network-cluster[Widening the scope of the mirror image catalog to reduce the frequency of cluster node reboots]

diff --git a/updating/updating-restricted-network-cluster/index.adoc b/updating/updating-restricted-network-cluster/index.adoc
@@ -1,6 +1,6 @@
 :_content-type: ASSEMBLY
 [id="about-restricted-network-updates"]
-= About disconnected environment updates
+= About cluster updates in a disconnected environment
 include::_attributes/common-attributes.adoc[]
 :context: about-restricted-network-updates
 
@@ -13,11 +13,18 @@ If the local container registry and the cluster are connected to the mirror regi
 
 A single container image registry is sufficient to host mirrored images for several clusters in the disconnected network.
 
-== Performing a disconnected environment update
+[id="about-disconnected-updates-mirroring"]
+== Mirroring the {product-title} image repository
+To update a cluster in a disconnected environment, your cluster environment must have access to a mirror registry that has the necessary images and resources for your targeted update. The following page has instructions for mirroring images onto a repository in your disconnected cluster:
+
+* xref:../../updating/updating-restricted-network-cluster/mirroring-image-repository.adoc#mirroring-ocp-image-repository[Mirroring the {product-title} image repository]
+
+[id="about-disconnected-updates-update"]
+== Performing a cluster update in a disconnected environment
 
 You can use one of the following procedures to update a disconnected {product-title} cluster:
 
-* xref:../../updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc#updating-restricted-network-cluster-OSUS[Updating disconnected environments using the OpenShift Update Service]
+* xref:../../updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc#updating-restricted-network-cluster-OSUS[Updating a cluster in a disconnected environment using the OpenShift Update Service]
 
-* xref:../../updating/updating-restricted-network-cluster/restricted-network-update.adoc#updating-restricted-network-cluster[Updating disconnected environments without the OpenShift Update Service]
+* xref:../../updating/updating-restricted-network-cluster/restricted-network-update.adoc#updating-restricted-network-cluster[Updating a cluster in a disconnected environment without the OpenShift Update Service]
 
diff --git a/updating/updating-restricted-network-cluster/mirroring-image-repository.adoc b/updating/updating-restricted-network-cluster/mirroring-image-repository.adoc
@@ -0,0 +1,27 @@
+:_content-type: ASSEMBLY
+[id="mirroring-ocp-image-repository"]
+= Mirroring the {product-title} image repository
+include::_attributes/common-attributes.adoc[]
+:context: mirroring-ocp-image-repository
+
+toc::[]
+
+You must mirror container images onto a mirror registry before you can update a cluster in a disconnected environment. You can also use this procedure in connected environments to ensure your clusters  run only approved container images that have satisfied your organizational controls for external content.
+
+[id="prerequisites_mirroring-ocp-image-repository"]
+== Prerequisites
+
+* You must have a container image registry that supports link:https://docs.docker.com/registry/spec/manifest-v2-2[Docker v2-2] in the location that will host the {product-title} cluster, such as Red Hat Quay.
+
+[id="updating-restricted-network-mirror-host"]
+== Preparing your mirror host
+
+Before you perform the mirror procedure, you must prepare the host to retrieve content and push it to the remote location.
+
+include::modules/cli-installing-cli.adoc[leveloffset=+2]
+
+// this file doesn't exist, so I'm including the one that should pick up more changes from Clayton's PR - modules/installation-adding-mirror-registry-pull-secret.adoc[leveloffset=+1]
+
+include::modules/installation-adding-registry-pull-secret.adoc[leveloffset=+2]
+
+include::modules/update-mirror-repository.adoc[leveloffset=+1]
diff --git a/updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc b/updating/updating-restricted-network-cluster/restricted-network-update-osus.adoc
@@ -1,6 +1,6 @@
 :_content-type: ASSEMBLY
 [id="updating-restricted-network-cluster-OSUS"]
-= Updating disconnected environments using the OpenShift Update Service
+= Updating a cluster in a disconnected environment using the OpenShift Update Service
 include::_attributes/common-attributes.adoc[]
 :context: updating-restricted-network-cluster-osus
 
@@ -23,10 +23,8 @@ The following sections describe how to provide updates for your disconnected clu
 [id="update-service-prereqs"]
 == Prerequisites
 
-* Have access to the internet to obtain the necessary container images.
-* Have write access to a container registry in the disconnected environment to push and pull images. The container registry must be compatible with Docker registry API v2.
 * You must have the `oc` command-line interface (CLI) tool installed.
-* For more information on installing Operators, see xref:../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Installing Operators in your namespace].
+* You must provision a local container image registry with the container images for your update, as described in xref:../../updating/updating-restricted-network-cluster/mirroring-image-repository.adoc#mirroring-ocp-image-repository[Mirroring the {product-title} image repository].
 
 [id="registry-configuration-for-update-service"]
 == Configuring access to a secured registry for the OpenShift Update Service
@@ -71,9 +69,12 @@ include::modules/update-service-install-web-console.adoc[leveloffset=+2]
 
 include::modules/update-service-install-cli.adoc[leveloffset=+2]
 
-include::modules/update-service-graph-data.adoc[leveloffset=+1]
+[role="_additional-resources"]
+.Additional resources
 
-include::modules/update-service-mirror-release.adoc[leveloffset=+1]
+* xref:../../operators/user/olm-installing-operators-in-namespace.adoc#olm-installing-operators-in-namespace[Installing Operators in your namespace].
+
+include::modules/update-service-graph-data.adoc[leveloffset=+1]
 
 [id="update-service-create-service"]
 == Creating an OpenShift Update Service application