├── LICENSE ├── README.md ├── certificates ├── ibm-pak-plugin.pem.cer ├── ibm-pak-plugin.pem.chain └── ibm-pak-plugin.pem.pub.key ├── docs ├── catalog-mirroring.md ├── command-help.md ├── compression-sharding.md ├── download-github.md ├── verify-v2.md └── verify.md ├── ibm-pak-plugin-chain0.pem ├── ibm-pak-plugin-chain1.pem └── ibm-pak-plugin.pem /LICENSE: -------------------------------------------------------------------------------- 1 | LICENSE INFORMATION 2 | 3 | The Programs listed below are licensed under the following License Information terms and conditions in addition to the Program license terms previously agreed to by Client and IBM. If Client does not have previously agreed to license terms in effect for the Program, the International License Agreement for Non-Warranted Programs (i125-5589-06) applies. 4 | 5 | Program Name (Program Number): 6 | IBM Catalog Management Plug-in for IBM Cloud Paks 1.0 (GA) 7 | 8 | L/N: L-CPAT-CEJS83 9 | D/N: L-CPAT-CEJS83 10 | P/N: L-CPAT-CEJS83 11 | 12 | 13 | International License Agreement for Non-Warranted Programs 14 | 15 | Part 1 - General Terms 16 | 17 | BY DOWNLOADING, INSTALLING, COPYING, ACCESSING, CLICKING ON AN "ACCEPT" BUTTON, OR OTHERWISE USING THE PROGRAM, LICENSEE AGREES TO THE TERMS OF THIS AGREEMENT. IF YOU ARE ACCEPTING THESE TERMS ON BEHALF OF LICENSEE, YOU REPRESENT THAT YOU HAVE FULL AUTHORITY TO BIND LICENSEE TO THESE TERMS. 18 | 19 | IF YOU DO NOT AGREE TO THESE TERMS OR DO NOT HAVE AUTHORITY: i) DO NOT DOWNLOAD, INSTALL, COPY, ACCESS, CLICK ON AN "ACCEPT" BUTTON, OR USE THE PROGRAM; AND ii) PROMPTLY RETURN THE UNUSED MEDIA AND DOCUMENTATION, AND PROOF OF ENTITLEMENT TO THE PARTY FROM WHOM IT WAS OBTAINED FOR A REFUND OF THE AMOUNT PAID. IF THE PROGRAM WAS DOWNLOADED, DESTROY ALL COPIES OF THE PROGRAM. 20 | 21 | This International License Agreement for Non-Warranted Programs (ILAN) and applicable Transaction Documents (together the "Agreement") are the complete agreement between Licensee and IBM regarding the use of a Program. The country required terms included in Part 2 of this ILAN replace or modify the terms of Part 1. 22 | 23 | Transaction Documents (TDs) provide a description, information, and terms regarding the Program and its authorized use. Examples of TDs for Programs include license information (LI), licensed program specifications (LPS), quote, proof of entitlement (PoE) or invoice. To the extent of any conflict a TD will prevail over the ILAN. 24 | 25 | 1. Program License 26 | 27 | a. A Program is an executable IBM-branded computer program and its related material and includes whole and partial copies. Program details are described in a TD available at http://www.ibm.com/software/sla (for Passport Advantage Programs) or http://www.ibm.com/support/knowledgecenter (for other IBM Programs), in the Program's system command directory, or as otherwise specified by IBM. IBM software policies (such as backup, temporary use and IBM approved cloud environment) available at http://www.ibm.com/softwarepolicies apply to Licensee's use of Programs. 28 | 29 | b. Copies of Programs are copyrighted and licensed. 30 | 31 | c. Licensee is granted a nonexclusive license to: 32 | 33 | (1) use each copy of a Program, subject to the terms of the Agreement and, if applicable, up to the number of license entitlements Licensee acquires ("Authorized Use"); 34 | 35 | (2) make and install copies to support such Authorized Use; and 36 | 37 | (3) make a backup copy. 38 | 39 | d. Programs may be used by Licensee, its employees and contractors. Licensee may not rent or lease a Program or provide commercial IT, hosting or timesharing services to any third party. Additional rights may be available for additional fees or under different terms. 40 | 41 | e. The license granted for a Program is subject to Licensee: 42 | 43 | (1) reproducing copyright notices and other markings on any copy; 44 | 45 | (2) ensuring anyone who uses the Program: i) does so only on Licensee's behalf within Licensee's Authorized Use; and ii) complies with this Agreement; 46 | 47 | (3) not reverse assembling, reverse compiling, translating, or reverse engineering the Program, except as expressly permitted by law without the possibility of contractual waiver; and 48 | 49 | (4) not using any of the elements of the Program or related licensed materials separately from the Program. 50 | 51 | f. If the TD for a Program ("Principal Program") states that a "Supporting Program" is included with the Principal Program, Licensee may use the Supporting Program subject to any license limitations of the Principal Program and only to support the Principal Program. 52 | 53 | g. This license applies to each copy of the Program that Licensee makes. 54 | 55 | h. An update, fix, or patch to a Program is subject to the terms governing the Program unless new terms are provided in an updated TD. Licensee accepts such new terms upon installation of the update, fix, or patch. If a Program is replaced by an update, Licensee agrees to promptly discontinue use of the replaced Program. 56 | 57 | i. If Licensee is dissatisfied with a Program for any reason, Licensee may terminate the license by returning the Program and proof of entitlement to IBM or the authorized IBM Business Partner within 30 days of the original acquisition date of such Program for a refund of the amount paid. For a downloaded Program, contact the party Licensee acquired the Program from for refund instructions. 58 | 59 | 2. Warranties 60 | 61 | a. IBM does not warrant uninterrupted or error-free operation of an IBM Program or that IBM will correct all defects or prevent third party disruptions. These warranties are the exclusive warranties from IBM and replace all other warranties, including the implied warranties or conditions of satisfactory quality, merchantability, non-infringement, and fitness for a particular purpose. IBM warranties will not apply if there has been misuse, modification, damage not caused by IBM, or failure to comply with written instructions provided by IBM. Non-IBM Programs are provided as-is, without warranties of any kind. Third parties may provide their own warranties to Licensee. 62 | 63 | b. Additional support available during or after the warranty period may be available under separate agreement. 64 | 65 | 3. Charges, Taxes, Payment, and Verification 66 | 67 | a. Licensee's right to use a Program is contingent on Licensee paying applicable charges, if any, as specified in the agreement under which Licensee acquired the license entitlements. Licensee is responsible to acquire additional license entitlements in advance of any increase of its use. 68 | 69 | b. Licensee agrees to pay all applicable charges for acquired entitlements and any charges for use in excess of authorizations. Charges are exclusive of any customs or other duty, tax, and similar levies imposed by any authority resulting from Licensee's acquisition of entitlements and will be invoiced in addition to such charges. Amounts are due upon receipt of the invoice from IBM and payable within 30 days of the invoice date to an account specified by IBM and late payment fees may apply. Licensee is responsible to properly acquire additional license entitlements in advance to increase its use. IBM does not give credits or refunds for charges already due or paid, except as specified elsewhere in this ILAN, the applicable TD, or terms of the agreement under which Licensee acquired license entitlements. 70 | 71 | c. Based on acquired entitlements, Licensee agrees to: i) pay any withholding tax directly to the appropriate government entity where required by law; ii) furnish a tax certificate evidencing such payment to IBM; iii) pay IBM only the net proceeds after tax; and iv) fully cooperate with IBM in seeking a waiver or reduction of such taxes and promptly complete and file all relevant documents. 72 | 73 | d. If Licensee imports, exports, transfers, accesses, or uses a Program across a border, Licensee agrees to be responsible for and pay authorities any custom, duty, tax, or similar levy assessed by the authorities. This excludes those taxes based on IBM's net income. 74 | 75 | 3.1 Licensing Verification 76 | 77 | a. Licensee will, for all Programs at all sites and for all environments, create, retain, and each year provide to IBM upon request with 30 days' advance notice: i) a report, in a format requested by IBM using records, system tools output, and other system information; and ii) supporting documentation (collectively, "Deployment Data"). 78 | 79 | b. Upon reasonable notice, IBM and its independent auditors may verify Licensee's compliance with this Agreement, at all sites and for all environments, in which Licensee uses (for any purposes) Programs. Verification will be conducted in a manner that minimizes disruption to Licensee's business and may be conducted on Licensee's premises, during normal business hours. IBM will have a written confidentiality agreement with the independent auditor. In addition to providing Deployment Data described above, Licensee agrees to provide to IBM and its auditors additional accurate information and Deployment Data upon request. 80 | 81 | c. Licensee will promptly order and pay charges at IBM's then current rates associated with: i) any deployments in excess of authorizations indicated on or by any annual report or verification; ii) applicable subscription & support services (S&S) for such excess deployments for the lesser of the duration of such excess use or two years; and iii) any additional charges and other liabilities determined as a result of such verification, including but not limited to taxes, duties, and regulatory fees. 82 | 83 | 4. Liability and Intellectual Property Protection 84 | 85 | a. IBM's entire liability for all claims related to this Agreement will not exceed the amount of any actual direct damages incurred by Licensee up to the greater of: i) U.S. $10,000.00 (or equivalent in local currency); or ii) the amounts paid (if recurring charges, up to 12 months' charges apply) for the entitlements to the Program that is the subject of the claim, regardless of the basis of the claim. IBM will not be liable for special, incidental, exemplary, indirect, or economic consequential damages, or for lost profits, business, value, revenue, goodwill, or anticipated savings. These limitations apply collectively to IBM, its affiliates, contractors, and suppliers. 86 | 87 | b. The following amounts are not subject to the above cap: damages that cannot be limited under applicable law. 88 | 89 | c. IBM has no responsibility for claims based on non-IBM products, items not provided by IBM, or any violation of law or third party rights caused by Content, or any Licensee materials, designs, specifications. Content consists of all data, software, and information that Licensee or its authorized users provide, authorize access to, or inputs to a Program. 90 | 91 | 5. Termination 92 | 93 | a. IBM may terminate Licensee's license to use a Program if Licensee fails to comply with the ILAN, TDs or acquisition agreements, such as the International Passport Advantage Agreement (IPAA). Licensee will promptly destroy all copies of the Program after license termination. Any terms that by their nature extend beyond the termination remain in effect until fulfilled and apply to successors and assignees. 94 | 95 | 6. Governing Laws and Geographic Scope 96 | 97 | a. Both parties agree to the application of the laws of the country where the transaction for license entitlements is performed, without regard to conflict of law principles. The rights and obligations of each party are valid only in the country where the transaction to acquire license entitlements is performed or, if IBM agrees, the country where the Program is placed in productive use, except all licenses are valid as specifically granted. 98 | 99 | b. Each party is also responsible for complying with: i) laws and regulations applicable to its business and Content; and ii) import, export and economic sanction laws and regulations, including the defense trade control regime of the United States of America and any applicable jurisdictions, that prohibit or restrict the import, export, re-export, or transfer of products, technology, services or data, directly or indirectly, to or for certain countries, end uses or end users. 100 | 101 | c. If any provision of this Agreement for a Program, is invalid or unenforceable, the remaining provisions remain in full force and effect. Nothing in this Agreement affects statutory rights of consumers that cannot be waived or limited by contract. The United Nations Convention on Contracts for the International Sale of Goods does not apply to transactions under this Agreement. 102 | 103 | 7. General 104 | 105 | a. IBM is an independent contractor, not Licensee's agent, joint venturer, partner, or fiduciary, and does not undertake to perform any of Licensee's regulatory obligations, or assume any responsibility for Licensee's business or operations. Licensee is responsible for its use of IBM Programs and Non-IBM Programs. IBM is acting as an information technology provider only. IBM's direction, suggested usage, or guidance or use of a Program does not constitute medical, clinical, legal, accounting, or other licensed professional advice. Licensee should obtain its own expert advice. 106 | 107 | b. For Programs IBM provides to Licensee in tangible form, IBM fulfills its shipping and delivery obligations upon the delivery of such Programs to the IBM-designated carrier, unless otherwise agreed to in writing by Licensee and IBM. 108 | 109 | c. Licensee may not use the Program if failure of the Program could lead to death, serious bodily injury, or property or environmental damage. 110 | 111 | d. IBM, its affiliates, and contractors of either require use of business contact information and certain account usage information. This information is not Content. Business contact information is used to communicate and manage business dealings with the Licensee. Examples of business contact information include name, business telephone, address, email, user ID, and tax registration information. Account usage information is required to enable, provide, manage, support, administer, and improve Programs. Examples of account usage information include reported errors and digital information gathered using tracking technologies, such as cookies and web beacons, during use of the Programs. The IBM Privacy Statement at http://www.ibm.com/privacy provides additional details with respect to IBM's collection, use, and handling of business contact and account usage information. When Licensee provides information to IBM and notice to, or consent by, the individuals is required for such processing, Licensee will notify individuals and obtain consent. 112 | 113 | e. IBM Business Partners who use or make available Programs are independent from IBM and unilaterally determine their prices and terms. IBM is not responsible for their actions, omissions, statements, or offerings. 114 | 115 | f. IBM may offer Non-IBM Programs, or an IBM Program may enable access to Non-IBM Programs, that may require acceptance of third party terms identified in a TD or presented to the Licensee. Linking to or use of Non-IBM Programs constitutes Licensee's agreement with such terms. IBM is not a party to such third party agreements and is not responsible for such Non-IBM Programs. 116 | 117 | g. License grants to Programs are provided by International Business Machines Corporation, a New York corporation ("IBM Corporation"). The IBM company from which the Licensee acquires entitlements ("IBM") is acting as a distributor and delivering Programs and is responsible for enforcing the terms of this Agreement. If entitlements are acquired from an IBM Business Partner, the IBM company for the country of acquisition is responsible for enforcing the terms of this Agreement. No right or cause of action is created in favor of Licensee against IBM Corporation. Licensee waives all claims and causes of action against IBM Corporation and agrees to look solely to IBM for any rights and remedies in connection with Programs. 118 | 119 | h. Licensee may not sublicense, assign, or transfer the license for any Program (except to the extent assignment or transfer may not be legally restricted or as is expressly permitted in a TD or as otherwise agreed by IBM). IBM may assign its rights and obligations under this Agreement in conjunction with the sale of the portion of IBM's business that includes a Program. IBM may share this Agreement and related documents in conjunction with any assignment. 120 | 121 | i. All notices under the Agreement must be in writing and sent to the business address specified in the agreement Licensee acquired the license entitlements unless a party designates in writing a different address. The parties consent to the use of electronic means and facsimile transmissions for communications as a signed writing. Any reproduction of the Agreement made by reliable means is considered an original. Agreement supersedes any course of dealing, discussions or representations, between the parties. 122 | 123 | j. No right or cause of action for any third party is created by the Agreement. Neither party will bring a legal action arising out of or related to this Agreement more than two years after the cause of action arose. Neither party is responsible for failure to fulfill its non-monetary obligations due to causes beyond its control. Each party will allow the other reasonable opportunity to comply before it claims the other has not met its obligations. 124 | 125 | k. IBM may use personnel and resources in locations worldwide, including third party contractors to support the delivery of Programs and Program support. Licensee's use of Programs may result in the transfer of Content, including personally identifiable information, across country borders to provide Program support as described in the IBM Software Support Guide. 126 | 127 | Part 2 - Country Required Terms 128 | 129 | For licenses acquired in the countries specified below, the following terms replace or modify the referenced terms of this ILAN. Terms not changed by these amendments remain unchanged and in effect. 130 | 131 | 1. AMERICAS 132 | 133 | Section 3. Charges, Taxes, Payment, and Verification 134 | 135 | Replace the first and second sentence of paragraph b with the following: 136 | 137 | In Brazil: Licensee agrees to pay all applicable charges for acquired entitlements and any charges for use in excess of authorizations and any customs or other duty, tax, and similar levies imposed by any authority resulting from Licensee's acquisition of entitlements. 138 | 139 | In paragraph b: 140 | 141 | In Mexico: In the third sentence, delete the words "to an account specified by IBM". 142 | 143 | In Mexico: Add the following new sentence after the third sentence: 144 | 145 | Payments will be made through electronic transfer of funds to an account specified by IBM or in IBM´s domicile which is located in Alfonso Napoles Gandara 3111, Santa Fe Peña Blanca, Alvaro Obregon, Mexico City, Zip Code 01210. 146 | 147 | Add at the end of paragraph c the following sentence: 148 | 149 | In Canada: Where taxes are based upon the location(s) receiving the benefit of the Program, Licensee has an ongoing obligation to notify IBM of such location(s) if different than Licensee's business address listed in the applicable Attachment or TD. 150 | 151 | Add at the end of paragraph c the following sentence: 152 | 153 | In United States: The parties agree no tangible personal property (e.g. media or publications) shall transfer to Licensee if: i) IBM delivers Programs electronically to Licensee; or ii) Licensee claims a sales or use tax exemption for Programs IBM delivers electronically to Licensee. Where taxes are based upon the location(s) receiving the benefit of the Program, Licensee has an ongoing obligation to notify IBM of such location(s) if different than Licensee's business address listed in the applicable Attachment or TD. 154 | 155 | Section 4. Liability and Intellectual Property Protection 156 | 157 | Insert the following disclaimer at the end of paragraph a: 158 | 159 | In Peru: In accordance with Article 1328 of the Peruvian Civil Code this limitations and exclusions will not apply in the cases of willful misconduct ("dolo") or gross negligence ("culpa inexcusable"). 160 | 161 | Section 6. Governing Laws and Geographic Scope 162 | 163 | In paragraph a, replace the first sentence only with: 164 | 165 | In Argentina: Both parties agree to the application of the laws of the Republic of Argentina, without regard to the conflict of law principles. Any proceeding regarding the rights, duties, and obligations arising from this Agreement will be brought in the Ordinary Commercial Court of the City of "Ciudad Autónoma de Buenos Aires". 166 | 167 | In Chile: Both parties agree to the application of the laws of Chile, without regard to the conflict of law principles. Any conflict, interpretation or breach related to this Agreement that cannot be solved by the Parties should be remitted to the jurisdiction of the Ordinary Courts of the city and district of Santiago. 168 | 169 | In Colombia: Both parties agree to the application of the laws of the Republic of Colombia, without regard to the conflict of law principles. All rights, duties and obligations are subject to the judges of the Republic of Colombia. 170 | 171 | In Ecuador: Both parties agree to the application of the laws of the Republic of Ecuador, without regard to the conflict of law principles. Any dispute arising out or relating to this Agreement will be submitted to the civil judges of Quito and to the verbal summary proceeding. 172 | 173 | In Venezuela: Both parties agree to the application of the laws of Venezuela, without regard to the conflict of law principles. The parties agree to submit any conflict related to this Agreement, existing between them to the Courts of the Metropolitan Area of the City of Caracas. 174 | 175 | In Peru: Both parties agree to the application of the laws of Peru, without regard to the conflict of law principles. Any discrepancy that may arise between the parties in the execution, interpretation or compliance of this Agreement that may not be directly resolved shall be submitted to the Jurisdiction and Competence of the Judges and Tribunals of the 'Cercado de Lima' Judicial District. 176 | 177 | In Uruguay: Both parties agree to the application of the laws of Uruguay. Any discrepancy that may arise between the parties in the execution, interpretation or compliance of this Agreement that may not be directly resolved shall be submitted to the Montevideo Courts ("Tribunales Ordinarios de Montevideo"). 178 | 179 | In paragraph a, first sentence only, replace the phrase, "the country where the transaction for license entitlements is performed" with: 180 | 181 | In United States, Anguilla, Antigua/Barbuda, Aruba, Bahamas, Barbados, Bermuda, Bonaire, British Virgin Islands, Cayman Islands, Curacao, Dominica, Grenada, Guyana, Jamaica, Montserrat, Saba, Saint Eustatius, Saint Kitts and Nevis, Saint Lucia, Saint Maarten, Saint Vincent and the Grenadines, Suriname, Tortola, Trinidad and Tobago, and Turk and Caicos: the State of New York, United States. 182 | 183 | In Canada: the Province of Ontario and the federal laws of Canada applicable therein. 184 | 185 | In paragraph a, in the second sentence, replace the phrase "the country where the transaction to acquire license entitlements is performed or, if IBM agrees, the country where the Program is placed in productive use" with: 186 | 187 | In Argentina: Argentina 188 | 189 | In Chile: Chile 190 | 191 | In Colombia: Colombia 192 | 193 | In Ecuador: Ecuador 194 | 195 | In Mexico: Mexico 196 | 197 | In Peru: Peru 198 | 199 | In Uruguay: Uruguay 200 | 201 | In Venezuela: Venezuela 202 | 203 | Add the following sentences at the end of paragraph b: 204 | 205 | In Brazil: All disputes arising out of or related to this Agreement, including summary proceedings, will be brought before and subject to the exclusive jurisdiction of the Forum of the City of São Paulo, State of São Paulo, Brazil and the parties irrevocably agree with this specific jurisdiction renouncing any other, however privileged it may be. 206 | 207 | In Mexico: The Parties agree to submit themselves to the exclusive jurisdiction of the courts of Mexico City to resolve any dispute arising from this Agreement. The Parties waive to any other jurisdiction that may correspond to them due to their current or future domiciles, or for any other reason. 208 | 209 | Section 7. General 210 | 211 | In paragraph g: 212 | 213 | In United States: delete the last 2 sentences. 214 | 215 | In paragraph i, add the following new sentence after the first sentence: 216 | 217 | In Mexico: Any change of address must be notified 10 (ten) days in advance, otherwise the notifications made at the last indicated address will have full legal effects. 218 | 219 | In paragraph j: 220 | 221 | In Brazil: delete the entire 2nd sentence of "Neither party will bring a legal action arising out of or related to the Agreement more than two years after the cause of action arose". 222 | 223 | Add as a new paragraph l to this section: 224 | 225 | In Canada: Both parties agree to write this document in English. Les parties ont convenu de rédiger le présent document en langue anglaise. 226 | 227 | 2. ASIA PACIFIC 228 | 229 | Section 2. Warranties 230 | 231 | Add at the end of this section as a new paragraph f: 232 | 233 | In Australia: These warranties are in addition to any rights under, and only limited to the extent permitted by, the Competition and Consumer Act 2010. 234 | 235 | In Japan: IBM's liability is limited to this paragraph and the Liability and Intellectual Property Protection section, applicable Attachments, and TDs as Licensee's sole remedy for failure to meet the warranties specified in this section. 236 | 237 | In New Zealand: These warranties are in addition to any rights under the Consumer Guarantee Act 1993 or other legislation that cannot be limited by law. 238 | 239 | Section 3. Charges, Taxes, Payment, and Verification 240 | 241 | In paragraph b. replace the third sentence with the following 2 sentences: 242 | 243 | In Hong Kong, Indonesia, Korea, Macau, Malaysia, Philippines, Singapore, and Vietnam: Amounts are due upon receipt of the invoice from IBM and payable within 30 days of the invoice date to an account specified by IBM. If payment is not received within 30 days from the invoice date, IBM may charge a late payment fee on the amount outstanding, calculated on the number of days the payment is received late, at the lesser of: i) 2% for every 30 day period or portion thereof; or ii) the maximum amount permissible by applicable law. 244 | 245 | In Thailand: Amounts are due upon receipt of the invoice from IBM and payable within 30 days of the invoice date to an account specified by IBM. If payment is not received within 30 days from the invoice date, a late payment fee may be applied on the amount outstanding, at the rate of 1.25% per month, calculated on the number of days the payment is received late. 246 | 247 | In the first sentence of paragraph c, remove the word "and" before "(iv)", and add a semicolon and the following new item "(v)": 248 | 249 | In India: ; and (v) file accurate Taxes Deducted at Source (TDS) returns on a timely basis. If any tax, duty, levy or fee ("Taxes") are not charged on the basis of the exemption documentation provided by the Licensee and the taxation authority subsequently rules that such Taxes should have been charged, then the Licensee will be liable to pay such Taxes, including any interests, levies and/or penalties applicable thereon. 250 | 251 | In the first sentence of paragraph c, remove the word "and" before "(iv)", and replace item (iv) and add new item (v) with: 252 | 253 | In Singapore, Malaysia, Philippines, Thailand, Indonesia, and Vietnam: (iv) fully cooperate with IBM in seeking a waiver or reduction of withholding or other tax that Licensee requests a waiver or reduction; and v) promptly complete, file, and keep current all relevant documents for any such waiver, reductions, or exemptions. 254 | 255 | Section 4. Liability and Intellectual Property Protection 256 | 257 | In paragraph a, add at the end of the first sentence the following: 258 | 259 | In Australia: (for example, whether based in contract, tort, negligence, under statute or otherwise) 260 | 261 | In paragraph a, second sentence after the word "special" and before the word "incidental", add the following: 262 | 263 | In Philippines: (including nominal and exemplary damages), moral, 264 | 265 | Add as a new paragraph after the end of paragraph a (and ensure paragraphs properly reletter): 266 | 267 | In Australia: Where IBM is in breach of a guarantee implied by the Competition and Consumer Act 2010, IBM's liability is limited to the repair or replacement of goods or the supply of equivalent goods, or the payment of the cost of replacing the goods or having the good repaired. Where a guarantee relates to the right to sell, quiet possession, or clear title of a good under schedule 2 of the Competition and Consumer Act, then none of these limitations apply. 268 | 269 | Section 5. Termination 270 | 271 | Add at the end of the section as a new paragraph b: 272 | 273 | In Indonesia: The parties waive article 1266 of the Indonesian Civil Code to the extent it requires a court decree for the termination of an agreement creating mutual obligations. 274 | 275 | Section 6. Governing Laws and Geographic Scope 276 | 277 | In paragraph a, in the first sentence only, replace the phrase, "the country where the transaction for license entitlements is performed" with: 278 | 279 | In Cambodia, Laos: the State of New York, United States 280 | 281 | In Australia: the State or Territory in which the transaction is performed 282 | 283 | In Hong Kong: the Hong Kong Special Administrative Region of the People's Republic of China 284 | 285 | In Macau: the Hong Kong Special Administrative Region of the People's Republic of China 286 | 287 | In Korea: the Republic of Korea, and subject to the Seoul Central District Court of the Republic of Korea 288 | 289 | In Taiwan: Taiwan 290 | 291 | In India: India 292 | 293 | In paragraph b, in the first sentence, item ii), after the word "including" and before word "defense", add: 294 | 295 | In Japan: those of Japan laws and 296 | 297 | In paragraph a, in the second sentence, replace the phrase "the country where the transaction to acquire license entitlements is performed or, if IBM agrees, the country where the Program is placed in productive use" with: 298 | 299 | In Hong Kong: the Hong Kong Special Administrative Region of the People's Republic of China 300 | 301 | In Macau: the Macau Special Administrative Region of the People's Republic of China 302 | 303 | In Taiwan: Taiwan 304 | 305 | Add at the end of the section as a new paragraph d: 306 | 307 | In Cambodia, Laos, Philippines, and Sri Lanka: Disputes will be finally settled by arbitration in Singapore under the Arbitration Rules of the Singapore International Arbitration Center ("SIAC Rules"). 308 | 309 | In India: Disputes shall be finally settled in accordance with The Arbitration and Conciliation Act, 1996 then in effect, in English, with seat in Bangalore, India. There shall be one arbitrator if the amount in dispute is less than or equal to Indian Rupee five crores and three arbitrators if the amount is more. When an arbitrator is replaced, proceedings shall continue from the stage they were at when the vacancy occurred. 310 | 311 | In Indonesia: Disputes will be finally settled by arbitration in Jakarta, Indonesia, administered by the Indonesian National Board of Arbitration established in the year 1977 ("Badan Arbitrase Nasional Indonesia" or "BANI") in accordance with the rules of the Indonesian National Board of Arbitration The arbitration award shall be final and binding on the parties without appeal and shall be in writing and set forth the findings of fact and the conclusion of law. 312 | 313 | In People's Republic of China: Either party has the right to submit the dispute to the China International Economic and Trade Arbitration Commission in Beijing, the PRC, for arbitration. The parties agree three arbitrators will be used to resolve any dispute. 314 | 315 | In Vietnam: Disputes will be finally settled by arbitration in Vietnam under the Arbitration Rules of the Vietnam International Arbitration Centre ("VIAC Rules"). All proceedings and documents presented will be in the English language. 316 | 317 | Section 7. General 318 | 319 | In paragraph j, in the second sentence, replace the phrase "two years" with: 320 | 321 | In India: three years 322 | 323 | Add to the end of this section the following new paragraph l: 324 | 325 | In Indonesia: This agreement is made in the English and Bahasa Indonesian language versions. To the extent permitted by the applicable law, the English version will prevail in the event of conflict between such versions. 326 | 327 | 3. EUROPE, MIDDLE EAST, AND AFRICA 328 | 329 | Section 3. Charges, Taxes, Payment, and Verification 330 | 331 | In paragraph b, add the following to the end of the third sentence: 332 | 333 | In Italy: if IBM requests in a written notice to Licensee. 334 | 335 | In Ukraine: , on the overdue amount from the next day after the due date up to the date of actual payment, prorated for each day of delay, at the interest rate of double the discount rate determined by the National Bank of Ukraine (NBU) during the delay period (paragraph 6 of article 232 of Commercial Code of Ukraine does not apply). 336 | 337 | In paragraph b, replace the third sentence with the following: 338 | 339 | In France: Amounts are due and payable within 10 days of the invoice date to an account specified by IBM and late payment fees apply equal to the most recent European Central Bank rate plus 10 points, in addition to debt collection costs of forty (40) euros or, if these costs exceed forty euros, complementary indemnification subject to justification of the amount claimed). 340 | 341 | In Russia: Amounts are due upon receipt of the invoice and payable within 30 days of the invoice date through electronic transfer of funds to an account specified by IBM. Late payment fees at the rate of 24% per annum calculated for each day beyond the 30 days may apply. 342 | 343 | In paragraph b, add the following to the end of the last sentence: 344 | 345 | In Lithuania: , or except as provided by law 346 | 347 | At the end of paragraph b, add the following: 348 | 349 | In Italy: In the instance of no payment or partial payment, and also following a formal credit claim procedure or trial that IBM may initiate, in derogation of article 4 of Legislative Decree n. 231 dated October 9, 2002, and according to article 7 of the same Legislative Decree, IBM will notify Licensee in writing by registered, return receipt mail of late payment fees due. 350 | 351 | Section 4. Liability and Intellectual Property Protection 352 | 353 | In paragraph a, in the first sentence insert the following before the words "the amounts paid": 354 | 355 | In Belgium, France, Germany, Italy, Luxembourg, Malta, Portugal, and Spain: the greater of €500,000 (five hundred thousand euro) or 356 | 357 | In Ireland and United Kingdom: 125% of 358 | 359 | In paragraph a, in the first sentence, replace the phrase "direct damages incurred by Licensee" with: 360 | 361 | In Spain: and proven damages incurred by Licensee as a direct consequence of the IBM default 362 | 363 | In paragraph a, insert after the first sentence the following new sentence: 364 | 365 | In Slovakia: Referring to § 379 of the Commercial Code, Act No. 513/1991 Coll. as amended, and concerning all conditions related to the conclusion of the agreement, both parties state that the total foreseeable damage, which may accrue, shall not exceed the amount above, and it is the maximum for which IBM is responsible. 366 | 367 | In paragraph a, insert before the second sentence the following new sentence: 368 | 369 | In Russia: IBM will not be liable for the forgone benefit. 370 | 371 | In paragraph a, in the second sentence, delete the word: 372 | 373 | In Ireland and United Kingdom: economic 374 | 375 | In paragraph a, replace the second sentence with: 376 | 377 | In Belgium, Netherlands, and Luxembourg: IBM will not be liable for indirect or consequential damages, lost profits, business, value, revenue, goodwill, damage to reputation or anticipated savings, any third party claim against Licensee, and loss of (or damage to) data. 378 | 379 | In France: IBM will not be liable for damages to reputation, indirect damages, or lost profits, business, value, revenue, goodwill, or anticipated savings. 380 | 381 | In Portugal: IBM will not be liable for indirect damages, including loss of profit. 382 | 383 | In Spain: IBM will not be liable for damage to reputation, lost profits, business, value, revenue, goodwill, or anticipated savings. 384 | 385 | Add the following at the end of paragraph a: 386 | 387 | In France: The terms of the Agreement, including financial terms, were established in consideration of the present clause, which is an integral part of the general economy of the Agreement. 388 | 389 | In paragraph b, replace "damages that cannot be limited under applicable law" with the following: 390 | 391 | In Germany: i) damages for body injury (including death); ii) loss or damage caused by a breach of guarantee assumed by IBM in connection with any transaction under this Agreement; and iii) caused intentionally or by gross negligence. 392 | 393 | Section 6. Governing Laws and Geographic Scope 394 | 395 | In paragraph a, first sentence only, replace the phrase "the country where the transaction for license entitlements is performed" with: 396 | 397 | In Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Kazakhstan, Kyrgyzstan, Moldova, Montenegro, Romania, Russia, Serbia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: Austria 398 | 399 | In Estonia, Latvia, and Lithuania: Finland 400 | 401 | In Algeria, Andorra, Benin, Burkina Faso, Burundi, Cameroon, Cape Verde, Central African Republic, Chad, Comoros, Congo Republic, Djibouti, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Guinea, Guinea-Bissau, Ivory Coast, Lebanon, Madagascar, Mali, Mauritania, Mauritius, Mayotte, Morocco, New Caledonia, Niger, Reunion, Senegal, Seychelles, Togo, Tunisia, Vanuatu, and Wallis and Futuna: France 402 | 403 | In Angola, Bahrain, Botswana, Egypt, Eritrea, Ethiopia, Gambia, Ghana, Iraq, Jordan, Kenya, Kuwait, Liberia, Malawi, Malta, Mozambique, Nigeria, Oman, Pakistan, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Sierra Leone, Somalia, Tanzania, Uganda, United Arab Emirates, West Bank/Gaza, Yemen, Zambia, and Zimbabwe: England 404 | 405 | In Liechtenstein: Switzerland 406 | 407 | In South Africa, Namibia, Lesotho, and Swaziland: the Republic of South Africa 408 | 409 | In United Kingdom: England 410 | 411 | In paragraph a, add the following at the end of the first sentence: 412 | 413 | In France: The Parties agree that articles 1222 and 1223 of the French Civil Code are not applicable. 414 | 415 | Add the following at the end of paragraph a: 416 | 417 | In Albania, Armenia, Azerbaijan, Belarus, Bosnia-Herzegovina, Bulgaria, Croatia, Former Yugoslav Republic of Macedonia, Georgia, Kazakhstan, Kosovo, Kyrgyzstan, Moldova, Montenegro, Romania, Russia, Serbia, Tajikistan, Turkmenistan, Ukraine, and Uzbekistan: All disputes arising out of this Agreement shall be finally settled by the International Arbitral Centre of the Austrian Federal Economic Chamber (Arbitration Body), under the Rules of Arbitration of that Arbitral Centre (Vienna Rules), in Vienna, Austria, with English as the official language, by three impartial arbitrators appointed in accordance with the Vienna Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Vienna Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 500,000.00. 418 | 419 | In Estonia, Latvia, and Lithuania: All disputes arising out of this Agreement shall be finally settled by the Arbitration Institute of the Finland Chamber of Commerce (FAI) (Arbitration Body), under the Arbitration Rules of the Finland Chamber of Commerce (Rules), in Helsinki, Finland, with English as the official language, by three impartial arbitrators appointed in accordance with those Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 500,000.00. 420 | 421 | In Afghanistan, Angola, Bahrain, Botswana, Burundi, Cape Verde, Djibouti, Egypt, Eritrea, Ethiopia, Gambia, Ghana, Iraq, Jordan, Kenya, Kuwait, Lebanon, Liberia, Libya, Madagascar, Malawi,, Mozambique, Nigeria, Oman, Pakistan, Palestinian Territory, Qatar, Rwanda, Sao Tome and Principe, Saudi Arabia, Seychelles, Sierra Leone, Somalia, South Sudan, Tanzania, Uganda, United Arab Emirates, Western Sahara, Yemen, Zambia, and Zimbabwe: All disputes arising out of this Agreement shall be finally settled by the London Court of International Arbitration (LCIA) (Arbitration Body), under the LCIA Arbitration Rules (the Rules), in London, UK, with English as the official language, by three impartial arbitrators appointed in accordance with the Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 500,000.00. 422 | 423 | In Algeria, Benin, Burkina Faso, Cameroon, Central African Republic, Chad, Congo Republic, Democratic Republic of Congo, Equatorial Guinea, French Guiana, French Polynesia, Gabon, Guinea, Guinea-Bissau, Ivory Coast, Mali, Mauritania, Mauritius, Morocco, Niger, Senegal, Togo, and Tunisia: All disputes arising out of this Agreement shall be finally settled by the ICC International Court of Arbitration, in Paris (Arbitration Body), under its arbitration rules (the Rules), in Paris, France, with French as the official language, by three impartial arbitrators appointed in accordance with the Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 250,000.00. 424 | 425 | In South Africa, Namibia, Lesotho, and Swaziland: All disputes arising out of this Agreement shall be finally settled by the Arbitration Foundation of Southern Africa (AFSA) (Arbitration Body), under the Rules of the Arbitration of the AFSA (the Rules), in Johannesburg, South Africa, with English as the official language, by three impartial arbitrators appointed in accordance with the Rules. Each party will nominate one arbitrator, who will jointly appoint an independent chairman within 30 days or else the chairman will be appointed by the Arbitration Body under the Rules. The arbitrators will have no authority to award injunctive relief or damages excluded by or exceeding limits in this Agreement. Nothing in this Agreement will prevent either party from resorting to judicial proceedings for (1) interim relief to prevent material prejudice or a breach of confidentiality provisions or intellectual property rights, or (2) determining the validity or ownership of any copyright, patent or trademark owned or asserted by a party or its Enterprise company, or (3) debt collection in amounts below USD 250,000.00. 426 | 427 | In Andorra, Austria, Cyprus, France, Germany, Greece, Israel, Italy, Portugal, Spain, Switzerland, and Turkey: All disputes will be brought before and subject to the exclusive jurisdiction of the following court of competent jurisdiction: 428 | 429 | In Andorra: the Commercial Court of Paris. 430 | 431 | In Austria: the court of Vienna, Austria (Inner City). 432 | 433 | In Cyprus: the competent court of Nicosia. 434 | 435 | In France: Commercial Court of Paris. 436 | 437 | In Germany: the courts of Stuttgart. 438 | 439 | In Greece: the competent court of Athens. 440 | 441 | In Israel: the courts of Tel Aviv Jaffa. 442 | 443 | In Italy: the courts of Milan. 444 | 445 | In Portugal: the courts of Lisbon. 446 | 447 | In Spain: the courts of Madrid. 448 | 449 | In Switzerland: the commercial court of the canton of Zurich. 450 | 451 | In Turkey: the Istanbul Central (Caglayan) Courts and Execution Directorates of Istanbul, the Republic of Turkey. 452 | 453 | In Netherlands: The Parties waive their rights under Title 7.1 ('Koop') and clause 7:401 and 402 of the Dutch Civil Code, and their rights to invoke a full or partial dissolution ('gehele of partiele ontbinding') of this Agreement under section 6:265 of the Dutch Civil Code. 454 | 455 | Section 7. General 456 | 457 | In paragraph d, insert the following at the end of the paragraph: 458 | 459 | In Spain: IBM will comply with requests to access, update or delete contact information if submitted to the following address: IBM, c/ Santa Hortensia 26-28, 28002 Madrid, Departamento de Privacidad de Datos. 460 | 461 | In paragraph j, add to the end the paragraph: 462 | 463 | In Czech Republic: Pursuant to Section 1801 of Act No. 89/2012 Coll. (the "Civil Code"), Section 1799 and Section 1800 of the Civil Code as amended, do not apply to transactions under this Agreement. Licensee accepts the risk of a change of circumstances under Section 1765 of the Civil Code. 464 | 465 | In paragraph j: 466 | 467 | In Bulgaria, Croatia, Russia, Serbia, and Slovenia: delete the 2nd sentence that says: "Neither party will bring a legal action arising out of or related to this Agreement more than two years after the cause of action arose". 468 | 469 | In paragraph j, add to the end of the second sentence: 470 | 471 | In Lithuania: , except as provided by law 472 | 473 | In paragraph j, replace the second sentence with: 474 | 475 | In Poland: Neither party will bring a legal action arising out of or related to this Agreement more than three years after the cause of action arose, except for an action of non-payment which will be brought no more than 2 years after payment is due. 476 | 477 | In paragraph j, second sentence, replace the word "two" with: 478 | 479 | In Latvia and Ukraine: three 480 | 481 | In Slovakia: four 482 | 483 | In paragraph j, add to the end of the third sentence that says: "Neither party is responsible for failure to fulfill its non-monetary obligations due to causes beyond its control": 484 | 485 | In Russia: , including but not limited to earthquakes, floods, fires, acts of God, strikes (excluding strikes of the parties' employees), acts of war, military actions, embargoes, blockades, international or governmental sanctions, and acts of authorities of the applicable jurisdiction. 486 | 487 | In paragraph j, third sentence, modify the sentence: "Neither party is responsible for failure to fulfill its non-monetary obligations due to causes beyond its control" as follows: 488 | 489 | In Ukraine: Neither party is responsible for failure to fulfill its non-monetary obligations due to causes or regulatory changes beyond its control, including but not limited to import, export and economic sanctions requirements of the United States. 490 | 491 | Add the following at the end of the section as new paragraph l: 492 | 493 | In Hungary: By entering into this Agreement, Licensee confirms that Licensee was sufficiently informed of all the provisions of this Agreement and had the opportunity to negotiate those terms. The following provisions may significantly deviate from the provisions generally applied by Hungarian law and both parties accept those provisions by signing the Agreement: Program License; Warranties; Charges, Taxes, Payment, and Verification; Liability and Intellectual Property Protection; Termination; Governing Laws and Geographic Scope; and General. 494 | 495 | In Czech Republic: Licensee expressly accepts the terms of this agreement which include the following important commercial terms: i) limitation and disclaimer of liability for defects (Warranties); ii) limitation of Licensee's entitlement to damages (Liability and Intellectual Property Protection); iii) binding nature of export and import regulations (Governing Laws and Geographic Scope); iv) shorter limitation periods (General); v) exclusion of applicability of provisions on adhesion contracts (General); and vi) acceptance of the risk of a change of circumstances (General). 496 | 497 | In Romania: The Licensee expressly accepts, the following standard clauses that may be deemed 'unusual clauses' as per the provisions of article 1203 Romanian Civil Code: clauses 2, 4, 5, 8j. The Licensee hereby acknowledges that it was sufficiently informed of all the provisions of this Agreement, including the clauses mentioned above, it properly analyzed and understood such provisions and had the opportunity to negotiate the terms of each clause. 498 | 499 | i125-5589-06 (10-2021) 500 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | **Table of Contents** _generated with [DocToc](https://github.com/thlorenz/doctoc)_ 5 | 6 | - [Overview](#overview) 7 | - [Download and verify software](#download-and-verify-software) 8 | - [Download from github release](#download-from-github-release) 9 | - [Download from IBM container registry](#download-from-ibm-container-registry) 10 | - [Check Certificate/Key Validity and Archives](#check-certificatekey-validity-and-archives) 11 | - [Install the plugin](#install-the-plugin) 12 | - [Installing your IBM Cloud Pak by mirroring Cloud Pak images to a private container registry](#installing-your-ibm-cloud-pak-by-mirroring-cloud-pak-images-to-a-private-container-registry) 13 | - [For macOS Catalina users](#for-macos-catalina-users) 14 | - [Support](#support) 15 | 16 | 17 | 18 | # Overview 19 | 20 | This repository provides the IBM Catalog Management Plug-in for IBM Cloud Paks via its github releases. The plugin streamlines the deployment of IBM CloudPaks in a disconnected environment which was done earlier using [cloudctl](https://github.com/IBM/cloud-pak-cli). 21 | 22 | ## Download and verify software 23 | 24 | There are two ways to obtain the plugin 25 | 26 | - [Github Release](#download-from-github-release) 27 | - [Container image](#download-from-ibm-container-registry) 28 | 29 | ### Download from github release 30 | 31 | 1. Download the gzipped tar archive for your OS from the assets in [releases](https://github.com/IBM/ibm-pak/releases) 32 | 2. Download the corresponding `.sig` file for verification purposes 33 | 34 | [Download for your OS](docs/download-github.md) 35 | 36 | ### Download from IBM container registry 37 | 38 | The plugin is also provided in a container image `cp.icr.io/cpopen/cpfs/ibm-pak:TAG` where `TAG` should be replaced with the corresponding plugin version, for example `cp.icr.io/cpopen/cpfs/ibm-pak:v1.18.1` will have `v1.18.1` of the plugin. 39 | 40 | The following command will create a container and copy the plug-ins for all the supported platforms in a directory, `plugin-dir`. You can specify any directory name and it will be created while copying. After copying, it will delete the temporary container. The `plugin-dir` will have all the binaries and other artifacts you find in a Github release and repo at [IBM/ibm-pak](https://github.com/IBM/ibm-pak). For example, 41 | 42 | 1. If you use docker: 43 | 44 | ``` 45 | id=$(docker create cp.icr.io/cpopen/cpfs/ibm-pak:v1.18.1 - ) 46 | docker cp $id:/ibm-pak-plugin plugin-dir 47 | docker rm -v $id 48 | cd plugin-dir 49 | ``` 50 | 51 | 2. If you podman: 52 | 53 | ``` 54 | id=$(podman create cp.icr.io/cpopen/cpfs/ibm-pak:v1.18.1 - ) 55 | podman cp $id:/ibm-pak-plugin plugin-dir 56 | podman rm -v $id 57 | cd plugin-dir 58 | ``` 59 | 60 | ### Check Certificate/Key Validity and Archives 61 | 62 | - [ibm-pak versions less than v1.5.0](docs/verify.md) 63 | 64 | - [ibm-pak versions greater than or equal to v1.5.0](docs/verify-v2.md) 65 | 66 | ## Install the plugin 67 | 68 | 1. Extract the downloaded plugin and copy to executable PATH. 69 | 70 | NOTE: 71 | 72 | - While copying, the destination name must be `oc-ibm_pak` (On windows, name must be `oc-ibm_pak.exe`) and cannot be changed including the dash and the underscore. These special characters are used by the oc command to find and setup the plugin 73 | - On Mac before copying oc-ibm_pak-darwin-amd64 to `/usr/local/bin/oc-ibm_pak` or any directory in your PATH, refer to [For macOS Catalina users](#for-macos-catalina-users) 74 | - If `/usr/local/bin` is not accessible then place it in an accessible folder and put that folder in PATH 75 | - On windows, copy `oc-ibm_pak-windows-amd64` to `$HOME\AppData\Local\Microsoft\WindowsApps\oc-ibm_pak.exe` or any directory and add this path to PATH environment variable. 76 | - See accompanying LICENSE file obtained on extracting for the allowed usage. 77 | 78 | For example on Mac, 79 | 80 | ```bash 81 | tar -xvf oc-ibm_pak-darwin-amd64.tar.gz 82 | cp oc-ibm_pak-darwin-amd64 /usr/local/bin/oc-ibm_pak 83 | ``` 84 | 85 | For example on Windows (from PowerShell), 86 | 87 | ```powershell 88 | tar -xvf oc-ibm_pak-windows-amd64.tar.gz 89 | Copy-Item oc-ibm_pak-windows-amd64 $HOME\AppData\Local\Microsoft\WindowsApps\oc-ibm_pak.exe 90 | ``` 91 | 92 | Verify that the installation was successful by issuing the below command 93 | 94 | ```bash 95 | oc ibm-pak --help 96 | ``` 97 | 98 | Information about plugin's available commands is described [in the doc](docs/command-help.md). 99 | 100 | ## Installing your IBM Cloud Pak by mirroring Cloud Pak images to a private container registry 101 | 102 | Steps are described [here](https://www.ibm.com/docs/en/cloud-paks/1.0?topic=plugin-installing-by-connected-disconnected-mirroring). 103 | For more information about available CASE names and versions, see [IBM: Product CASE to Application Version](https://ibm.github.io/cloud-pak/). 104 | 105 | Starting with `v1.8.0`, the plug-in lays the foundation for eventual support for catalog-based mirroring. Information about catalog-based mirroring is described [in the doc](docs/catalog-mirroring.md). At this time, catalog-based mirroring and `oc-mirror` tool usage is a **_Tech Preview_** feature, which may not be supported by all products. 106 | 107 | ## For macOS Catalina users 108 | 109 | Users on macOS Catalina might be prompted that `oc-ibm_pak-darwin-amd64` is not a trusted application. There are two ways to get around this: 110 | 111 | - Open Finder, control-click the application `oc-ibm_pak-darwin-amd64`, choose **Open** from the menu, and then click **Open** in the dialog that appears. Enter your admin name and password to open the app if promoted. 112 | 113 | - Enable developer-mode for your terminal window, which will allow everything. Make sure you are OK with this approach: 114 | - Open Terminal, and enter: 115 | ```console 116 | ❯ spctl developer-mode enable-terminal 117 | ``` 118 | - Go to System Preferences -> Security & Privacy -> Privacy Tab -> Developer Tools -> Terminal : Enable 119 | - Restart all terminals 120 | 121 | _See https://support.apple.com/en-ca/HT202491 for more information_ 122 | 123 | ## Support 124 | 125 | To report an issue or get help please visit https://www.ibm.com/docs/en/cpfs?topic=support-opening-case 126 | -------------------------------------------------------------------------------- /certificates/ibm-pak-plugin.pem.cer: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHljCCBX6gAwIBAgIQBMfb6OUpWnIg2NrQ8TDYxDANBgkqhkiG9w0BAQsFADBp 3 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT 4 | OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0 5 | IDIwMjEgQ0ExMB4XDTI0MDEwMzAwMDAwMFoXDTI2MDEwMzIzNTk1OVowgZ0xCzAJ 6 | BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMTQw 7 | MgYDVQQKEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0 8 | aW9uMTQwMgYDVQQDEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENv 9 | cnBvcmF0aW9uMIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvaXXzmBw 10 | ytRTN37nkmeqHNMBxLynOm6h8Z7t9WjFauIQ0VRC0J+ABJtkbGzYNdeX4P18PNzU 11 | 6H5uMKgJ5NLOuS/MivVnxh5RgH9bzBLGV8A9KgqW9JfIOeDV+OrX5b0o3KN90ym0 12 | glYaSliMuHfqyNnFunN5uPoUAU3eFJAS1iVcVa5lAX9Bopw72EcS6uK45BU4IbWF 13 | sGjjR+j0ewBZPUT6YNsxg0k2E3K2eF34V/hbiomT7iPCr+OvZbANFqm42gvvbC8U 14 | GQvBNrIwgxKBJegrZ133wKTTnuq8X1cBHUc0a4ivOc+YO9CPd1Odq6Gey8i82qMY 15 | VBHQVwJyEzrDiWhWaQEldE6evjSID0ax7Mi/Th2C0obyl9pTFBOLXhFGTmn5DAud 16 | wE70pHRIhTLNBGEOt+ojM1PqsNGoI7/VkxOp7mDmzsURgwhMY+f49B+bzm8yy2JM 17 | YA0IGjFbNMmZrnhrqwWb3dNv88ctdcIzVkDClDCLx3P3aAuBZ1HnD1UvTEg1ywIR 18 | llB5ei8o63oOgtRSuXrArgUULk/yXKZfbXbPAiSoFD0VFM3vCZDuopALncDi8HMx 19 | BsFWF/fRfhK3Xptgi+rDzK1Udpv7jHSLvXmCldv2brtezt4msg6hPN7HngdyVmJV 20 | 7l0oL5MlFtrEnQQNw2Q19uJvfETF3ca7H00CAwEAAaOCAgMwggH/MB8GA1UdIwQY 21 | MBaAFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB0GA1UdDgQWBBTcx/6m+dky00sLYNxk 22 | QaFb9eo4YTA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsGAQUFBwIBFhtodHRw 23 | Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwDgYDVR0PAQH/BAQDAgeAMBMGA1UdJQQM 24 | MAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwzLmRp 25 | Z2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5NlNI 26 | QTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5jb20v 27 | RGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIxQ0Ex 28 | LmNybDCBlAYIKwYBBQUHAQEEgYcwgYQwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3Nw 29 | LmRpZ2ljZXJ0LmNvbTBcBggrBgEFBQcwAoZQaHR0cDovL2NhY2VydHMuZGlnaWNl 30 | cnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZEc0Q29kZVNpZ25pbmdSU0E0MDk2U0hBMzg0 31 | MjAyMUNBMS5jcnQwCQYDVR0TBAIwADANBgkqhkiG9w0BAQsFAAOCAgEAnLNG/b+Y 32 | xi/nm0jifYbKlMWeSra+/mJm63V67F0Jzhz2/oLN8g9wvJpoTt6gK1seFEqKyM7f 33 | icgGbTIblC/xO7r2QLZXvVai83OfW9y9DsSzOr7vRcxzoh4hurH17IlYcNEtl+lM 34 | HJmQ8oojYdavi8yHetzw4apRtkZWcGMYg8X6AoQ3D6gZ0KAu2lxshHnm7yhvwCDW 35 | H5wPKZL6PMnZ3qTjonSuIiCBvFzjz252MblPEJzLpBiuOtgJ8duw/QC+q1dfeMod 36 | Fz//1vla6Vj/R+jq/E0rG60S8WkEy94UAw2bTJ/5Y2FKymqTH05JXyjEEm4OO3zZ 37 | RXPTTeUCPEUIHeBGQYsTrIgN7HSMrRJkhFfWRgSZ/gUgZ7f0WstUM8qwFukDvmQw 38 | oePFLegqQeRwuvqB4bwo7nzaG5wOYVwTktYMgNXvWpZEyaTdOv0lStX2KmyBt7jk 39 | 7BJtTDjcUiKrnTxidJT1V0sTp9vbXJuAvGiSlo6dUmECXjrJpPtjKktqzqe+DlPY 40 | S/R7qfTySoym+DPE3NarUTQ0deoYTJl7OXUDxASTNx7tuiBAON9dh0p1QJeT6pCU 41 | 68ldXlC1zWSelXcSRTphmPd+ALKpg6aqSvO7bSMVmEDOo31jK8fkNiEd45qnvkL4 42 | gn2Nzx8wLiPAG6M8+2FoD1FVXUqvu6uBHNw= 43 | -----END CERTIFICATE----- 44 | -------------------------------------------------------------------------------- /certificates/ibm-pak-plugin.pem.chain: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBi 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 5 | RzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJV 6 | UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRy 7 | dXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIIC 8 | IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1 9 | M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZ 10 | wZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI 11 | 8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGi 12 | TUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLm 13 | ysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3S 14 | vUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tv 15 | k2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+ 16 | 960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3s 17 | MJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FK 18 | PkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1H 19 | s/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAw 20 | HQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LS 21 | cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF 22 | BQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp 23 | Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu 24 | Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy 25 | aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j 26 | cmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQAD 27 | ggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L 28 | /Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHV 29 | UHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rd 30 | KOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK 31 | 6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43N 32 | b3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4Z 33 | XDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvm 34 | oLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8 35 | y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMM 36 | B0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+F 37 | SCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO 38 | -----END CERTIFICATE----- 39 | -----BEGIN CERTIFICATE----- 40 | MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi 41 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 42 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 43 | RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV 44 | UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu 45 | Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG 46 | SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y 47 | ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If 48 | xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV 49 | ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO 50 | DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ 51 | jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ 52 | CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi 53 | EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM 54 | fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY 55 | uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK 56 | chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t 57 | 9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB 58 | hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD 59 | ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 60 | SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd 61 | +SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc 62 | fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa 63 | sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N 64 | cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N 65 | 0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie 66 | 4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI 67 | r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 68 | /YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm 69 | gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ 70 | -----END CERTIFICATE----- 71 | -------------------------------------------------------------------------------- /certificates/ibm-pak-plugin.pem.pub.key: -------------------------------------------------------------------------------- 1 | -----BEGIN PUBLIC KEY----- 2 | MIICIjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEAvaXXzmBwytRTN37nkmeq 3 | HNMBxLynOm6h8Z7t9WjFauIQ0VRC0J+ABJtkbGzYNdeX4P18PNzU6H5uMKgJ5NLO 4 | uS/MivVnxh5RgH9bzBLGV8A9KgqW9JfIOeDV+OrX5b0o3KN90ym0glYaSliMuHfq 5 | yNnFunN5uPoUAU3eFJAS1iVcVa5lAX9Bopw72EcS6uK45BU4IbWFsGjjR+j0ewBZ 6 | PUT6YNsxg0k2E3K2eF34V/hbiomT7iPCr+OvZbANFqm42gvvbC8UGQvBNrIwgxKB 7 | JegrZ133wKTTnuq8X1cBHUc0a4ivOc+YO9CPd1Odq6Gey8i82qMYVBHQVwJyEzrD 8 | iWhWaQEldE6evjSID0ax7Mi/Th2C0obyl9pTFBOLXhFGTmn5DAudwE70pHRIhTLN 9 | BGEOt+ojM1PqsNGoI7/VkxOp7mDmzsURgwhMY+f49B+bzm8yy2JMYA0IGjFbNMmZ 10 | rnhrqwWb3dNv88ctdcIzVkDClDCLx3P3aAuBZ1HnD1UvTEg1ywIRllB5ei8o63oO 11 | gtRSuXrArgUULk/yXKZfbXbPAiSoFD0VFM3vCZDuopALncDi8HMxBsFWF/fRfhK3 12 | Xptgi+rDzK1Udpv7jHSLvXmCldv2brtezt4msg6hPN7HngdyVmJV7l0oL5MlFtrE 13 | nQQNw2Q19uJvfETF3ca7H00CAwEAAQ== 14 | -----END PUBLIC KEY----- 15 | -------------------------------------------------------------------------------- /docs/catalog-mirroring.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Mirror tool configuration](#mirror-tool-configuration) 6 | - [Catalog curation](#catalog-curation) 7 | - [Online path](#online-path) 8 | 9 | 10 | 11 | # Mirror tool configuration 12 | * Starting with `v1.8.0`, to mirror the images to the final location, the plug-in provides support for mirror tool configuration to enable `oc image mirror` or `oc mirror` tool. 13 | * By default, plug-in is configured with `oc image mirror` tool. To enable `oc mirror` tool for mirroring, Run the following command: 14 | ``` 15 | oc ibm-pak config mirror-tools --enabled oc-mirror 16 | ``` 17 | 1. `oc image mirror` tool: 18 | * Uses an images mapping text file, which contains zero or more lines formatted as `=`, with one line per image. This file is generated by the plugin, and uses the images provided by the product CASE(s) as the source image reference. 19 | * Accepts a list of arguments defining source images that should be pushed to the provided destination image tag. 20 | * Images in manifest list format will be copied as-is unless you use `--filter-by-os` flag to restrict the allowed images to copy in a manifest list.This flag has no effect on regular images. 21 | * When using file mirroring, the `--dir` and `--from-dir` flags control the location on disk that content will be stored to. 22 | 23 | 2. `oc mirror` tool: 24 | * Uses a declarative image set configuration file where source images are provided either directly via `additionalImages` or indirectly via `relatedImages` which are defined within one or more catalog(s). It is also possible to limit which images are mirrored from a given catalog by specifying the packages and channels for a given operator so that you only mirror the images that your cluster needs. An image set configuration file is generated by the plugin when this tool is enabled. 25 | * Performs incremental mirroring, which reduces the size of future image sets. 26 | * Prunes images from the target mirror registry that were excluded from the image set configuration since the previous execution. 27 | * Provides a centralised method to mirror Operators and other images. 28 | 29 | * One of the important differences between these two tool choices is source for the images. In the `oc image mirror` scenario, the images are defined in the CASE(s) whereas in the `oc mirror` scenario the images are defined in the catalogs. The mirror tool configuration enable customers to control when to switch from CASE to CATALOG mirroring when they are ready. 30 | 31 | # Catalog curation 32 | * Catalog curation is the process of taking multiple catalogs as inputs, along with some constraints to produce a newly merged catalog. This capability is possible because we can merge the contents of a catalog (i.e. a File-Based Catalog (FBC)) in such a way to avoid merge conflicts. 33 | * A pre-curated catalog is purpose-built catalog of OLM operators that limit the scope of Operators that are available to just a few packages, channels and the specific operator versions (the bundles) within those channels. 34 | * Suppose you start with a catalog that contains product A and some time in the future you choose a catalog that contains product B. These catalogs will be merged together so that product B and product A will reside in the final catalog. This final catalog represents a single curated catalog which can then be mirrored using `oc mirror`. The curated catalog resides on disk in `.ibm-pak/data/publish/latest/catalog-oci/manifest-list` and the image set config references this location. 35 | * Catalog curation enable customers to build catalogs incrementally with the products pinned to the version which they need. 36 | * IBM product teams control when their Catalogs (defined within their CASE) become source of truth for catalog curation. In other words, an IBM product team has to opt into catalog curation, just as customers have to opt into catalog curation. This opt in behavior allows for a transition period to switch from CASE based mirroring to catalog based mirroring. 37 | 38 | * Run the following command to generate mirror manifests to be used when mirroring. 39 | ``` 40 | oc ibm-pak generate mirror-manifests \ 41 | $CASE_NAME \ 42 | $TARGET_REGISTRY \ 43 | --version $CASE_VERSION 44 | ``` 45 | 46 | * If product CASE supports catalog mirroring and you have enabled `oc mirror` tool, `generate mirror manifests` command will curate the catalog and generate `image-set-config.yaml` metadata file in `~/.ibm-pak/data/publish/latest` directory. The following tree shows an example of the `~/.ibm-pak/data/publish` directory. 47 | ``` 48 | tree ~/.ibm-pak/data/publish/ 49 | /root/.ibm-pak/data/publish/ 50 | └── latest 51 | ├── catalog 52 | │ └── catalog.json 53 | ├── catalog-oci 54 | │ └── manifest-list 55 | │ ├── blobs 56 | │ │ └── sha256 57 | │ │ ├── xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 58 | │ │ ├── xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 59 | │ │ └── xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 60 | │ ├── index.json 61 | │ └── oci-layout 62 | └── image-set-config.yaml 63 | ``` 64 | 65 | * To mirror images to the TARGET_REGISTRY, first push the OCI image to a registry and update the `image-set-config.yaml` file to refer to the location where the image was pushed. You can push to the same TARGET_REGISTRY where all the images will be mirrored eventually. Support for referring OCI images directly in the `image-set-config.yaml` will be available in future release of `oc mirror`. 66 | ``` 67 | oc mirror --config /root/.ibm-pak/data/publish/latest/image-set-config.yaml docker://$TARGET_REGISTRY --dest-skip-tls --max-per-registry=6 68 | ``` 69 | 70 | * If product CASE doesn't support catalog mirroring but you have enabled `oc mirror` tool, `generate mirror manifests` command will generate `image-set-config.yaml` (without catalog curation) in `~/.ibm-pak/data/mirror` directory. 71 | ``` 72 | tree ~/.ibm-pak/data/mirror/ 73 | /root/.ibm-pak/data/mirror/ 74 | └── CASE-NAME 75 | └── CASE-VERSION 76 | ├── catalog-sources.yaml 77 | └── image-set-config.yaml 78 | ``` 79 | 80 | * To mirror images to the TARGET_REGISTRY: 81 | ``` 82 | oc mirror --config /root/.ibm-pak/data/mirror///image-set-config.yaml docker://$TARGET_REGISTRY --dest-skip-tls --max-per-registry=6 83 | ``` 84 | 85 | # Online path 86 | * Starting with `v1.8.0`, plug-in supports generation of online manifests for the online consumption of products using `oc ibm-pak generate online-manifests` command. 87 | * The online manifests uses public image locations (i.e. icr.io is source of images). Hence, unlike mirror manifests,`target-registry` positional argument and `--final-registry` flag are not required. 88 | * The process for generating the catalog source is the same as the mirror manifests. But, the difference is that the catalog reference can be used as-is. 89 | * As mirroring is not required for online consumption, no ICSP needs to be generated. 90 | * Run the following command to generate online manifests 91 | ``` 92 | oc ibm-pak generate online-manifests $CASE_NAME --version $CASE_VERSION 93 | ``` 94 | * A new directory `~/.ibm-pak/online` is created when you issue the `oc ibm-pak generate online-manifests` command. This directory holds the catalog-sources.yaml and images.txt (reference to souce images) files. 95 | ``` 96 | tree ~/.ibm-pak/data/online 97 | /root/.ibm-pak/data/online 98 | └── CASE-NAME 99 | └── CASE-VERSION 100 | ├── catalog-sources.yaml 101 | └── images.txt 102 | ``` 103 | 104 | * If product CASE supports catalog mirroring and you have enabled `oc mirror` tool, `generate online manifests` command will curate the catalog and generate the curated catalog in `~/.ibm-pak/data/publish/latest` directory. The following tree shows an example of the `~/.ibm-pak/data/publish` directory. 105 | ``` 106 | tree ~/.ibm-pak/data/publish/ 107 | /root/.ibm-pak/data/publish/ 108 | └── latest 109 | ├── catalog 110 | │ └── catalog.json 111 | ├── catalog-oci 112 | │ └── manifest-list 113 | │ ├── blobs 114 | │ │ └── sha256 115 | │ │ ├── xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 116 | │ │ ├── xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 117 | │ │ └── xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx 118 | │ ├── index.json 119 | │ └── oci-layout 120 | ├── catalog-sources.yaml 121 | └── image-set-config.yaml 122 | ``` 123 | * To copy the curated catalog to registry: 124 | ``` 125 | skopeo copy --format v2s2 --all oci:///root/.ibm-pak/data/publish/latest/catalog-oci/manifest-list docker:// 126 | ``` 127 | * Note: In the above command and in `/root/.ibm-pak/data/publish/latest/catalog-sources.yaml` file, replace `` placeholder with an actual image reference where you want to copy the curated catalog. E.g setting `` to `myregistry.com/images/curated-catalog:1.0`, the above command becomes: 128 | ``` 129 | skopeo copy --format v2s2 --all oci:///root/.ibm-pak/data/publish/latest/catalog-oci/manifest-list docker://myregistry.com/images/curated-catalog:1.0 130 | ``` -------------------------------------------------------------------------------- /docs/command-help.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [ibm-pak help](#ibm-pak-help) 6 | - [ibm-pak config repo](#ibm-pak-config-repo) 7 | - [ibm-pak config locale](#ibm-pak-config-locale) 8 | - [ibm-pak config color](#ibm-pak-config-color) 9 | - [ibm-pak config mirror-tools](#ibm-pak-config-mirror-tools) 10 | - [ibm-pak config mirror-tools oc-image-mirror](#ibm-pak-config-mirror-tools-oc-image-mirror) 11 | - [ibm-pak config mirror-tools oc-mirror](#ibm-pak-config-mirror-tools-oc-mirror) 12 | - [ibm-pak config catalog-builder](#ibm-pak-config-catalog-builder) 13 | - [ibm-pak config](#ibm-pak-config) 14 | - [ibm-pak get](#ibm-pak-get) 15 | - [ibm-pak generate mirror-manifests](#ibm-pak-generate-mirror-manifests) 16 | - [ibm-pak describe](#ibm-pak-describe) 17 | - [ibm-pak generate online-manifests](#ibm-pak-generate-online-manifests) 18 | - [ibm-pak launch](#ibm-pak-launch) 19 | - [ibm-pak list](#ibm-pak-list) 20 | - [ibm-pak verify](#ibm-pak-verify) 21 | 22 | # ibm-pak help 23 | Deploy IBM Cloud Paks in a disconnected environment or generate image mirror manifest files 24 | 25 | Usage: 26 | ``` 27 | oc ibm-pak --help 28 | 29 | Available Commands: 30 | config Displays changes to configuration file used by this plugin 31 | describe Describe command prints image lists, dependencies, registries and other information for this CASE 32 | generate Generate command 33 | get Download a CASE or a set of components referred by a ComponentSetConfig file from a repository like github, oci-compliant registry etc 34 | help Help about any command 35 | launch Launch a CASE into the targeted cluster. 36 | list List CASEs available in the enabled repository or downloaded into the local directory by get command 37 | verify Verify the integrity of downloaded CASEs 38 | 39 | Flags: 40 | -h, --help help for ibm-pak 41 | --insecure skip TLS/SSL verification (optional) 42 | --log_file string If non-empty, use this log file 43 | -v, --v int number for the log level verbosity [0 (normal), 1 (fine), 2 (finer) or 3 (finest)] 44 | --version print version (optional) 45 | Use "oc ibm-pak [command] --help" for more information about a command. 46 | 47 | Environment Variables: 48 | IBMPAK_HOME the directory under which the plugin will create .ibm-pak directory to store the plugin command execution results 49 | in specific folders like config, data etc (default "user's home directory") 50 | IBMPAK_TOLERANCE_RETRY when set to false, launch script execution failure will not be retried 51 | when set to true, launch script execution failures will be retried without the --tolerance flag (default "true") 52 | IBMPAK_RESOLVE_DEPENDENCIES when set to false, no CASE references will be resolved (default "true") 53 | IBMPAK_LAUNCH_SKIP_PREREQ_CHECK when set to true, will skip checking prerequisites in the launch framework (default "false") 54 | IBMPAK_HTTP_TIMEOUT Overrides the default HTTP timeout value used in client calls to external servers. Measured in seconds (default "20") 55 | IBMPAK_HTTP_RETRY Maximum http retry attempts, for example when a timeout is encountered on slow networks (default "3") 56 | HTTPS_PROXY or https_proxy the URL of a HTTPS proxy (e.g. https://[user]:[pass]@[proxy_ip]:[proxy_port]) (default "") 57 | HTTP_PROXY or http_proxy the URL of a HTTP proxy (e.g. http://[user]:[pass]@[proxy_ip]:[proxy_port]) (default "") 58 | NO_COLOR when present and not an empty string (regardless of its value) disables colored text output (default "") 59 | ``` 60 | # ibm-pak config repo 61 | Configure the plug-in to download CASEs from the raw github url or as OCI artifacts from IBM Cloud Container Registry (ICR). 62 | 63 | Usage: 64 | ``` 65 | oc ibm-pak config repo [--url=] [--delete|--enable] 66 | 67 | Flags: 68 | -d, --delete deletes the repository with the argument (optional) 69 | -e, --enable Marks the repository with the argument to be selected for downloading a CASE. Only one repo can be configured to be enabled (optional) 70 | -h, --help help for repo 71 | -r, --url "raw github url" "raw github url" for a CASE repository (default "https://github.com/IBM/cloud-pak/raw/master/repo/case/") 72 | 73 | Global Flags: 74 | --insecure skip TLS/SSL verification (optional) 75 | --log_file string If non-empty, use this log file 76 | -v, --v int number for the log level verbosity [0 (normal), 1 (fine), 2 (finer) or 3 (finest)] 77 | ``` 78 | 79 | Example: 80 | - Add a repository with default url (`https://github.com/IBM/cloud-pak/raw/master/repo/case/`) 81 | ``` 82 | oc ibm-pak config repo 'IBM Cloud-Pak Github Repo' 83 | ``` 84 | 85 | - Add/Update a repository 86 | ``` 87 | oc ibm-pak config repo 'IBM Cloud-Pak OCI registry' --url oci:cp.icr.io/cpopen 88 | ``` 89 | 90 | - Remove a repository 91 | ``` 92 | oc ibm-pak config repo 'IBM Cloud-Pak OCI registry' --delete 93 | ``` 94 | 95 | - Enable a repository 96 | ``` 97 | oc ibm-pak config repo 'IBM Cloud-Pak Github Repo' --enable 98 | 99 | OR 100 | 101 | oc ibm-pak config repo 'IBM Cloud-Pak Github Repo' --url https://github.com/IBM/cloud-pak/raw/master/repo/case/ --enable 102 | ``` 103 | 104 | # ibm-pak config locale 105 | Configure locale for plug-in. 106 | 107 | Usage: 108 | ``` 109 | oc ibm-pak config locale --language= 110 | 111 | Flags: 112 | -h, --help help for locale 113 | -l, --language string Set default language, an empty value will trigger an auto detection of the language 114 | ``` 115 | 116 | Example: 117 | - Update Locale 118 | ``` 119 | oc ibm-pak config locale -l fr_FR 120 | ``` 121 | 122 | - Reset locale to default, system detects the locale to use 123 | ``` 124 | oc ibm-pak config locale -l "" 125 | ``` 126 | 127 | # ibm-pak config color 128 | Enable/disable color output (Supported with ibm-pak version `v1.4.0` or higher) 129 | 130 | Usage: 131 | ``` 132 | oc ibm-pak config color --enable 133 | 134 | Flags: 135 | -e, --enable string Enable coloring the plugin's command output in the console 136 | -h, --help help for color 137 | ``` 138 | 139 | Example: 140 | - Enable color output 141 | ``` 142 | oc ibm-pak config color --enable true 143 | ``` 144 | 145 | - Disable color output 146 | ``` 147 | oc ibm-pak config color --enable false 148 | ``` 149 | 150 | # ibm-pak config mirror-tools 151 | Configure the mirror-tools (Supported with ibm-pak version `v1.8.0` or higher) 152 | 153 | Usage: 154 | ``` 155 | oc ibm-pak config mirror-tools --enabled 156 | 157 | Flags: 158 | -e, --enabled string Set the enabled tool to be used from the following list: oc-image-mirror, oc-mirror (default "oc-image-mirror") 159 | -h, --help help for mirror-tools 160 | ``` 161 | 162 | Example: 163 | - Enable oc image mirror tool 164 | ``` 165 | oc ibm-pak config mirror-tools --enabled oc-image-mirror 166 | ``` 167 | 168 | - Enable oc mirror tool 169 | ``` 170 | oc ibm-pak config mirror-tools --enabled oc-mirror 171 | ``` 172 | 173 | # ibm-pak config mirror-tools oc-image-mirror 174 | Configure the oc-image-mirror tool settings (Supported with ibm-pak version `v1.8.0` or higher) 175 | 176 | Usage: 177 | ``` 178 | oc ibm-pak config mirror-tools oc-image-mirror < --connected-flags|--disconnected-target-flags|--disconnected-final-flags > 179 | 180 | Flags: 181 | --connected-flags string Set the connected mirroring flags for configuring the oc image mirror tool in connected mode (Setting this flag as AUTO_GENERATE will make the plugin use --filter-by-os '.*' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1) (default "AUTO_GENERATE") 182 | 183 | --disconnected-final-flags string Set the disconnected mirroring to final flags for configuring the oc image mirror tool to final registry in disconnected mode (Setting this flag as AUTO_GENERATE will make the plugin use --filter-by-os '.*' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1 --from-dir "$IMAGE_PATH") (default "AUTO_GENERATE") 184 | 185 | --disconnected-target-flags string Set the disconnected mirroring to target flags for configuring the oc image mirror tool to target filesystem or registry in disconnected mode (Setting this flag as AUTO_GENERATE will make the plugin use --filter-by-os '.*' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1 --dir "$IMAGE_PATH") (default "AUTO_GENERATE") 186 | 187 | -h, --help help for oc-image-mirror 188 | ``` 189 | 190 | Example: 191 | 192 | - Update connected-flags 193 | ``` 194 | oc ibm-pak config mirror-tools oc-image-mirror --connected-flags '--filter-by-os '\''.*'\'' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1' 195 | ``` 196 | 197 | - Reset connected-flags to AUTO_GENERATE (to reset flag value to default value) 198 | ``` 199 | oc ibm-pak config mirror-tools oc-image-mirror --connected-flags AUTO_GENERATE 200 | ``` 201 | 202 | - Update disconnected-target-flags 203 | ``` 204 | oc ibm-pak config mirror-tools oc-image-mirror --disconnected-target-flags '--filter-by-os '\''.*'\'' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1 --dir "$IMAGE_PATH"' 205 | ``` 206 | 207 | - Update disconnected-final-flags 208 | ``` 209 | oc ibm-pak config mirror-tools oc-image-mirror --disconnected-final-flags '--filter-by-os '\''.*'\'' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1 --from-dir "$IMAGE_PATH"' 210 | ``` 211 | 212 | # ibm-pak config mirror-tools oc-mirror 213 | Configure the oc-mirror tool settings (Supported with ibm-pak version `v1.8.0` or higher) 214 | 215 | Usage: 216 | ``` 217 | oc ibm-pak config mirror-tools oc-mirror --storage= [--storage-skip-tls] --target-catalog= --target-tag= < --connected-flags|--disconnected-target-flags|--disconnected-final-flags > 218 | 219 | Flags: 220 | --connected-flags string Set the connected mirroring flags for configuring the oc mirror tool in connected mode (Setting this flag as AUTO_GENERATE will make the plugin use --dest-skip-tls --max-per-registry=6) (default "AUTO_GENERATE") 221 | 222 | --disconnected-final-flags string Set the disconnected mirroring to final flags for configuring the oc mirror tool to final registry in disconnected mode (Setting this flag as AUTO_GENERATE will make the plugin use --dest-skip-tls --from=sequence_file.tar) (default "AUTO_GENERATE") 223 | 224 | --disconnected-target-flags string Set the disconnected mirroring to target flags for configuring the oc mirror tool to target filesystem or registry in disconnected mode (Setting this flag as AUTO_GENERATE will make the plugin use --dest-skip-tls --max-per-registry=6) (default "AUTO_GENERATE") 225 | 226 | -h, --help help for oc-mirror 227 | 228 | -s, --storage string Set the storage via a file or a docker reference 229 | 230 | --storage-skip-tls Disable TLS verification when using a registry server as storage (applies only to docker registry) 231 | 232 | --target-catalog string Set the target catalog (including registry path) (default "ibm-catalog") 233 | 234 | --target-tag string Set the target catalog tag (Setting this flag as AUTO_GENERATE will make the plugin generate target tag dynamically) (default "AUTO_GENERATE") 235 | ``` 236 | 237 | Example: 238 | - Configure a local path based storage 239 | ``` 240 | oc ibm-pak config mirror-tools oc-mirror --storage file:///tmp/local-backed 241 | ``` 242 | 243 | - Configure a registry based storage for oc-mirror 244 | ``` 245 | oc ibm-pak config mirror-tools oc-mirror --storage docker://quay.io/foo/bar:example 246 | ``` 247 | 248 | - Configure a registry based storage for oc-mirror allowing insecure connections 249 | ``` 250 | oc ibm-pak config mirror-tools oc-mirror --storage docker://quay.io/foo/bar:example --storage-skip-tls 251 | ``` 252 | 253 | - Configure a target catalog and target tag 254 | ``` 255 | oc ibm-pak config mirror-tools oc-mirror --target-catalog ibm-catalog --target-tag latest 256 | ``` 257 | 258 | - Update connected-flags 259 | ``` 260 | oc ibm-pak config mirror-tools oc-mirror --connected-flags '--dest-skip-tls --max-per-registry=6' 261 | ``` 262 | 263 | - Reset connected-flags to AUTO_GENERATE 264 | ``` 265 | oc ibm-pak config mirror-tools oc-mirror --connected-flags AUTO_GENERATE 266 | ``` 267 | 268 | - Update disconnected-target-flags 269 | ``` 270 | oc ibm-pak config mirror-tools oc-mirror --disconnected-target-flags '--dest-skip-tls --max-per-registry=6' 271 | ``` 272 | 273 | - Update disconnected-final-flags 274 | ``` 275 | oc ibm-pak config mirror-tools oc-mirror --disconnected-final-flags '--dest-skip-tls --from=sequence_file.tar' 276 | ``` 277 | 278 | # ibm-pak config catalog-builder 279 | Configures the catalog-builder settings (Supported with ibm-pak version `v1.8.0` or higher) 280 | 281 | Usage: 282 | ``` 283 | oc ibm-pak config catalog-builder --base-image myregistry.com/images/base-image:1.0 284 | 285 | Flags: 286 | --base-image string Set the base image for fbc catalog (Setting this flag as AUTO_GENERATE will make the plugin use icr.io/cpopen/ibm-operator-catalog:fbc-base-latest) (default "AUTO_GENERATE") 287 | -h, --help help for catalog-builder 288 | ``` 289 | 290 | Example: 291 | - Configure a catalog base image used during curation 292 | ``` 293 | oc ibm-pak config catalog-builder --base-image icr.io/cpopen/ibm-operator-catalog:fbc-base-latest 294 | ``` 295 | 296 | - Reset catalog base image to AUTO_GENERATE 297 | ``` 298 | oc ibm-pak config catalog-builder --base-image AUTO_GENERATE 299 | ``` 300 | 301 | # ibm-pak config 302 | To see the existing configuration details for plug-in. 303 | 304 | Usage: 305 | ``` 306 | oc ibm-pak config [-o yaml|json] 307 | ``` 308 | 309 | Example Output : 310 | ``` 311 | 312 | Config file 313 | 314 | Version: 1.1.0 315 | 316 | Repository Config 317 | 318 | Name CASE Repo URL 319 | ---- ------------- 320 | IBM Cloud-Pak Github Repo * https://github.com/IBM/cloud-pak/raw/master/repo/case/ 321 | IBM Cloud-Pak OCI registry oci:cp.icr.io/cpopen 322 | 323 | Locale Config 324 | 325 | Language: en_US 326 | 327 | Color Config 328 | 329 | Enabled: true 330 | 331 | Mirror Tools Config 332 | 333 | oc image mirror: 334 | --------------- 335 | Connected Mirroring Flags: 336 | AUTO_GENERATE (--filter-by-os '.*' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1) 337 | 338 | Disconnected Mirroring Flags: 339 | To Target FileSystem or Registry: 340 | AUTO_GENERATE (--filter-by-os '.*' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1 --dir "$IMAGE_PATH") 341 | 342 | To Final Registry: 343 | AUTO_GENERATE (--filter-by-os '.*' -a $REGISTRY_AUTH_FILE --insecure --skip-multiple-scopes --max-per-registry=1 --from-dir "$IMAGE_PATH") 344 | 345 | oc mirror: 346 | --------- 347 | Local storage config: 348 | Path: /root/.ibm-pak/oc-mirror-storage 349 | 350 | Connected Mirroring Flags: 351 | AUTO_GENERATE (--dest-skip-tls --max-per-registry=6) 352 | 353 | Disconnected Mirroring Flags: 354 | To Target FileSystem or Registry: 355 | AUTO_GENERATE (--dest-skip-tls --max-per-registry=6) 356 | 357 | To Final Registry: 358 | AUTO_GENERATE (--dest-skip-tls) 359 | 360 | Target catalog: ibm-catalog 361 | 362 | Target tag: AUTO_GENERATE 363 | 364 | 365 | Enabled tool: oc image mirror 366 | 367 | Catalog Builder Config 368 | 369 | Base image: AUTO_GENERATE (icr.io/cpopen/ibm-operator-catalog:fbc-base-latest) 370 | 371 | ``` 372 | 373 | # ibm-pak get 374 | Download a CASE or a set of components referred by a ComponentSetConfig file from a repository like github, oci-compliant registry etc. 375 | 376 | Usage: 377 | ``` 378 | oc ibm-pak get ( [--version ] | --component-set-config ) 379 | 380 | Flags: 381 | -c, --component-set-config URI A URI that points to a file containing a ComponentSetConfig. Acceptable URI examples: 382 | file:///path/to/file/component-set-config.yaml 383 | file://localhost/path/to/file/component-set-config.yaml 384 | http://host:port/path/to/file/component-set-config.yaml 385 | https://host:port/path/to/file/component-set-config.yaml 386 | 387 | -h, --help help for get 388 | --install-method string Install method to generate manifests as per install type. One of: [OLM, helm] (default "OLM") 389 | --skip-dependencies skip downloading dependencies (optional) 390 | --skip-verify if provided, skips the certification verification (optional) 391 | --version string the "semantic version range" specifying the CASE to download, e.g. '2.0.0' or '>=1.0.0, <=3.0.0' (optional - assumes latest if not provided) 392 | 393 | Environment Variables: 394 | IBMPAK_RESOLVE_DEPENDENCIES when set to false, no CASE references will be resolved (default "true") 395 | IBMPAK_HTTP_TIMEOUT Overrides the default HTTP timeout value used in client calls to external servers. Measured in seconds (default "20") 396 | IBMPAK_HTTP_RETRY Maximum http retry attempts, for example when a timeout is encountered on slow networks (default "3") 397 | HTTPS_PROXY or https_proxy the URL of a HTTPS proxy (e.g. https://[user]:[pass]@[proxy_ip]:[proxy_port]) (default "") 398 | HTTP_PROXY or http_proxy the URL of a HTTP proxy (e.g. http://[user]:[pass]@[proxy_ip]:[proxy_port]) (default "") 399 | ``` 400 | 401 | Example: 402 | - Download a CASE from a repository like github, oci-compliant registry 403 | ``` 404 | oc ibm-pak get ibm-my-cloudpak --version 1.0.0 405 | ``` 406 | 407 | - Download a set of components referred by a ComponentSetConfig file (Supported with ibm-pak version `v1.4.0` or higher) 408 | ``` 409 | oc ibm-pak get -c file:///root/component-set-config.yaml 410 | ``` 411 | 412 | - Download a CASE without resolving dependencies 413 | ``` 414 | oc ibm-pak get ibm-my-cloudpak --version 1.0.0 --skip-dependencies 415 | ``` 416 | 417 | - Download a CASE for `OLM` install method (Supported with ibm-pak version `v1.18.0` or higher) 418 | ``` 419 | oc ibm-pak get ibm-my-cloudpak --version 1.0.0 --install-method OLM 420 | ``` 421 | 422 | - Download a CASE for `helm` install method (Supported with ibm-pak version `v1.18.0` or higher) 423 | ``` 424 | oc ibm-pak get ibm-my-cloudpak --version 1.0.0 --install-method helm 425 | ``` 426 | 427 | # ibm-pak generate mirror-manifests 428 | Generate mirror manifests for a CASE 429 | 430 | Usage: 431 | ``` 432 | oc ibm-pak generate mirror-manifests --version --filter [--final-registry ] 433 | 434 | Flags: 435 | --authfile string Auth file path to override default location to pull catalog from registry requiring authentication (optional) 436 | --dry-run If option provided, leave the merged FBC content in staging directory (optional) 437 | --enable-restricted-scc if provided, generates catalog sources with restricted securityContextConfig (optional) 438 | --filter string comma separated list of values, which can either be a group name or architecture (default "") 439 | --final-max-components int The maximum number of path components allowed in a final registry mapping (0: all paths used, 1: error - not allowed, 2 and more: paths compressed from right to left to honor # provided) (optional) 440 | --final-registry string if the target registry is a filesystem (has a "file://" prefix), then this argument must be provided to generate proper ICSP and Catalog Sources, 441 | if the target registry is a registry server, then this argument can be provided optionally to enable mirroring to an intermediate registry followed by mirroring to a final registry specified by this argument (default "") 442 | -h, --help help for mirror-manifests 443 | --install-method string Install method to generate manifests as per install type. One of: [OLM, helm] (default "OLM") 444 | --max-components int The maximum number of path components allowed in a target registry mapping (0: all paths used, 1: error - not allowed, 2 and more: paths compressed from right to left to honor # provided) (optional) 445 | --max-icsp-size int The maximum number of bytes for the generated ICSP yaml(s) when using --max-components. Defaults to 250000 (default 250000) 446 | --max-idms-size int The maximum number of bytes for the generated IDMS yaml(s) when using --max-components. Defaults to 250000 (default 250000) 447 | --version string the exact "case version" already downloaded by "oc ibm-pak get" (optional - assumes latest if not provided) 448 | ``` 449 | 450 | Example: 451 | - Generate mirror manifests for a target registry (Connected mirroring) 452 | ``` 453 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 454 | ``` 455 | 456 | - Generate mirror manifests for a target directory structure that can be served as a registry (Disconnected mirroring) 457 | ``` 458 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak file://myrepository --version 1.0.0 --final-registry myregistry.com 459 | ``` 460 | 461 | - Generate mirror manifests for mirroring images to an intermediate registry and from that registry to a final registry specified via `final-registry` argument. This creates `images-mapping-to-registry.txt` and `images-mapping-from-registry.txt`. Both of these files should used as input to `oc image mirror` command. 462 | ``` 463 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak intermediate-registry.com --version 1.0.0 --final-registry myregistry.com 464 | ``` 465 | 466 | - Generate mirror manifests with image filtering by group 467 | ``` 468 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --filter imageGroup1,imageGroup2 469 | ``` 470 | 471 | - Generate mirror manifests for an insecure target registry 472 | ``` 473 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --insecure 474 | ``` 475 | 476 | - Generate mirror manifests metadata in staging directory for FBC CASE (Supported with ibm-pak version `v1.8.0` or higher) 477 | ``` 478 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --dry-run 479 | ``` 480 | 481 | - **Note:** Starting from `v1.9.0`, path compression can be used to install Cloud Paks into target registries with a restricted repository hierarchy . For more information on compression and sharding generated ICSP files, please refer here [documentation on compression and sharding registry paths](compression-sharding.md). 482 | 483 | - Generate mirror manifests for a target registry where path is compressed to `--max-components` value. (Supported with ibm-pak version `v1.9.0` or higher) 484 | - Max-components: 485 | - value of 0 or not called - default (nothing changes, all paths structure us used) 486 | - value of 1 - error (value not allowed) 487 | - value of 2 or more - paths compressed from right to left 488 | ``` 489 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --max-components 2 490 | ``` 491 | - Generate mirror manifests for mirroring images to an intermediate registry to a final registry. Where intermediate registry paths are compressed to satisfy the value of `--max-compoenents` and final registry paths are compressed to `--final-max-components` value. If `final-max-compoents` is set to default or `final-max-components` > `max-components`, `final-max-compoents` is set to `max-components` value. (Supported with ibm-pak version `v1.9.0` or higher) 492 | ``` 493 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak intermediate-registry.com --version 1.0.0 --final-registry myregistry.com --max-components 3 --final-max-components 2 494 | ``` 495 | 496 | - Generate mirror manifests for a target registry where path is compressed to `--max-components` value and ICSP is generated with sharding as per the `--max-icsp-size` value. (Supported with ibm-pak version `v1.9.0` or higher) 497 | ``` 498 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --max-components 2 --max-icsp-size 10000 499 | ``` 500 | 501 | - Generate mirror manifests for a target registry where path is compressed to `--max-components` value and IDMS is generated with sharding as per the `--max-idms-size` value. (Supported with ibm-pak version `v1.12.0` or higher) 502 | ``` 503 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --max-components 2 --max-idms-size 10000 504 | ``` 505 | 506 | - Generate mirror manifests with `restricted` securityContextConfig in generated catalog sources (Supported with ibm-pak version `v1.16.0` or higher) 507 | ``` 508 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --enable-restricted-scc 509 | ``` 510 | 511 | - Generate mirror manifests for `OLM` install method (Supported with ibm-pak version `v1.18.0` or higher) 512 | ``` 513 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --install-method OLM 514 | ``` 515 | 516 | - Generate mirror manifests for `helm` install method (Supported with ibm-pak version `v1.18.0` or higher) 517 | ``` 518 | oc ibm-pak generate mirror-manifests ibm-my-cloudpak myregistry.com --version 1.0.0 --install-method helm 519 | ``` 520 | 521 | # ibm-pak describe 522 | Describe command prints image lists, dependencies, registries and other information for this CASE 523 | 524 | Usage: 525 | ``` 526 | oc ibm-pak describe --version (--list-mirror-images) 527 | 528 | Flags: 529 | -h, --help help for describe 530 | --list-case-images [Deprecated] list images from downloaded CASE (required if --list-mirror-images is not used) 531 | --list-mirror-images list images from generated mirror manifests (required if --list-case-images is not used) 532 | -o, --output string Specify output format as json, yaml or "" 533 | --version string "case version" (required) 534 | ``` 535 | 536 | Example: 537 | - List mirror images: 538 | ``` 539 | oc ibm-pak describe ibm-my-cloudpak --version 1.0.0 --list-mirror-images 540 | ``` 541 | 542 | # ibm-pak generate online-manifests 543 | Generate online manifests for a CASE (Supported with ibm-pak version `v1.8.0` or higher) 544 | 545 | Usage: 546 | ``` 547 | oc ibm-pak generate online-manifests --version 548 | 549 | Flags: 550 | --authfile string Auth file path to override default location to pull catalog from registry requiring authentication (optional) 551 | --enable-restricted-scc if provided, generates catalog sources with restricted securityContextConfig (optional) 552 | -h, --help help for online-manifests 553 | --install-method string Install method to generate manifests as per install type. One of: [OLM, helm] (default "OLM") 554 | --version string the exact "case version" already downloaded by "oc ibm-pak get" (optional - assumes latest if not provided) 555 | ``` 556 | 557 | Example: 558 | - Generate online manifests 559 | ``` 560 | oc ibm-pak generate online-manifests ibm-my-cloudpak --version 1.0.0 561 | ``` 562 | 563 | - Generate online manifests with `restricted` securityContextConfig in generated catalog sources (Supported with ibm-pak version `v1.16.0` or higher) 564 | ``` 565 | oc ibm-pak generate online-manifests ibm-my-cloudpak --version 1.0.0 --enable-restricted-scc 566 | ``` 567 | 568 | - Generate online manifests for `OLM` install method (Supported with ibm-pak version `v1.18.0` or higher) 569 | ``` 570 | oc ibm-pak generate online-manifests ibm-my-cloudpak --version 1.0.0 --install-method OLM 571 | ``` 572 | 573 | - Generate online manifests for `helm` install method (Supported with ibm-pak version `v1.18.0` or higher) 574 | ``` 575 | oc ibm-pak generate online-manifests ibm-my-cloudpak --version 1.0.0 --install-method helm 576 | ``` 577 | 578 | # ibm-pak launch 579 | Launch a CASE into the targeted cluster. 580 | 581 | Usage: 582 | ``` 583 | oc ibm-pak launch --version [flags] 584 | 585 | Flags: 586 | -a, --action string the name of the action item launched 587 | -r, --args string other arguments 588 | --dry-run if provided, the location of the main-launch.sh script will be printed instead of executing the script 589 | -h, --help help for launch 590 | -i, --instance string the name of the instance of the target application (release) 591 | -e, --inventory string the name of the inventory item launched 592 | -n, --namespace string the name of the target namespace 593 | --verify if provided, additionally verifies the CASE before launching 594 | --version string the version of the CASE 595 | 596 | Environment Variables: 597 | IBMPAK_TOLERANCE_RETRY when set to false, launch script execution failure will not be retried 598 | when set to true, launch script execution failures will be retried without the --tolerance flag (default "true") 599 | IBMPAK_LAUNCH_SKIP_PREREQ_CHECK when set to true, will skip checking prerequisites in the launch framework (default "false") 600 | IBMPAK_HTTP_TIMEOUT Overrides the default HTTP timeout value used in client calls to external servers. Measured in seconds (default "20") 601 | IBMPAK_HTTP_RETRY Maximum http retry attempts, for example when a timeout is encountered on slow networks (default "3") 602 | ``` 603 | 604 | Example: 605 | - Install catalog 606 | ``` 607 | oc ibm-pak launch \ 608 | ibm-my-cloudpak \ 609 | --version 1.0.0 \ 610 | --action install-catalog \ 611 | --inventory ibmMyCloudpakOperatorSetup \ 612 | --namespace my-namespace \ 613 | --args "--registry myregistry.com --recursive --inputDir ~/.ibm-pak/data/cases/ibm-my-cloudpak/1.0.0" 614 | ``` 615 | 616 | - Install operator 617 | ``` 618 | oc ibm-pak launch \ 619 | ibm-my-cloudpak \ 620 | --version 1.0.0 \ 621 | --action install-operator \ 622 | --inventory ibmMyCloudpakOperatorSetup \ 623 | --namespace my-namespace 624 | ``` 625 | 626 | # ibm-pak list 627 | List CASEs available in the enabled repository or downloaded into the local directory by get command 628 | 629 | Usage: 630 | ``` 631 | oc ibm-pak list 632 | 633 | Flags: 634 | --case-name string print the list of all CASE images (separately printed for each version) matching the given case name 635 | --downloaded print the list of downloaded CASE images available locally 636 | -h, --help help for list 637 | -o, --output string Specify output format as json, yaml or "" 638 | ``` 639 | 640 | Example: 641 | - List all CASEs (available in the enabled repository) 642 | ``` 643 | oc ibm-pak list 644 | ``` 645 | 646 | - List all CASEs in json output 647 | ``` 648 | oc ibm-pak list -o json 649 | ``` 650 | 651 | - List downloaded CASEs (lists CASEs which were provided in the command line during `oc ibm-pak get` command) 652 | 653 | **Note:** It doesn’t list any dependent CASEs downloaded during the `oc ibm-pak get` command. 654 | ``` 655 | oc ibm-pak list --downloaded 656 | ``` 657 | 658 | - List downloaded CASEs in yaml output 659 | ``` 660 | oc ibm-pak list --downloaded -o yaml 661 | ``` 662 | 663 | - List all versions of CASE 664 | ``` 665 | oc ibm-pak list --case-name ibm-my-cloudpak 666 | ``` 667 | 668 | - List all versions of CASE in json output 669 | ``` 670 | oc ibm-pak list --case-name ibm-my-cloudpak -o json 671 | ``` 672 | 673 | - List downloaded versions of CASE 674 | ``` 675 | oc ibm-pak list --case-name ibm-my-cloudpak --downloaded 676 | ``` 677 | 678 | - List downloaded versions of CASE in yaml output 679 | ``` 680 | oc ibm-pak list --case-name ibm-my-cloudpak --downloaded -o yaml 681 | ``` 682 | 683 | # ibm-pak verify 684 | Verify the integrity of downloaded CASEs 685 | 686 | Usage: 687 | ``` 688 | oc ibm-pak verify [ [--version ]] 689 | 690 | Flags: 691 | -h, --help help for verify 692 | -o, --output string Specify output format as json, yaml or "" 693 | --version string CASE version 694 | ``` 695 | Examples: 696 | - Verify the integrity of all downloaded CASEs 697 | ``` 698 | oc ibm-pak verify 699 | ``` 700 | 701 | - Verify the integrity of all downloaded versions of a CASE 702 | ``` 703 | oc ibm-pak verify ibm-my-cloudpak 704 | ``` 705 | 706 | - Verify the integrity of a specific version of a downloaded CASE 707 | ``` 708 | oc ibm-pak verify ibm-my-cloudpak --version 1.0.0 709 | ``` -------------------------------------------------------------------------------- /docs/compression-sharding.md: -------------------------------------------------------------------------------- 1 | **Table of Contents** 2 | 3 | - [Generating mirror manifests with compressed registry paths](#generating-mirror-manifests-with-compressed-registry-paths) 4 | - [Compressing the target registry](#compressing-the-target-registry) 5 | - [Compressing the intermediate and final registries](#compressing-the-intermediate-and-final-registries) 6 | - [Sharding the image-digest-mirror-set.yaml and image-content-source-policy.yaml files](#sharding-the-image-digest-mirror-setyaml-and-image-content-source-policyyaml-files) 7 | 8 | # Generating mirror manifests with compressed registry paths 9 | 10 | Registry path compression, available with version `v1.9.0` of the ibm-pak plug-in, allows reducing the number of component paths in a target image repository by converting paths to dashes ("-"). This feature allows compressing the paths for both the intermediate and final registries. 11 | 12 | Compression is enabled using two flags: `--max-components` and `--final-max-components`, each supporting the following values: 13 | - `0` - compression disabled (default) 14 | - `>=2` - path components compressed from right to left to honor the value provided. 15 | 16 | For example, if the source repository path is `quay.io/org/subrepo/repo` and `--max-components 2` then it will be converted to `quay.io/org/subrepo-repo`. 17 | 18 | Registry path compression changes how the ImageDigestMirrorSet (IDMS) and ImageContentSourcePolicy (ICSP) resources are created: 19 | - When disabled (the default), the `imageDigestMirrors` of the IDMS (or `repositoryDigestMirrors` of the ICSP) contains one entry for each of the first component path (also known as the "namespace"), for example: `icr.io/cpopen`. 20 | - When enabled, the `imageDigestMirrors` of the IDMS (or `repositoryDigestMirrors` of the ICSP) is expanded to one entry per repository (the full image path). Because this can produce a large number of entries, sharding is used to divide the IDMS (or ICSP) into multiple resources. Learn more here: [Sharding IDMS and ICSP file](#sharding-the-image-digest-mirror-setyaml-and-image-content-source-policyyaml-files). 21 | 22 | > Note: All of the examples in this document use an abbreviated image digest of (`@sha256:123...`) for readability). 23 | 24 | 25 | ## Compressing the target registry 26 | 27 | Set the compression of the target registry's image repository paths by setting the `--max-components` flag. 28 | 29 | The `--max-components` value specifies the maximum number of path components allowed in a target registry image repository mapping (0: all paths used, 1: error - not allowed, 2 and more: paths compressed from right to left to honor the provided maximum components). 30 | 31 | Command format: 32 | 33 | ``` 34 | oc ibm-pak generate mirror-manifests --version --max-components 35 | ``` 36 | 37 | Generated files: 38 | 39 | ``` 40 | catalog-sources.yaml 41 | image-content-source-policy.yaml 42 | images-mapping.txt 43 | ``` 44 | 45 | What will be changed as a result of compression: 46 | 47 | 1. The `catalog-sources.yaml` `spec.image` changes as follows: 48 | 49 | Without compression: 50 | ``` 51 | image: registry.com/a/b/c/cpopen/ibm-cloudpak@sha256:123... 52 | ``` 53 | With `--max-components 2` compression: 54 | ``` 55 | image: registry.com/a/b-c-cpopen-ibm-cloudpak@sha256:123... 56 | ``` 57 | 58 | 2. The `image-content-source-policy.yaml` `spec.repositoryDigestMirrors` changes as follows (note the change from "namespace" to "repository" entries): 59 | 60 | Without compression (scoped to the source repository namespace / left-most path): 61 | ``` 62 | spec: 63 | repositoryDigestMirrors: 64 | - mirrors: 65 | - registry.com/a/b/c/kubebuilder 66 | source: gcr.io/kubebuilder 67 | - mirrors: 68 | - registry.com/a/b/c/cpopen 69 | source: icr.io/cpopen 70 | ``` 71 | 72 | With `--max-components 2` compression (scoped to the repository): 73 | ``` 74 | spec: 75 | repositoryDigestMirrors: 76 | - mirrors: 77 | - registry.com/a/b-c-kubebuilder-kube-rbac-proxy 78 | source: gcr.io/kubebuilder/kube-rbac-proxy 79 | - mirrors: 80 | - registry.com/a/b-c-cpopen-ibm-cloudpak-catalog 81 | source: icr.io/cpopen/ibm-cloudpak-catalog 82 | - mirrors: 83 | - registry.com/a/b-c-cpopen-ibm-cloudpak-operator 84 | source: icr.io/cpopen/ibm-cloudpak-operator 85 | - mirrors: 86 | - registry.com/a/b-c-cpopen-ibm-cloudpak-operator-bundle 87 | source: icr.io/cpopen/ibm-cloudpak-operator-bundle 88 | ``` 89 | 90 | 3. The `images-mapping.txt` changes all target paths (on the right of '=' sign): 91 | 92 | Without compression: 93 | ``` 94 | icr.io/cpopen/ibm-cloudpak-operator@sha256:123...=registry.com/a/b/c/cpopen/ibm-cloudpak-operator:v1.0.6 95 | ``` 96 | With `--max-components 2` compression: 97 | ``` 98 | icr.io/cpopen/ibm-cloudpak-operator@sha256:123...=registry.com/a/b-c-cpopen-ibm-cloudpak-operator:v1.0.6 99 | ``` 100 | 101 | 102 | ## Compressing the intermediate and final registries 103 | 104 | An intermediate registry is used for advanced use cases where the images must be mirrored to a intermediate file system or registry prior to mirroring to the final destination registry, and is enabled with the `--final-registry` flag: 105 | Source Registry -> Intermediate Target Registry -> Final Registry 106 | 107 | When using an intermediate registry for mirroring, the compression level can be set independently for the target and final registries by using the `--final-max-components` flag: 108 | 109 | - Use `--max-components` to set the number of path components allowed for target, intermediate registry. 110 | 111 | If the target registry is a filesystem path (starts with `file://`), compression will not be applied to path. 112 | 113 | - Use `--final-max-components` to override `--max-components`, and set the number of path components allowed for the final destination registry: 114 | 115 | The value provided to `--final-max-components` cannot be greater than value provided to `--max-components`. If `--final-max-components` is set to 0 (default) or is greater than `--max-components`, `--final-max-components` is set to the `--max-components` value. 116 | 117 | Command format: 118 | 119 | `oc ibm-pak generate mirror-manifests --version --final-registry --max-components --final-max-components ` 120 | 121 | Generated files (if intermediate registry is not a filepath): 122 | 123 | ``` 124 | catalog-sources.yaml 125 | image-content-source-policy.yaml 126 | images-mapping-to-registry.txt 127 | images-mapping-from-registry.txt 128 | ``` 129 | 130 | What will be changed because of compression: 131 | in the following examples we are using values: 132 | - `registry.com/a/b/c` - target registry (intermediate) 133 | - `finalreg.com/a/b/c` - final registry 134 | 135 | 1. The `catalog-sources.yaml` `spec.image` changes as follows: 136 | 137 | Without compression: 138 | ``` 139 | image: finalreg.com/a/b/c/cpopen/ibm-cloudpak-catalog@sha256:123... 140 | ``` 141 | With `--max-components 3` and `--final-max-components 2` compression: 142 | ``` 143 | image: finalreg.com/a/b-c-cpopen-ibm-cloudpak-catalog@sha256:123... 144 | ``` 145 | 146 | 2. The `image-content-source-policy.yaml` `spec.repositoryDigestMirrors` changes as follows: 147 | 148 | Without compression (scoped to the source repository namespace / left-most path): 149 | ``` 150 | spec: 151 | repositoryDigestMirrors: 152 | - mirrors: 153 | - finalreg.com/a/b/c/kubebuilder 154 | source: gcr.io/kubebuilder 155 | - mirrors: 156 | - finalreg.com/a/b/c/cpopen 157 | source: icr.io/cpopen 158 | ``` 159 | With `--max-components 3` and `--final-max-components 2` compression (scoped to the repository): 160 | ``` 161 | spec: 162 | repositoryDigestMirrors: 163 | - mirrors: 164 | - finalreg.com/a/b-c-kubebuilder-kube-rbac-proxy 165 | source: gcr.io/kubebuilder/kube-rbac-proxy 166 | - mirrors: 167 | - finalreg.com/a/b-c-cpopen-ibm-cloudpak-catalog 168 | source: icr.io/cpopen/ibm-cloudpak-catalog 169 | - mirrors: 170 | - finalreg.com/a/b-c-cpopen-ibm-cloudpak-operator 171 | source: icr.io/cpopen/ibm-cloudpak-operator 172 | - mirrors: 173 | - finalreg.com/a/b-c-cpopen-ibm-cloudpak-operator-bundle 174 | source: icr.io/cpopen/ibm-cloudpak-operator-bundle 175 | ``` 176 | 177 | 3. The `images-mapping-to-registry.txt`changes all target paths to the intermediate, target registry (`--max-components` value) as follows: 178 | 179 | Without compression: 180 | ``` 181 | icr.io/cpopen/ibm-cloudpak-operator@sha256:123...=registry.com/a/b/c/cpopen/ibm-cloudpak-operator:v1.0.6 182 | ``` 183 | With `--max-components 3` and `--final-max-components 2` compression: 184 | ``` 185 | icr.io/cpopen/ibm-cloudpak-operator@sha256:123...=registry.com/a/b/c-cpopen-ibm-cloudpak-operator:v1.0.6 186 | ``` 187 | 188 | 4. The `images-mapping-from-registry.txt` changes the source and target paths using the respective (`--max-components`and `--final-max-components` values) as follows: 189 | 190 | Without compression: 191 | ``` 192 | registry.com/a/b/c/cpopen/ibm-cloudpak-operator@sha256:123...=finalreg.com/a/b/c/cpopen/ibm-cloudpak-operator:v1.0.6 193 | 194 | ``` 195 | With `--max-components 3` and `--final-max-components 2` compression: 196 | ``` 197 | registry.com/a/b/c-cpopen-ibm-cloudpak-operator@sha256:123...=finalreg.com/a/b-c-cpopen-ibm-cloudpak-operator:v1.0.6 198 | ``` 199 | 200 | Generated files (if the intermediate registry is a filepath): 201 | 202 | ``` 203 | catalog-sources.yaml 204 | image-content-source-policy.yaml 205 | images-mapping-to-filesystem.txt 206 | images-mapping-from-filesystem.txt 207 | ``` 208 | Changes for the above will be analogous to files generated for registry scenario, except for filesystem paths that will not be compressed. 209 | 210 | 211 | # Sharding the image-digest-mirror-set.yaml and image-content-source-policy.yaml files 212 | 213 | Kubernetes resources have limits on the size of their content, so if you create a YAML that is too large, the resource won't be created when you apply the resource. To solve this problem, the resource is divided (sharded) into smaller sized resources and placed into a multi document YAML file (i.e., one file with multiple Kubernetes resources within it). 214 | 215 | IDMS and ICSP sharding is only used for `image-digest-mirror-set.yaml` and `image-content-source-policy.yaml` files created when compression is enabled, appending a `-` starting with 0 to each resource name. Use the `--max-idms-size` flag to override the maximum size of each ImageDigestMirrorSet resource. For ImageContentSourcePolicy resource use `--max-icsp-size` flag accordingly. 216 | 217 | Example. 218 | 1. The compressed `image-digest-mirror-set.yaml` with `--max-components 2` creates 1 shard: 219 | 220 | ``` 221 | apiVersion: config.openshift.io/v1 222 | kind: ImageDigestMirrorSet 223 | metadata: 224 | name: ibm-cloudpak-0 225 | spec: 226 | imageDigestMirrors: 227 | - mirrors: 228 | - registry.com/a/b-c-kubebuilder-kube-rbac-proxy 229 | source: gcr.io/kubebuilder/kube-rbac-proxy 230 | - mirrors: 231 | - registry.com/a/b-c-cpopen-ibm-cloudpak-catalog 232 | source: icr.io/cpopen/ibm-cloudpak-catalog 233 | - mirrors: 234 | - registry.com/a/b-c-cpopen-ibm-cloudpak-operator 235 | source: icr.io/cpopen/ibm-cloudpak-operator 236 | - mirrors: 237 | - registry.com/a/b-c-cpopen-ibm-cloudpak-operator-bundle 238 | source: icr.io/cpopen/ibm-cloudpak-operator-bundle 239 | ``` 240 | 241 | 2. The compressed `image-digest-mirror-set.yaml` with `--max-components 2` and `max-idms-size 400` creates 3 shards: 242 | 243 | ``` 244 | apiVersion: config.openshift.io/v1 245 | kind: ImageDigestMirrorSet 246 | metadata: 247 | name: ibm-cloudpak-0 248 | spec: 249 | imageDigestMirrors: 250 | - mirrors: 251 | - registry.com/a/b-c-kubebuilder-kube-rbac-proxy 252 | source: gcr.io/kubebuilder/kube-rbac-proxy 253 | - mirrors: 254 | - registry.com/a/b-c-cpopen-ibm-cloudpak-catalog 255 | source: icr.io/cpopen/ibm-cloudpak-catalog 256 | --- 257 | apiVersion: config.openshift.io/v1 258 | kind: ImageDigestMirrorSet 259 | metadata: 260 | name: ibm-cloudpak-1 261 | spec: 262 | imageDigestMirrors: 263 | - mirrors: 264 | - registry.com/a/b-c-cpopen-ibm-cloudpak-operator 265 | source: icr.io/cpopen/ibm-cloudpak-operator 266 | --- 267 | apiVersion: config.openshift.io/v1 268 | kind: ImageDigestMirrorSet 269 | metadata: 270 | name: ibm-cloudpak-2 271 | spec: 272 | imageDigestMirrors: 273 | - mirrors: 274 | - registry.com/a/b-c-cpopen-ibm-cloudpak-operator-bundle 275 | source: icr.io/cpopen/ibm-cloudpak-operator-bundle 276 | ``` 277 | 278 | -------------------------------------------------------------------------------- /docs/download-github.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | 4 | **Table of Contents** _generated with [DocToc](https://github.com/thlorenz/doctoc)_ 5 | 6 | - [Download plugin from github release](#download-plugin-from-github-release) 7 | - [MacOS](#macos) 8 | - [Linux x86-architecture](#linux-x86-architecture) 9 | - [Linux ppc64le-architecture](#linux-ppc64le-architecture) 10 | - [Linux s390x-architecture](#linux-s390x-architecture) 11 | - [Windows](#windows) 12 | - [Download public keys for ibm-pak versions less than v1.5.0](#download-public-keys-for-ibm-pak-versions-less-than-v150) 13 | - [Download public keys for ibm-pak versions greater than or equal to v1.5.0](#download-public-keys-for-ibm-pak-versions-greater-than-or-equal-to-v150) 14 | 15 | 16 | 17 | # Download plugin from github release 18 | 19 | ## MacOS 20 | 21 | Example using `curl`: 22 | 23 | ``` 24 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-darwin-amd64.tar.gz -o oc-ibm_pak-darwin-amd64.tar.gz 25 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-darwin-amd64.tar.gz.sig -o oc-ibm_pak-darwin-amd64.tar.gz.sig 26 | ``` 27 | 28 | Example using `wget`: 29 | 30 | ``` 31 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-darwin-amd64.tar.gz 32 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-darwin-amd64.tar.gz.sig 33 | ``` 34 | 35 | ## Linux x86-architecture 36 | 37 | Example using `curl`: 38 | 39 | ``` 40 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-amd64.tar.gz -o oc-ibm_pak-linux-amd64.tar.gz 41 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-amd64.tar.gz.sig -o oc-ibm_pak-linux-amd64.tar.gz.sig 42 | ``` 43 | 44 | Example using `wget`: 45 | 46 | ``` 47 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-amd64.tar.gz 48 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-amd64.tar.gz.sig 49 | ``` 50 | 51 | ## Linux ppc64le-architecture 52 | 53 | Example using `curl`: 54 | 55 | ``` 56 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-ppc64le.tar.gz -o oc-ibm_pak-linux-ppc64le.tar.gz 57 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-ppc64le.tar.gz.sig -o oc-ibm_pak-linux-ppc64le.tar.gz.sig 58 | ``` 59 | 60 | Example using `wget`: 61 | 62 | ``` 63 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-ppc64le.tar.gz 64 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-ppc64le.tar.gz.sig 65 | ``` 66 | 67 | ## Linux s390x-architecture 68 | 69 | Example using `curl`: 70 | 71 | ``` 72 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-s390x.tar.gz -o oc-ibm_pak-linux-s390x.tar.gz 73 | curl -L https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-s390x.tar.gz.sig -o oc-ibm_pak-linux-s390x.tar.gz.sig 74 | ``` 75 | 76 | Example using `wget`: 77 | 78 | ``` 79 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-s390x.tar.gz 80 | wget https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-linux-s390x.tar.gz.sig 81 | ``` 82 | 83 | ## Windows 84 | 85 | Example (from PowerShell) using `curl`: 86 | 87 | ``` 88 | curl https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-windows-amd64.tar.gz -o oc-ibm_pak-windows-amd64.tar.gz 89 | curl https://github.com/IBM/ibm-pak/releases/download/v1.18.1/oc-ibm_pak-windows-amd64.tar.gz.sig -o oc-ibm_pak-windows-amd64.tar.gz.sig 90 | ``` 91 | 92 | # Download public keys for ibm-pak versions less than v1.5.0 93 | 94 | Retrieve the latest public keys (example with wget): 95 | 96 | ``` 97 | wget https://raw.githubusercontent.com/IBM/ibm-pak/main/ibm-pak-plugin.pem 98 | wget https://raw.githubusercontent.com/IBM/ibm-pak/main/ibm-pak-plugin-chain0.pem 99 | wget https://raw.githubusercontent.com/IBM/ibm-pak/main/ibm-pak-plugin-chain1.pem 100 | ``` 101 | 102 | Retrieve the latest public keys (example with curl): 103 | 104 | ``` 105 | curl https://raw.githubusercontent.com/IBM/ibm-pak/main/ibm-pak-plugin.pem -o ibm-pak-plugin.pem 106 | curl https://raw.githubusercontent.com/IBM/ibm-pak/main/ibm-pak-plugin-chain0.pem -o ibm-pak-plugin-chain0.pem 107 | curl https://raw.githubusercontent.com/IBM/ibm-pak/main/ibm-pak-plugin-chain1.pem -o ibm-pak-plugin-chain1.pem 108 | ``` 109 | 110 | # Download public keys for ibm-pak versions greater than or equal to v1.5.0 111 | 112 | Retrieve the latest public keys (example with wget): 113 | 114 | ``` 115 | wget https://raw.githubusercontent.com/IBM/ibm-pak/main/certificates/ibm-pak-plugin.pem.cer 116 | wget https://raw.githubusercontent.com/IBM/ibm-pak/main/certificates/ibm-pak-plugin.pem.chain 117 | wget https://raw.githubusercontent.com/IBM/ibm-pak/main/certificates/ibm-pak-plugin.pem.pub.key 118 | ``` 119 | 120 | Retrieve the latest public keys (example with curl): 121 | 122 | ``` 123 | curl https://raw.githubusercontent.com/IBM/ibm-pak/main/certificates/ibm-pak-plugin.pem.cer -o ibm-pak-plugin.pem.cer 124 | curl https://raw.githubusercontent.com/IBM/ibm-pak/main/certificates/ibm-pak-plugin.pem.chain -o ibm-pak-plugin.pem.chain 125 | curl https://raw.githubusercontent.com/IBM/ibm-pak/main/certificates/ibm-pak-plugin.pem.pub.key -o ibm-pak-plugin.pem.pub.key 126 | ``` 127 | -------------------------------------------------------------------------------- /docs/verify-v2.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Download public keys](#download-public-keys) 6 | - [Check Certificate/Key Validity and Archives](#check-certificatekey-validity-and-archives) 7 | - [Check Certificate/Key Validity](#check-certificatekey-validity) 8 | - [Verify that the certificate/key is owned by IBM:](#verify-that-the-certificatekey-is-owned-by-ibm) 9 | - [Verify authenticity of certificate/key:](#verify-authenticity-of-certificatekey) 10 | - [Optionally Compare the certificate and the public key](#optionally-compare-the-certificate-and-the-public-key) 11 | - [Check public key details](#check-public-key-details) 12 | - [Check certficate details](#check-certficate-details) 13 | - [Verify Archive](#verify-archive) 14 | 15 | 16 | # Download public keys 17 | Please follow instructions provided [here](download-github.md#download-public-keys-for-ibm-pak-versions-greater-than-or-equal-to-v150) 18 | # Check Certificate/Key Validity and Archives 19 | 20 | * [Check Certificate/Key Validity](#check-certificate/key-validity) 21 | * [Optionally Validate Each Certificate Individually](#optionally-validate-each-certificate-individually) 22 | * [Verify Archive](#verify-archive) 23 | 24 | 25 | 26 | ## Check Certificate/Key Validity 27 | 28 | ### Verify that the certificate/key is owned by IBM: 29 | Note: On windows, run below commands from Git Bash 30 | 31 | ``` 32 | openssl x509 -inform pem -in ibm-pak-plugin.pem.cer -noout -text 33 | ``` 34 | 35 | ### Verify authenticity of certificate/key: 36 | 37 | ``` 38 | openssl ocsp -no_nonce -issuer ibm-pak-plugin.pem.chain -cert ibm-pak-plugin.pem.cer -VAfile ibm-pak-plugin.pem.chain -text -url http://ocsp.digicert.com -respout ocsptest 39 | ``` 40 | 41 | Should see a message that contains: 42 | 43 | `Response verify OK` 44 | 45 | ## Optionally Compare the certificate and the public key 46 | 47 | ### Check public key details 48 | 49 | ``` 50 | openssl rsa -noout -text -inform PEM -in ibm-pak-plugin.pem.pub.key -pubin 51 | ``` 52 | 53 | Make a note of modulus and Exponent 54 | 55 | ### Check certficate details 56 | 57 | ``` 58 | openssl x509 -inform pem -in ibm-pak-plugin.pem.cer -noout -text 59 | ``` 60 | 61 | Check the `Public-Key` section in the output and compare with previous result. 62 | 63 | 64 | ## Verify Archive 65 | 66 | We will verify oc-ibm_pak-linux-amd64.tar.gz. Steps will be same for other archives. 67 | 68 | Convert the signature from base64 to bytes 69 | 70 | ``` 71 | export ARCHIVE=oc-ibm_pak-linux-amd64.tar.gz 72 | openssl enc -d -A -base64 -in "${ARCHIVE}.sig" -out "/tmp/${ARCHIVE}.decoded.sig" 73 | ``` 74 | 75 | Verify the signature bytes: 76 | 77 | ``` 78 | export ARCHIVE=oc-ibm_pak-linux-amd64.tar.gz 79 | openssl dgst -verify ibm-pak-plugin.pem.pub.key -keyform PEM -sha256 -signature "/tmp/${ARCHIVE}.decoded.sig" -binary "${ARCHIVE}" 80 | ``` 81 | -------------------------------------------------------------------------------- /docs/verify.md: -------------------------------------------------------------------------------- 1 | 2 | 3 | **Table of Contents** *generated with [DocToc](https://github.com/thlorenz/doctoc)* 4 | 5 | - [Download public keys](#download-public-keys) 6 | - [Check Certificate/Key Validity and Archives](#check-certificatekey-validity-and-archives) 7 | - [Check Certificate/Key Validity](#check-certificatekey-validity) 8 | - [Verify that the certificate/key is owned by IBM:](#verify-that-the-certificatekey-is-owned-by-ibm) 9 | - [Verify authenticity of certificate/key:](#verify-authenticity-of-certificatekey) 10 | - [Optionally Validate Each Certificate Individually](#optionally-validate-each-certificate-individually) 11 | - [Verify that the certificate is still active:](#verify-that-the-certificate-is-still-active) 12 | - [Verify that the intermediate certificate is still active:](#verify-that-the-intermediate-certificate-is-still-active) 13 | - [Verify Archive](#verify-archive) 14 | 15 | 16 | # Download public keys 17 | Please follow instructions provided [here](download-github.md#download-public-keys-for-ibm-pak-versions-less-than-v150) 18 | 19 | # Check Certificate/Key Validity and Archives 20 | 21 | * [Check Certificate/Key Validity](#check-certificate/key-validity) 22 | * [Optionally Validate Each Certificate Individually](#optionally-validate-each-certificate-individually) 23 | * [Verify Archive](#verify-archive) 24 | 25 | ## Check Certificate/Key Validity 26 | 27 | ### Verify that the certificate/key is owned by IBM: 28 | Note: On windows, run below commands from Git Bash 29 | 30 | ``` 31 | openssl x509 -inform pem -in ibm-pak-plugin.pem -noout -text 32 | ``` 33 | 34 | ### Verify authenticity of certificate/key: 35 | 36 | ``` 37 | cat ibm-pak-plugin-chain0.pem > chain.pem 38 | cat ibm-pak-plugin-chain1.pem >> chain.pem 39 | 40 | openssl ocsp -no_nonce -issuer chain.pem -cert ibm-pak-plugin.pem -VAfile chain.pem -text -url http://ocsp.digicert.com -respout ocsptest 41 | ``` 42 | 43 | Should see a message that contains: 44 | 45 | `Response verify OK` 46 | 47 | ## Optionally Validate Each Certificate Individually 48 | 49 | ### Verify that the certificate is still active: 50 | 51 | ``` 52 | openssl ocsp -no_nonce -issuer ibm-pak-plugin-chain0.pem -cert ibm-pak-plugin.pem -VAfile ibm-pak-plugin-chain0.pem -text -url http://ocsp.digicert.com -respout ocsptest 53 | ``` 54 | 55 | Should see a message that contains: 56 | 57 | `Response verify OK` 58 | 59 | ### Verify that the intermediate certificate is still active: 60 | 61 | ``` 62 | openssl ocsp -no_nonce -issuer ibm-pak-plugin-chain1.pem -cert ibm-pak-plugin-chain0.pem -VAfile ibm-pak-plugin-chain1.pem -text -url http://ocsp.digicert.com -respout ocsptest 63 | ``` 64 | 65 | Should see a message that contains: 66 | 67 | `Response verify OK` 68 | 69 | 70 | ## Verify Archive 71 | 72 | After completing verification of the certificate, extract public key: 73 | 74 | ``` 75 | openssl x509 -pubkey -noout -in ibm-pak-plugin.pem > public.key 76 | ``` 77 | 78 | The public key is used to verify the tar archive: 79 | 80 | ``` 81 | openssl dgst -sha256 -verify public.key -signature 82 | ``` 83 | 84 | e.g. 85 | 86 | ``` 87 | openssl dgst -sha256 -verify public.key -signature oc-ibm_pak-linux-amd64.tar.gz.sig oc-ibm_pak-linux-amd64.tar.gz 88 | ``` 89 | 90 | Should see a message that contains: 91 | 92 | `Verified OK` -------------------------------------------------------------------------------- /ibm-pak-plugin-chain0.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIGsDCCBJigAwIBAgIQCK1AsmDSnEyfXs2pvZOu2TANBgkqhkiG9w0BAQwFADBi 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 5 | RzQwHhcNMjEwNDI5MDAwMDAwWhcNMzYwNDI4MjM1OTU5WjBpMQswCQYDVQQGEwJV 6 | UzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMTOERpZ2lDZXJ0IFRy 7 | dXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0IDIwMjEgQ0ExMIIC 8 | IjANBgkqhkiG9w0BAQEFAAOCAg8AMIICCgKCAgEA1bQvQtAorXi3XdU5WRuxiEL1 9 | M4zrPYGXcMW7xIUmMJ+kjmjYXPXrNCQH4UtP03hD9BfXHtr50tVnGlJPDqFX/IiZ 10 | wZHMgQM+TXAkZLON4gh9NH1MgFcSa0OamfLFOx/y78tHWhOmTLMBICXzENOLsvsI 11 | 8IrgnQnAZaf6mIBJNYc9URnokCF4RS6hnyzhGMIazMXuk0lwQjKP+8bqHPNlaJGi 12 | TUyCEUhSaN4QvRRXXegYE2XFf7JPhSxIpFaENdb5LpyqABXRN/4aBpTCfMjqGzLm 13 | ysL0p6MDDnSlrzm2q2AS4+jWufcx4dyt5Big2MEjR0ezoQ9uo6ttmAaDG7dqZy3S 14 | vUQakhCBj7A7CdfHmzJawv9qYFSLScGT7eG0XOBv6yb5jNWy+TgQ5urOkfW+0/tv 15 | k2E0XLyTRSiDNipmKF+wc86LJiUGsoPUXPYVGUztYuBeM/Lo6OwKp7ADK5GyNnm+ 16 | 960IHnWmZcy740hQ83eRGv7bUKJGyGFYmPV8AhY8gyitOYbs1LcNU9D4R+Z1MI3s 17 | MJN2FKZbS110YU0/EpF23r9Yy3IQKUHw1cVtJnZoEUETWJrcJisB9IlNWdt4z4FK 18 | PkBHX8mBUHOFECMhWWCKZFTBzCEa6DgZfGYczXg4RTCZT/9jT0y7qg0IU0F8WD1H 19 | s/q27IwyCQLMbDwMVhECAwEAAaOCAVkwggFVMBIGA1UdEwEB/wQIMAYBAf8CAQAw 20 | HQYDVR0OBBYEFGg34Ou2O/hfEYb7/mF7CIhl9E5CMB8GA1UdIwQYMBaAFOzX44LS 21 | cV1kTN8uZz/nupiuHA9PMA4GA1UdDwEB/wQEAwIBhjATBgNVHSUEDDAKBggrBgEF 22 | BQcDAzB3BggrBgEFBQcBAQRrMGkwJAYIKwYBBQUHMAGGGGh0dHA6Ly9vY3NwLmRp 23 | Z2ljZXJ0LmNvbTBBBggrBgEFBQcwAoY1aHR0cDovL2NhY2VydHMuZGlnaWNlcnQu 24 | Y29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5jcnQwQwYDVR0fBDwwOjA4oDagNIYy 25 | aHR0cDovL2NybDMuZGlnaWNlcnQuY29tL0RpZ2lDZXJ0VHJ1c3RlZFJvb3RHNC5j 26 | cmwwHAYDVR0gBBUwEzAHBgVngQwBAzAIBgZngQwBBAEwDQYJKoZIhvcNAQEMBQAD 27 | ggIBADojRD2NCHbuj7w6mdNW4AIapfhINPMstuZ0ZveUcrEAyq9sMCcTEp6QRJ9L 28 | /Z6jfCbVN7w6XUhtldU/SfQnuxaBRVD9nL22heB2fjdxyyL3WqqQz/WTauPrINHV 29 | UHmImoqKwba9oUgYftzYgBoRGRjNYZmBVvbJ43bnxOQbX0P4PpT/djk9ntSZz0rd 30 | KOtfJqGVWEjVGv7XJz/9kNF2ht0csGBc8w2o7uCJob054ThO2m67Np375SFTWsPK 31 | 6Wrxoj7bQ7gzyE84FJKZ9d3OVG3ZXQIUH0AzfAPilbLCIXVzUstG2MQ0HKKlS43N 32 | b3Y3LIU/Gs4m6Ri+kAewQ3+ViCCCcPDMyu/9KTVcH4k4Vfc3iosJocsL6TEa/y4Z 33 | XDlx4b6cpwoG1iZnt5LmTl/eeqxJzy6kdJKt2zyknIYf48FWGysj/4+16oh7cGvm 34 | oLr9Oj9FpsToFpFSi0HASIRLlk2rREDjjfAVKM7t8RhWByovEMQMCGQ8M4+uKIw8 35 | y4+ICw2/O/TOHnuO77Xry7fwdxPm5yg/rBKupS8ibEH5glwVZsxsDsrFhsP2JjMM 36 | B0ug0wcCampAMEhLNKhRILutG4UI4lkNbcoFUCvqShyepf2gpx8GdOfy1lKQ/a+F 37 | SCH5Vzu0nAPthkX0tGFuv2jiJmCG6sivqf6UHedjGzqGVnhO 38 | -----END CERTIFICATE----- 39 | -------------------------------------------------------------------------------- /ibm-pak-plugin-chain1.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIFkDCCA3igAwIBAgIQBZsbV56OITLiOQe9p3d1XDANBgkqhkiG9w0BAQwFADBi 3 | MQswCQYDVQQGEwJVUzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3 4 | d3cuZGlnaWNlcnQuY29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3Qg 5 | RzQwHhcNMTMwODAxMTIwMDAwWhcNMzgwMTE1MTIwMDAwWjBiMQswCQYDVQQGEwJV 6 | UzEVMBMGA1UEChMMRGlnaUNlcnQgSW5jMRkwFwYDVQQLExB3d3cuZGlnaWNlcnQu 7 | Y29tMSEwHwYDVQQDExhEaWdpQ2VydCBUcnVzdGVkIFJvb3QgRzQwggIiMA0GCSqG 8 | SIb3DQEBAQUAA4ICDwAwggIKAoICAQC/5pBzaN675F1KPDAiMGkz7MKnJS7JIT3y 9 | ithZwuEppz1Yq3aaza57G4QNxDAf8xukOBbrVsaXbR2rsnnyyhHS5F/WBTxSD1If 10 | xp4VpX6+n6lXFllVcq9ok3DCsrp1mWpzMpTREEQQLt+C8weE5nQ7bXHiLQwb7iDV 11 | ySAdYyktzuxeTsiT+CFhmzTrBcZe7FsavOvJz82sNEBfsXpm7nfISKhmV1efVFiO 12 | DCu3T6cw2Vbuyntd463JT17lNecxy9qTXtyOj4DatpGYQJB5w3jHtrHEtWoYOAMQ 13 | jdjUN6QuBX2I9YI+EJFwq1WCQTLX2wRzKm6RAXwhTNS8rhsDdV14Ztk6MUSaM0C/ 14 | CNdaSaTC5qmgZ92kJ7yhTzm1EVgX9yRcRo9k98FpiHaYdj1ZXUJ2h4mXaXpI8OCi 15 | EhtmmnTK3kse5w5jrubU75KSOp493ADkRSWJtppEGSt+wJS00mFt6zPZxd9LBADM 16 | fRyVw4/3IbKyEbe7f/LVjHAsQWCqsWMYRJUadmJ+9oCw++hkpjPRiQfhvbfmQ6QY 17 | uKZ3AeEPlAwhHbJUKSWJbOUOUlFHdL4mrLZBdd56rF+NP8m800ERElvlEFDrMcXK 18 | chYiCd98THU/Y+whX8QgUWtvsauGi0/C1kVfnSD8oR7FwI+isX4KJpn15GkvmB0t 19 | 9dmpsh3lGwIDAQABo0IwQDAPBgNVHRMBAf8EBTADAQH/MA4GA1UdDwEB/wQEAwIB 20 | hjAdBgNVHQ4EFgQU7NfjgtJxXWRM3y5nP+e6mK4cD08wDQYJKoZIhvcNAQEMBQAD 21 | ggIBALth2X2pbL4XxJEbw6GiAI3jZGgPVs93rnD5/ZpKmbnJeFwMDF/k5hQpVgs2 22 | SV1EY+CtnJYYZhsjDT156W1r1lT40jzBQ0CuHVD1UvyQO7uYmWlrx8GnqGikJ9yd 23 | +SeuMIW59mdNOj6PWTkiU0TryF0Dyu1Qen1iIQqAyHNm0aAFYF/opbSnr6j3bTWc 24 | fFqK1qI4mfN4i/RN0iAL3gTujJtHgXINwBQy7zBZLq7gcfJW5GqXb5JQbZaNaHqa 25 | sjYUegbyJLkJEVDXCLG4iXqEI2FCKeWjzaIgQdfRnGTZ6iahixTXTBmyUEFxPT9N 26 | cCOGDErcgdLMMpSEDQgJlxxPwO5rIHQw0uA5NBCFIRUBCOhVMt5xSdkoF1BN5r5N 27 | 0XWs0Mr7QbhDparTwwVETyw2m+L64kW4I1NsBm9nVX9GtUw/bihaeSbSpKhil9Ie 28 | 4u1Ki7wb/UdKDd9nZn6yW0HQO+T0O/QEY+nvwlQAUaCKKsnOeMzV6ocEGLPOr0mI 29 | r/OSmbaz5mEP0oUA51Aa5BuVnRmhuZyxm7EAHu/QD09CbMkKvO5D+jpxpchNJqU1 30 | /YldvIViHTLSoCtU7ZpXwdv6EM8Zt4tKG48BtieVU+i2iW1bvGjUI+iLUaJW+fCm 31 | gKDWHrO8Dw9TdSmq6hN35N6MgSGtBxBHEa2HPQfRdbzP82Z+ 32 | -----END CERTIFICATE----- 33 | -------------------------------------------------------------------------------- /ibm-pak-plugin.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIIHrDCCBZSgAwIBAgIQAjV3EHIbhM4LQo3GgUGlMzANBgkqhkiG9w0BAQsFADBp 3 | MQswCQYDVQQGEwJVUzEXMBUGA1UEChMORGlnaUNlcnQsIEluYy4xQTA/BgNVBAMT 4 | OERpZ2lDZXJ0IFRydXN0ZWQgRzQgQ29kZSBTaWduaW5nIFJTQTQwOTYgU0hBMzg0 5 | IDIwMjEgQ0ExMB4XDTIyMDQwMjAwMDAwMFoXDTI0MDQwMjIzNTk1OVowgbAxCzAJ 6 | BgNVBAYTAlVTMREwDwYDVQQIEwhOZXcgWW9yazEPMA0GA1UEBxMGQXJtb25rMTQw 7 | MgYDVQQKEytJbnRlcm5hdGlvbmFsIEJ1c2luZXNzIE1hY2hpbmVzIENvcnBvcmF0 8 | aW9uMREwDwYDVQQLEwhJQk0gQ0NTUzE0MDIGA1UEAxMrSW50ZXJuYXRpb25hbCBC 9 | dXNpbmVzcyBNYWNoaW5lcyBDb3Jwb3JhdGlvbjCCAiIwDQYJKoZIhvcNAQEBBQAD 10 | ggIPADCCAgoCggIBALf6sYMc7SqOee7IIi0w384rx9HQ90G4g5x4Lrp7ez+sCl8Q 11 | Nuc6oYhEGr0E1Pgau4ncyZxMAWReqAivI5yOliFLMQ2qJ/0EC6vqc8kARuFnZmGu 12 | Ki2ZsZGnNCoblkv+dKFam3aMuUOSlHN12EahbGIpkTnqu9z5gZ5n5LSyeGluEvSS 13 | N9668GIY58TOxispYqaTGFoxdSh5JlW0VWMg6lB8Jvi3JZlNp+JeRqAzx90YAAER 14 | /xhZfMR/wKemb32hBvd4euP93NX1Osz09JDnxS0gYuAKpPyxcMielmVtetsvXGZs 15 | dy/MZvnQOc6xx6GdC9kqDJb9YHFwUUjwUkrXNVOk6dqkDWn1n12T1aOPdULAoThS 16 | oYT7UrA88FOxJhM+xjXpYPuP1C9Rwz9bYTp9ZFsMiLT5eIamW0aXsP72NFUm0CEl 17 | REmdUe3U5Dh7iA9UXorGl4opBn4iN0VG2rtnCU/hKgux3VzN5WD8nZ8hKBeeC4wE 18 | 1CTmfwve/wQdu3eMiwz3XFUZGgE1S6mIsQfGUD6wWNXw5+7VXdS61NmQ9pI9PuJv 19 | KgpN7QTHDNSvyEeC/aXtuxVlKz/P0dV9is1xUGk2K8OqIRwFBiOPxRmp7d40Ov2l 20 | ONHsFs6XP+PDacfDdA24IW/JAwiqGBtdaeqCIeSEuL7rndBY66bWQDsBJ6+7AgMB 21 | AAGjggIGMIICAjAfBgNVHSMEGDAWgBRoN+Drtjv4XxGG+/5hewiIZfROQjAdBgNV 22 | HQ4EFgQU3ZCZn9rwFEtjdNPWqgTwfsw18JswDgYDVR0PAQH/BAQDAgeAMBMGA1Ud 23 | JQQMMAoGCCsGAQUFBwMDMIG1BgNVHR8Ega0wgaowU6BRoE+GTWh0dHA6Ly9jcmwz 24 | LmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVTaWduaW5nUlNBNDA5 25 | NlNIQTM4NDIwMjFDQTEuY3JsMFOgUaBPhk1odHRwOi8vY3JsNC5kaWdpY2VydC5j 26 | b20vRGlnaUNlcnRUcnVzdGVkRzRDb2RlU2lnbmluZ1JTQTQwOTZTSEEzODQyMDIx 27 | Q0ExLmNybDA+BgNVHSAENzA1MDMGBmeBDAEEATApMCcGCCsGAQUFBwIBFhtodHRw 28 | Oi8vd3d3LmRpZ2ljZXJ0LmNvbS9DUFMwgZQGCCsGAQUFBwEBBIGHMIGEMCQGCCsG 29 | AQUFBzABhhhodHRwOi8vb2NzcC5kaWdpY2VydC5jb20wXAYIKwYBBQUHMAKGUGh0 30 | dHA6Ly9jYWNlcnRzLmRpZ2ljZXJ0LmNvbS9EaWdpQ2VydFRydXN0ZWRHNENvZGVT 31 | aWduaW5nUlNBNDA5NlNIQTM4NDIwMjFDQTEuY3J0MAwGA1UdEwEB/wQCMAAwDQYJ 32 | KoZIhvcNAQELBQADggIBAEOydFvbUxxrbHLSncFa47lnLvqhb6F++T+XHn5X3Yzq 33 | H4Apf5CaBi3U1uZHeLYRckVigoN9VtsaqNd8+hgRnKlxtwpotdM9VcWnvVd0Wuhi 34 | 7XbFvyX8rBIiIUH0LeW/0M9JXyUMa3+OB/WaMGx+YENEhVEVMIx+eSEvTk4LIsJC 35 | Bqdq4qVvSLzE5ax6zVIBgWi5eLUEb480fL9a5wOdiCA/8JT1geIVOIUyvsky+xPT 36 | 7RMUD5w2xffZT5UpYaLFz23j0zuhG0zz7/9NXppSt70feueHteMA5KyoePopAV9I 37 | 4sqW+6FEkdJde2ZZtHU4lgkigoYAim3/koCLQ9I7VDhw51+n614zOFsIJS6c6uZd 38 | mn7vD/E4iTD88DjtPI9B8hjsGg+/bCYzoCRsm0ZW7QrtiFGeZUlZurhfFezrjYBM 39 | imVQf5PSDfyu2olAZ/iX7ohQKBEq4I+jsMHvtwLGV0sDLp/gmyz62UgS4UOSuBKw 40 | lf8o1doWfdEauwxWh6RBd6713dQoCxu95mbwJfslBty6mnltR8Hzkjyv4QSWwXlg 41 | SC/3H60Xj54jhLzz7sp6vkz89zVy67S8ZHwAL5bD/8p558ujy8HNCxhBqOqrHS7o 42 | X6XyHqA9xzC06lXGqdI3C6v+65NkcT39hVYKqZCaQlCg17Exw7viH9tjIVsdI/ab 43 | -----END CERTIFICATE----- 44 | --------------------------------------------------------------------------------