Configuring the Bastion host

You must configure the Bastion host to mirror the images of Rational® Test Automation Server from IBM Entitled Registry to the Red Hat OpenShift Container Platform (OCP) cluster.

Before you begin

You must have performed the following tasks:

Completed the tasks provided in the Prerequisites section. See Prerequisites for installing the server software in an air-gapped environment.
Copied the Entitlement key from the Container software library.

Procedure

Log in to your OCP cluster as a cluster administrator by running the oc login command.
Run the following command to confirm that the container registry is accessible from the Bastion host:
```
oc get routes -n openshift-image-registry
```
Optional: Create a route to provide external access to the container registry if no resources are found:
```
oc patch configs.imageregistry.operator.openshift.io/cluster \
--patch '{"spec":{"defaultRoute":true}}' --type=merge
```
Create a namespace for the internal registry to host the mirror images:
```
oc new-project cp
```
Note: The cp is the name of the namespace and it is required to pull the images from IBM Entitled Registry.
Create the following environment variables with the image name and download the images of Rational® Test Automation Server to the offline store by running the following commands:
Before mirroring images of Rational® Test Automation Server, you must set the environment variables on your Bastion host, and connect to the internet so that you can download the corresponding CASE files from IBM Entitled Registry.
```
export CASE_NAME=ibm-rtas-case
export CASE_VERSION=8.1023.0
export CASE_ARCHIVE=${CASE_NAME}-${CASE_VERSION}.tgz
export CASE_REMOTE_PATH=https://github.com/IBM/cloud-pak/raw/master/repo/case/${CASE_ARCHIVE}
export OFFLINEDIR=$HOME/offline

cloudctl case save \
--case $CASE_REMOTE_PATH \
--outputdir $OFFLINEDIR
```
Run the following commands to store credentials to authenticate IBM Entitled Registry:
The images of Rational® Test Automation Server are within IBM Entitled Registry. You must log in to IBM Entitled Registry to access source images and log in to your internal registry that acts as a local registry when you copy the images.
```
export ENTITLEMENT_KEY=YOUR_ENTITLEMENT_KEY
export CASE_INVENTORY_SETUP=ibmRtasProd

cloudctl case launch \
--case $OFFLINEDIR/$CASE_ARCHIVE \
--inventory $CASE_INVENTORY_SETUP \
--action configure-creds-airgap \
--args "--registry cp.icr.io --user cp --pass $ENTITLEMENT_KEY"
```
Note: You must replace YOUR_ENTITLEMENT_KEY with the key that you copied from the Container software library.

Run the following commands to store credentials to authenticate the local Docker registry:

export LOCAL_DOCKER_REGISTRY=$(oc get route default-route -n openshift-image-registry -o jsonpath='{.spec.host}')
export LOCAL_DOCKER_USER=UNUSED
export LOCAL_DOCKER_PASSWORD=$(oc whoami -t)

cloudctl case launch \
--case $OFFLINEDIR/$CASE_ARCHIVE \
--inventory $CASE_INVENTORY_SETUP \
--action configure-creds-airgap \
--args "--registry $LOCAL_DOCKER_REGISTRY --user $LOCAL_DOCKER_USER --pass $LOCAL_DOCKER_PASSWORD"

Run the following command to mirror the images from IBM Entitled Registry to the local Docker registry:

cloudctl case launch \
--case $OFFLINEDIR/$CASE_ARCHIVE \
--inventory $CASE_INVENTORY_SETUP \
--action mirror-images \
--args "--registry $LOCAL_DOCKER_REGISTRY --inputDir $OFFLINEDIR"

Run the following commands to configure the OCP cluster where Rational® Test Automation Server needs to be installed with a global pull secret for the local Docker registry:
By using the global pull secret, the OCP cluster can pull the images of Rational® Test Automation Server from your local Docker registry instead of IBM Entitled Registry.
```
cloudctl case launch \
--case $OFFLINEDIR/$CASE_ARCHIVE \
--inventory $CASE_INVENTORY_SETUP \
--action configure-cluster-airgap \
--namespace default \
--args "--registry $LOCAL_DOCKER_REGISTRY --inputDir $OFFLINEDIR"
```
Notes:
- After you perform step 9, the cluster restarts all the nodes.
- The namespace argument is required for legacy reasons, its value can be any namespace that exists.
Run the following command to extract the mirrored images:
```
tar xf $OFFLINEDIR/charts/ibm-rtas-prod-8.1023.0.tgz
```

Results

You have configured the Bastion host and mirrored the images of Rational® Test Automation Server.

What to do next

You can install the server software on your restricted OCP. See Installing the server software in an air-gapped environment.