OSDOCS-11850: migrating disconnected OLM content

Author: skopacz1

_topic_maps/_topic_map.yml

@@ -127,6 +127,9 @@ Topics:
       File: installing-mirroring-disconnected
     - Name: Mirroring images for a disconnected installation using oc-mirror plugin v2
       File: about-installing-oc-mirror-v2
+- Name: Using OLM in disconnected environments
+  File: using-olm
+  Distros: openshift-origin,openshift-enterprise
 - Name: Updating a cluster in a disconnected environment
   Dir: updating
   Topics:
@@ -1890,7 +1893,7 @@ Topics:
   - Name: Managing custom catalogs
     File: olm-managing-custom-catalogs
     Distros: openshift-origin,openshift-enterprise
-  - Name: Using OLM on restricted networks
+  - Name: Using OLM in disconnected environments
     File: olm-restricted-networks
     Distros: openshift-origin,openshift-enterprise
   - Name: Catalog source pod scheduling

backup_and_restore/application_backup_and_restore/aws-sts/oadp-aws-sts.adoc

@@ -12,7 +12,7 @@ include::snippets/oadp-mtc-operator.adoc[]
 
 You configure {aws-short} for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] for details.
 
 You can install {oadp-short} on an AWS {sts-first} (AWS STS) cluster manually. Amazon {aws-short} provides {aws-short} STS as a web service that enables you to request temporary, limited-privilege credentials for users. You use STS to provide trusted users with temporary access to resources via API calls, your {aws-short} console, or the {aws-short} command line interface (CLI).
 

backup_and_restore/application_backup_and_restore/installing/installing-oadp-aws.adoc

@@ -17,7 +17,7 @@ include::snippets/oadp-mtc-operator.adoc[]
 
 You configure AWS for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] for details.
 
 
 //include::modules/oadp-installing-operator.adoc[leveloffset=+1]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-azure.adoc

@@ -15,7 +15,7 @@ include::snippets/oadp-mtc-operator.adoc[]
 
 You configure Azure for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] for details.
 
 // include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-azure.adoc[leveloffset=+1]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-gcp.adoc

@@ -15,7 +15,7 @@ include::snippets/oadp-mtc-operator.adoc[]
 
 You configure GCP for Velero, create a default `Secret`, and then install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] for details.
 
 //include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-gcp.adoc[leveloffset=+1]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-kubevirt.adoc

@@ -30,7 +30,7 @@ The following storage options are excluded:
 
 For more information, see xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/oadp-backing-up-applications-restic-doc.adoc#oadp-backing-up-applications-restic-doc[Backing up applications with File System Backup: Kopia or Restic].
 ====
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for details.
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. See xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] for details.
 
 include::modules/install-and-configure-oadp-kubevirt.adoc[leveloffset=+1]
 
@@ -40,7 +40,7 @@ include::modules/install-and-configure-oadp-kubevirt.adoc[leveloffset=+1]
 * xref:../../../backup_and_restore/application_backup_and_restore/oadp-features-plugins.adoc#oadp-plugins_oadp-features-plugins[{oadp-short} plugins]
 * xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/backing-up-applications.adoc#backing-up-applications[`Backup` custom resource (CR)]
 * xref:../../../backup_and_restore/application_backup_and_restore/backing_up_and_restoring/restoring-applications.adoc#restoring-applications[`Restore` CR]
-* xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]
+* xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments]
 
 include::modules/oadp-installing-dpa-1-3.adoc[leveloffset=+1]
 include::modules/oadp-configuring-node-agents.adoc[leveloffset=+2]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-mcg.adoc

@@ -22,7 +22,7 @@ include::snippets/technology-preview.adoc[]
 
 You create a `Secret` for the backup location and then you install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments].
 
 //include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/migration-configuring-mcg.adoc[leveloffset=+1]

backup_and_restore/application_backup_and_restore/installing/installing-oadp-ocs.adoc

@@ -20,7 +20,7 @@ include::snippets/technology-preview.adoc[]
 
 You create a `Secret` for the backup location and then you install the Data Protection Application. For more details, see xref:../../..//backup_and_restore/application_backup_and_restore/installing/oadp-installing-operator.adoc#oadp-installing-operator-doc[Installing the OADP Operator].
 
-To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
+To install the OADP Operator in a restricted network environment, you must first disable the default OperatorHub sources and mirror the Operator catalog. For details, see xref:../../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments].
 
 //include::modules/oadp-installing-operator.adoc[leveloffset=+1]
 include::modules/oadp-about-backup-snapshot-locations-secrets.adoc[leveloffset=+1]

disconnected/connected-to-disconnected.adoc

@@ -46,7 +46,7 @@ include::modules/connected-to-disconnected-mirror-images.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* For more information about mirroring Operator catalogs, see xref:../operators/admin/olm-restricted-networks.adoc#olm-mirror-catalog_olm-restricted-networks[Mirroring an Operator catalog].
+* For more information about mirroring Operator catalogs, see xref:../disconnected/using-olm.adoc#olm-mirror-catalog_olm-restricted-networks[Mirroring an Operator catalog].
 * For more information about the `oc adm catalog mirror` command, see the xref:../cli_reference/openshift_cli/administrator-cli-commands.adoc#oc-adm-catalog-mirror[OpenShift CLI administrator command reference].
 
 include::modules/connected-to-disconnected-config-registry.adoc[leveloffset=+1]

disconnected/mirroring/installing-mirroring-installation-images.adoc

@@ -85,7 +85,7 @@ include::modules/olm-mirroring-catalog.adoc[leveloffset=+1]
 [role="_additional-resources"]
 .Additional resources
 
-* xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]
+* xref:../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments]
 
 [id="olm-mirror-catalog-prerequisites_installing-mirroring-installation-images"]
 === Prerequisites

disconnected/updating/disconnected-update-osus.adoc

@@ -73,7 +73,7 @@ To install the OpenShift Update Service, you must first install the OpenShift Up
 
 [NOTE]
 ====
-For clusters that are installed in disconnected environments, also known as disconnected clusters, Operator Lifecycle Manager by default cannot access the Red Hat-provided OperatorHub sources hosted on remote registries because those remote sources require full internet connectivity. For more information, see xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks].
+For clusters that are installed in disconnected environments, also known as disconnected clusters, Operator Lifecycle Manager by default cannot access the Red Hat-provided OperatorHub sources hosted on remote registries because those remote sources require full internet connectivity. For more information, see xref:../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments].
 ====
 
 // Installing the OpenShift Update Service Operator by using the web console
@@ -134,7 +134,7 @@ The Cluster Version Operator (CVO) uses release image signatures to ensure that
 [NOTE]
 ====
 If you have not recently installed or updated the OpenShift Update Service Operator, there might be a more recent version available.
-See xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks] for more information about how to update your OLM catalog in a disconnected environment.
+See xref:../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments] for more information about how to update your OLM catalog in a disconnected environment.
 ====
 
 After you configure your cluster to use the installed OpenShift Update Service and local mirror registry, you can use any of the following update methods:

disconnected/updating/disconnected-update.adoc

@@ -61,6 +61,6 @@ include::modules/generating-icsp-object-scoped-to-a-registry.adoc[leveloffset=+1
 [role="_additional-resources"]
 == Additional resources
 
-* xref:../../operators/admin/olm-restricted-networks.adoc#olm-restricted-networks[Using Operator Lifecycle Manager on restricted networks]
+* xref:../../disconnected/using-olm.adoc#olm-restricted-networks[Using Operator Lifecycle Manager in disconnected environments]
 
 * xref:../../machine_configuration/index.adoc#machine-config-overview[Machine Config Overview]

disconnected/using-olm.adoc

@@ -0,0 +1,79 @@
+:_mod-docs-content-type: ASSEMBLY
+[id="olm-restricted-networks"]
+= Using Operator Lifecycle Manager in disconnected environments
+include::_attributes/common-attributes.adoc[]
+:context: olm-restricted-networks
+
+toc::[]
+
+For {product-title} clusters in disconnected environments, Operator Lifecycle Manager (OLM) by default cannot access the Red{nbsp}Hat-provided OperatorHub sources hosted on remote registries because those remote sources require full internet connectivity.
+
+However, as a cluster administrator you can still enable your cluster to use OLM in a disconnected environment if you have a workstation that has full internet access. The workstation, which requires full internet access to pull the remote OperatorHub content, is used to prepare local mirrors of the remote sources, and push the content to a mirror registry.
+
+The mirror registry can be located on a bastion host, which requires connectivity to both your workstation and the disconnected cluster, or a completely disconnected, or _airgapped_, host, which requires removable media to physically move the mirrored content to the disconnected environment.
+
+This guide describes the following process that is required to enable OLM in disconnected environments:
+
+* Disable the default remote OperatorHub sources for OLM.
+* Use a workstation with full internet access to create and push local mirrors of the OperatorHub content to a mirror registry.
+* Configure OLM to install and manage Operators from local sources on the mirror registry instead of the default remote sources.
+
+After enabling OLM in a disconnected environment, you can continue to use your unrestricted workstation to keep your local OperatorHub sources updated as newer versions of Operators are released.
+
+[IMPORTANT]
+====
+While OLM can manage Operators from local sources, the ability for a given Operator to run successfully in a disconnected environment still depends on the Operator itself meeting the following criteria:
+
+* List any related images, or other container images that the Operator might require to perform their functions, in the `relatedImages` parameter of its `ClusterServiceVersion` (CSV) object.
+* Reference all specified images by a digest (SHA) and not by a tag.
+
+You can search software on the link:https://catalog.redhat.com/software/search?p=1&deployed_as=Operator&type=Containerized%20application&badges_and_features=Disconnected[Red{nbsp}Hat Ecosystem Catalog] for a list of Red{nbsp}Hat Operators that support running in disconnected mode by filtering with the following selections:
+
+[horizontal]
+Type:: Containerized application
+Deployment method:: Operator
+Infrastructure features:: Disconnected
+====
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../operators/understanding/olm-rh-catalogs.adoc#olm-rh-catalogs[Red{nbsp}Hat-provided Operator catalogs]
+* xref:../operators/operator_sdk/osdk-generating-csvs.adoc#olm-enabling-operator-for-restricted-network_osdk-generating-csvs[Enabling your Operator for restricted network environments]
+
+[id="olm-restricted-network-prereqs"]
+== Prerequisites
+
+* You are logged in to your {product-title} cluster as a user with `cluster-admin` privileges.
+
+* If you are using OLM in a disconnected environment on {ibm-z-name}, you must have at least 12 GB allocated to the directory where you place your registry.
+
+include::modules/olm-restricted-networks-configuring-operatorhub.adoc[leveloffset=+1]
+
+[id="olm-mirror-catalog_olm-restricted-networks"]
+== Mirroring an Operator catalog
+
+For instructions about mirroring Operator catalogs for use with disconnected clusters, see xref:../disconnected/mirroring/installing-mirroring-installation-images.adoc#olm-mirror-catalog_installing-mirroring-installation-images[Mirroring Operator catalogs for use with disconnected clusters].
+
+[IMPORTANT]
+====
+As of {product-title} 4.11, the default Red{nbsp}Hat-provided Operator catalog releases in the file-based catalog format. The default Red{nbsp}Hat-provided Operator catalogs for {product-title} 4.6 through 4.10 released in the deprecated SQLite database format.
+
+The `opm` subcommands, flags, and functionality related to the SQLite database format are also deprecated and will be removed in a future release. The features are still supported and must be used for catalogs that use the deprecated SQLite database format.
+
+Many of the `opm` subcommands and flags for working with the SQLite database format, such as `opm index prune`, do not work with the file-based catalog format. For more information about working with file-based catalogs, see xref:../operators/understanding/olm-packaging-format.adoc#olm-file-based-catalogs_olm-packaging-format[Operator Framework packaging format], xref:../operators/admin/olm-managing-custom-catalogs.adoc#olm-managing-custom-catalogs-fb[Managing custom catalogs], and xref:../disconnected/mirroring/installing-mirroring-disconnected.adoc#installing-mirroring-disconnected[Mirroring images for a disconnected installation using the oc-mirror plugin].
+====
+
+include::modules/olm-creating-catalog-from-index.adoc[leveloffset=+1]
+
+[role="_additional-resources"]
+.Additional resources
+
+* xref:../operators/admin/olm-managing-custom-catalogs.adoc#olm-accessing-images-private-registries_olm-managing-custom-catalogs[Accessing images for Operators from private registries]
+* xref:../operators/understanding/olm/olm-understanding-olm.adoc#olm-catalogsource-image-template_olm-understanding-olm[Image template for custom catalog sources]
+* xref:../openshift_images/managing_images/image-pull-policy.adoc#image-pull-policy[Image pull policy]
+
+[id="next-steps_olm-restricted-networks"]
+== Next steps
+
+* xref:../operators/admin/olm-upgrading-operators.adoc#olm-upgrading-operators[Updating installed Operators]

edge_computing/ztp-preparing-the-hub-cluster.adoc

@@ -26,7 +26,7 @@ include::modules/ztp-acm-installing-disconnected-rhacm.adoc[leveloffset=+1]
 
 * xref:../edge_computing/cnf-talm-for-cluster-upgrades.adoc#installing-topology-aware-lifecycle-manager-using-cli_cnf-topology-aware-lifecycle-manager[Installing {cgu-operator}]
 
-* xref:../operators/admin/olm-restricted-networks.adoc#olm-mirror-catalog_olm-restricted-networks[Mirroring an Operator catalog]
+* xref:../disconnected/using-olm.adoc#olm-mirror-catalog_olm-restricted-networks[Mirroring an Operator catalog]
 
 include::modules/ztp-acm-adding-images-to-mirror-registry.adoc[leveloffset=+1]