Command Reference

This table provides the most frequently used commands in the Mirantis Secure Registry (MSR) migration tool, along with their equivalent entities in both source MSR and target MSR 4.

Command

MSR 2.9 / MSR 3.1

MSR 4

-a, –all

All options below

All options below

-p, –projects

repositories

project, project_metadata, quota, quota_usage

-m, –members

repository_team_access

project_member

-g, –groups

teams

user_group

-l, –poll-mirroring

poll_mirroring_policies

replication_policy, registry

-s, –push-mirroring

push_mirroring_policies

replication_policy, registry

Command details

This section provides detailed breakdown of each command used in the MSR migration tool, including behavior, transformations, and the database tables affected.

-c/–config

Displays the active configuration and then exits.

-p/–project

Exports repositories and namespaces. A namespace name is prefixed to repository name to avoid issues with accessLevel permissions. The project_metadata table on MSR 4 is populated with information such as auto_scan (from scanOnPush on MSR) or public (from visibility on MSR).

Additionally, quota and quota_usage tables on MSR 4 are populated during project migration. These tables reference the project_id. During migration, the tool initializes:

  • quota to infinity (-1)

  • quota_usage to 0

-m/–members

Exports team permissions. In MSR 4, project membership is per project, not per repository. Therefore, a team on MSR 2.9 or MSR 3.1 is migrated as a project member on MSR 4.

The repository_team_access table, which contains teamId and repositoryId mappings, is used to populate the project_member table by referencing a project_id. Therefore, projects must be created before this step; otherwise, an error will occur. Each team is assigned an entity_type of group, and roles are mapped as shown in the table below.

Team role mapping:

MSR 2.9 / MSR 3.1 Role

MSR 2.9 / MSR 3.1 Permissions

MSR 4 Role

MSR 4 Permissions

MSR 4 DB Role Type

admin

All permissions on given repository

Project Admin

All permissions on given repository

1

read-write

Same as read-only + Push + Start Scan + Delete Tags

Maintainer

Same as Limited Guest + Push + Start Scan + Create/Delete Tags + etc

4

read-only

View/Browse + Pull

Limited Guest

See a list of repositories + See a list of images + Pull Images + etc

5

-g/–groups

Exports LDAP groups. Because group names must be unique in MSR 4, each group is prefixed with its organization name in the format <organization>-<group name>. This naming convention helps prevent name collisions. The LDAP group distinguished name (DN) in MSR 4 is set using the groupDN field from Enzi.

Exporting LDAP groups only migrates the group definitions, it does not include memberships or permissions. To migrate those, use the --members command.

-l/–poll-mirroring

Exports all poll mirroring policies.

  • Stored in the replication_policies table.

  • Requires external registry entries, repositories to pull from.

  • Data is saved in a project, hence projects must be created beforehand.

  • Policies are prefixed with pull-.

  • Trigger is set to manual by default (no cron job is set).

-s/–push-mirroring

Exports all push mirroring policies.

  • Stored in the replication_policies table.

  • Requires external registry entries, repositories to pull from.

  • Data is saved in a project, hence projects must be created beforehand.

  • Policies are prefixed with push-.

  • Trigger is set to manual by default (no cron job is set).

-i/–trigger-replication-rules

Triggers all replication rules starting with migration-rule- using the cron schedule set in REPLICATION_TRIGGER_CRON.

-j/–remove-replication-rules-trigger

Removes cron trigger from all migration-rule- replication rules by setting them to manual.

-k/–delete-migration-rules

Deletes all replication rules starting with migration-rule-. Data is recoverable with the -p option.

-w/–trigger-push-replication-rules

Adds a cron job trigger to all push mirroring policies using the REPLICATION_TRIGGER_CRON value.

-x/–remove-push-replication-rules-trigger

Removes all cron schedules from push replication rules. Sets them to manual.

-y/–trigger-pull-replication-rules

Adds a cron job trigger to all poll mirroring policies using REPLICATION_TRIGGER_CRON.

-z/–remove-pull-replication-rules-trigger

Removes all cron schedules from pull replication rules. Sets them to manual.

-e/–export-all-replication-rules

Exports all rows contained in the replication_policy table from MSR 4 database.