I have been working on an installation of OKD on an air-gapped environment. The first major step has been mirroring the OKD images so that they can be moved over to the new environment and pulled locally. I've been following a combination of the OpenShift documentation and this article, as well as this resource for getting my certificates set up. I have been making slow but consistent progress.

However, I am now having trouble when attempting to actually mirror the files using

oc adm -a ${LOCAL_SECRET_JSON} release mirror \ 
--from=quay.io/${PRODUCT_REPO}/${RELEASE_NAME}:${OCP_RELEASE}-${ARCHITECTURE} \ 
--to=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY} \ 
--to-release-image=${LOCAL_REGISTRY}/${LOCAL_REPOSITORY}:${OCP_RELEASE}-${ARCHITECTURE}

I get the following, encouraging response:

info: Mirroring 120 images to host.okd-registry.dns:5000/ocp4/openshift4 ...

followed by blobs: and manifests: lines, and finally the line

stats: shared=0 unique=7 size=105.3MiB ratio=1.00

I then get about 50 lines stating

error: unable to retrieve source image quay.io/openshift-release-dev/ocp-v4.0-art-dev manifest
sha256:{some value}: unauthorized: access to the requested resource is not authorized

I have a quay account but I am not sure if that is required even after my research, and if it is, where or how I would log into it. I have attempted doing so using oc login followed by various addresses within the release structure, but if this is the solution, I may be using the wrong arguments as I have not been able to find any instructions on doing this.

I have also tried the command with sudo. I doubt that is an issue but I tried it anyway.

I suppose the issue could be with my certificates, but I am not sure how to determine if this is the case.

Any guidance or suggestions would be much appreciated.