Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1688705 - Configuring registry.redhat.io using inventory executing config.yml
Summary: Configuring registry.redhat.io using inventory executing config.yml
Keywords:
Status: CLOSED NOTABUG
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Installer
Version: 3.11.0
Hardware: All
OS: Other
medium
medium
Target Milestone: ---
: 3.11.z
Assignee: Scott Dodson
QA Contact: Johnny Liu
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2019-03-14 09:35 UTC by Alberto Gonzalez de Dios
Modified: 2019-03-15 13:35 UTC (History)
4 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-03-15 13:35:48 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Alberto Gonzalez de Dios 2019-03-14 09:35:01 UTC
Description of problem:
According to the documentation, "configuring red hat registry" [1], there are 2 ways to configure new registry 'registry.redhat.io ':

1) For a new installation or an ugrade [2] -> Running an upgrade or deploy yaml playbook

2) For an installed cluster -> Create secret, docker login, copy ~/.docker/config.json to /var/lib/origin/.docker/config.json and restart the node [3]

However, in the second method, there is not a way using inventory. There should be a method using master and nodes config playbook to configure new registry 'registry.redhat.io '. Our recommended way of changing configuration is using always the inventory.


[1] https://docs.openshift.com/container-platform/3.11/install_config/configuring_red_hat_registry.html
[2] https://docs.openshift.com/container-platform/3.11/install_config/configuring_red_hat_registry.html#managing-registry-credentials-for-install-upgrade_configuring_red_hat_registry
[3] https://docs.openshift.com/container-platform/3.11/install_config/configuring_red_hat_registry.html#using-service-accounts_configuring_red_hat_registry


Version-Release number of selected component (if applicable):
3.11

Comment 3 Scott Dodson 2019-03-14 12:49:00 UTC
Set those values, run playbooks/updates/registry_auth.yml, let us know if that doesn't work.

Comment 4 Alberto Gonzalez de Dios 2019-03-14 14:29:14 UTC
With the playbook 'playbooks/updates/registry_auth.yml', roles openshift-ansible/roles/[1]/tasks/registry_auth.yml are used. These roles just create docker login configuration (/var/lib/origin/.docker/config.json). But it's missing the secret generation (by default deploy creates imagestreamsecret), and the image and imagePullSecrets configuration. Is there any playbook for this, or this is done in some part of deploy or upgrade yaml?

[1] container_runtime, openshift-node and openshift_control_plane

Comment 5 Scott Dodson 2019-03-14 14:57:56 UTC
Yes it would happen during the upgrade playbook as it's required during the move from 3.10 to 3.11. I was hoping to provide a simpler option but it appears that upgrade playbook is the only way to achieve this today.

Comment 8 Scott Dodson 2019-03-15 13:35:48 UTC
This change should be applied automatically when upgrading from 3.10 to 3.11 under default configuration. If you've previously set oreg_url to a value that doesn't match 'registry.redhat.io' then credentials would not have been required during that upgrade. If you were to change the value of oreg_url after upgrading you should make sure to supply credentials for that registry and run the upgrade playbooks.

I'm closing this NOTABUG, if you find that what I've said is not correct re-open and we'll look into it.


Note You need to log in before you can comment on or make changes to this bug.