Bug 1387371

Summary: [DOCS] Fix documentation for exposing insecure registry
Product: OpenShift Container Platform Reporter: Veer Muchandi <veer>
Component: DocumentationAssignee: Ashley Hardin <ahardin>
Status: CLOSED CURRENTRELEASE QA Contact: zhou ying <yinzhou>
Severity: unspecified Docs Contact: Vikram Goyal <vigoyal>
Priority: unspecified    
Version: 3.3.1CC: ahardin, aos-bugs, jokerman, mmccomas, vigoyal
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-11-07 15:15:32 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Veer Muchandi 2016-10-20 17:36:31 UTC 
Document URL: 

https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html#access-insecure-registry-by-exposing-route

Section Number and Name: 

Use the above url

Describe the issue: 


Exposing a Non-Secure Registry - A few things need to be changed here in the documentation

Issue 1
Check the health of the registry in your web browser: http://registry.example.com/healthz does not return any results. It is just a blank page. just HTTP 200/OK
So asking to check in browser is misleading.

Instead ask for curl -v http://registry.example.com/healthz and expect a HTTP 200/OK is good enough

Issue 2:
 - OPTIONS='--selinux-enabled --insecure-registry=172.30.0.0/16 --insecure-registry registry.ose-node.openshift.com:443'

The above should be added on the client box from which you are trying to login. If you are reading the previous section, you may confuse and add this to master and all nodes. so be clear. Just say add it to the client. BTW, adding another statement that docker should be running on the client box.


Issue 3: 
--insecure-registry registry.ose-node.openshift.com:443 should be --insecure-registry registry.ose-node.openshift.com:80. When you expose insecure registry you are not using https.

Suggestions for improvement: 

Additional information:
Comment 1 Ashley Hardin 2016-10-24 20:36:46 UTC 
Work in progress:
https://github.com/openshift/openshift-docs/pull/3098
Comment 2 zhou ying 2016-10-26 07:25:45 UTC 
Issue 4:
Use the same hostname for the docker-registry on step3:

OPTIONS='--selinux-enabled --insecure-registry=172.30.0.0/16 --insecure-registry registry.example.com:80'


docker login -e user -u f83j5h6 -p Ju1PeM47R0B92Lk3AZp-bWJSck2F7aGCiZ66aFGZrs2 registry.example.com:80


And when  logging in to the non-secured and exposed registry, the port also should be 80.
Comment 3 Ashley Hardin 2016-10-26 21:20:23 UTC 
Thank you. These updates are complete. Please let me know if I missed anything.
https://github.com/openshift/openshift-docs/pull/3098
Comment 4 zhou ying 2016-10-31 02:04:02 UTC 
IMO, It's better to use the same host name of the route for docker-registry for the whole doc. EX:registry.example.com:80.
Comment 5 Ashley Hardin 2016-10-31 15:47:28 UTC 
Updated. Thank you!
https://github.com/openshift/openshift-docs/pull/3098

http://file.rdu.redhat.com/~ahardin/10242016/exposing-route/install_config/registry/securing_and_exposing_registry.html
Comment 6 Ashley Hardin 2016-11-01 12:41:28 UTC 
*** Bug 1390471 has been marked as a duplicate of this bug. ***
Comment 7 zhou ying 2016-11-03 02:56:56 UTC 
Check the doc, will verify this issue.
Comment 8 openshift-github-bot 2016-11-03 13:11:49 UTC 
Commits pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/cac53d0fe5cd9f3d0e5a4ef786d26f55d3493546
Bug 1387371, added clarification to the Exposing a Non-Secure Registry section

https://github.com/openshift/openshift-docs/commit/c18681e54b0a46ce8e9189fd1da0bc6e18307ef9
Merge pull request #3098 from ahardin-rh/exposing-route

Bug 1387371, added clarification to the Exposing a Non-Secure Registry section
Comment 9 Ashley Hardin 2016-11-07 15:15:32 UTC 
Content is now published:
https://access.redhat.com/documentation/en/openshift-container-platform/3.3/single/installation-and-configuration/#access-insecure-registry-by-exposing-route