Bug 1402551

Summary: [DOCS] Securing the registry documentation incomplete and will not work as published
Product: OpenShift Container Platform Reporter: Matthew Whitehead <mwhitehe>
Component: DocumentationAssignee: Ashley Hardin <ahardin>
Status: CLOSED CURRENTRELEASE QA Contact: ge liu <geliu>
Severity: high Docs Contact: Vikram Goyal <vigoyal>
Priority: high    
Version: 3.3.0CC: aos-bugs, jokerman, mmccomas
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-08-04 17:48:20 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:

Description Matthew Whitehead 2016-12-07 19:36:17 UTC 
Document URL: https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html#securing-the-registry

Section Number and Name: "Securing the Registry"

Describe the issue: Documentation is incomplete and will not work without two (2) additional steps:

cp /etc/origin/master/ca.crt /etc/pki/ca-trust/source/anchors/myregistrydomain.com.crt

update-ca-trust

The OS needs to know and trust the certificate in addition to Docker. Otherwise you get a certificate 'unknown authority' error. 

I found this information at https://docs.docker.com/registry/insecure/.

Suggestions for improvement: 

Additional information:
Comment 2 Ashley Hardin 2017-07-14 21:10:45 UTC 
Work in progress: https://github.com/openshift/openshift-docs/pull/4791
Comment 3 ge liu 2017-07-24 08:15:21 UTC 
The PR is not in merge status, and there are some comment have not be resolved, is that the last version?
Comment 4 Ashley Hardin 2017-07-24 17:36:20 UTC 
I applied the latest changes based on my team's feedback, so the PR is now fully up to date. As part of our docs workflow, we are not supposed to merge docs until they are reviewed by QE. Once QE verifies the docs, we merge. Thanks!
Comment 5 ge liu 2017-07-25 01:49:32 UTC 
LGTM, thx
Comment 6 openshift-github-bot 2017-07-25 15:13:31 UTC 
Commits pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/2a9b196e5866b728ba86bd561a7292c6dbd8f8be
Bug 1402551, added steps about trusting the certificate

https://github.com/openshift/openshift-docs/commit/5434e068248e5dd11b6aadc6cb324239c42f4378
Merge pull request #4791 from ahardin-rh/BZ1402551

Bug 1402551, added steps about trusting the certificate
Comment 7 Vikram Goyal 2017-07-31 03:19:07 UTC 
This has been published for 3.5, while I am waiting on updates for 3.4 and 3.3.
Comment 8 Ashley Hardin 2017-08-04 17:48:20 UTC 
Content is now published:
https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/installation_and_configuration/setting-up-the-registry#securing-the-registry

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/installation_and_configuration/setting-up-the-registry#securing-the-registry

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/installation_and_configuration/setting-up-the-registry#securing-the-registry