Bug 1278832 - [Docs] [Containers] Add documentation so that a sysadmin knows how to proceed to add Kubernetes/OpenShift/Atomic
Summary: [Docs] [Containers] Add documentation so that a sysadmin knows how to proceed...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat CloudForms Management Engine
Classification: Red Hat
Component: Documentation
Version: 5.5.0
Hardware: Unspecified
OS: Unspecified
high
medium
Target Milestone: GA
: 5.5.0
Assignee: Petr Kovar
QA Contact:
URL:
Whiteboard: container
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-11-06 14:05 UTC by Marianne Feifer
Modified: 2016-01-07 23:56 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-01-07 23:56:24 UTC
Category: ---
Cloudforms Team: ---
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)

Description Marianne Feifer 2015-11-06 14:05:38 UTC 
Description of problem:

From Federico Simoncelli:

Hi, I'd like to document the ManageIQ service account creation, more or less:

http://talk.manageiq.org/t/announcing-the-alpha-release-of-capablanca/939/3

in a more official page, and then add a link in the ManageIQ
containers provider page to that documentation so that a sysadmin
knows how to proceed to add Kubernetes/OpenShift/Atomic.

Do you have a suggestion on where I can put that documentation?

Also, remember that it will also reach downstream and since we want to
limit the differences (upstream vs downstream) it would be great if
the documentation page would be the same one.


Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:  See the talk article referenced above. Would be good to have KB as well as in Guides.


Document URL: 

Section Number and Name: 

Describe the issue: 

Suggestions for improvement: 

Additional information:
Comment 2 Federico Simoncelli 2015-11-06 15:17:46 UTC 
My latest notes for ManageIQ service account creation are:

 $  oc create -n default -f - <<EOF
apiVersion: v1
kind: ServiceAccount
metadata:
  name: manageiq
EOF

 $ oadm policy add-cluster-role-to-user cluster-reader system:serviceaccount:default:manageiq
 $ oadm policy add-scc-to-user privileged system:serviceaccount:default:manageiq


To fetch the token then we currently have:

 $ oc get secrets `oc describe serviceaccount manageiq | awk '/Tokens:/ { print $2 }'` --template '{{.data.token}}' | base64 -d

which is a little shaky as the line with "Tokens:" may get a secret that is not a token.

David, Clayton do you have something nicer for this?

Maybe we can bake something out of this starting point:

 $ oc get serviceaccount -n default manageiq --template '{{range .secrets}}{{.name}} {{end}}'
Comment 3 David Eads 2015-11-06 15:32:17 UTC 
I would try something like: 

oc get sa/builder --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 oc get secret --template='{{ if .data.token }}{{ .data.token }}{{end}}' | base64 -d -

gets the service account, iterates over the secret names, checks them one by one to see if they have a token key in the map, does a decode.

You can add an echo and a head to get just one.
Comment 4 David Eads 2015-11-06 15:34:16 UTC 
Here's one with the head.


oc get sa/default --template='{{range .secrets}}{{ .name }} {{end}}' | xargs -n 1 oc get secret --template='{{ if .data.token }}{{ .data.token }}{{ printf "\n" }}{{end}}' | head -n 1 | base64 -d -
Comment 5 Andrew Dahms 2015-11-10 06:32:40 UTC 
Assigning to Petr for review.
Comment 8 Andrew Dahms 2016-01-07 23:56:24 UTC 
This content is now live on the Customer Portal.

Closing.
Note You need to log in before you can comment on or make changes to this bug.