Bug 1327313 - xpaas images (eg: eap) don't indicate that creating service accounts & secrets is required
Summary: xpaas images (eg: eap) don't indicate that creating service accounts & secret...
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: Documentation
Version: 3.1.0
Hardware: Unspecified
OS: Unspecified
urgent
high
Target Milestone: ---
: ---
Assignee: Bilhar
QA Contact: Vikram Goyal
Vikram Goyal
URL:
Whiteboard:
: 1330325 (view as bug list)
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-04-14 18:26 UTC by Erik M Jacobs
Modified: 2016-07-18 03:41 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2016-06-20 01:59:37 UTC
Target Upstream Version:


Attachments (Terms of Use)

Description Erik M Jacobs 2016-04-14 18:26:30 UTC
In order to use (for example) the eap64 template, you must create secrets and service account entries, which are not provided by the template.

https://github.com/jboss-openshift/application-templates/tree/master/secrets

This is also related to https://bugzilla.redhat.com/show_bug.cgi?id=1327312 because we're missing these secret files.

https://github.com/jboss-openshift/application-templates#https-configuration describes creating the secrets, which is not documented.

Comment 1 Erik M Jacobs 2016-04-14 18:32:29 UTC
If it is determined that we should not include the secrets files ( #1327312 ), then we need to indicate in the documentation how an end-user can create them for themselves.

Comment 2 Bilhar 2016-04-21 04:16:39 UTC
Erik, Kevin, since secrets are not created by the installer nor are they created when fetching templates, is the simple fix for now to include the content that Erik pointed to on GitHub in the xPaaS docs?

https://github.com/jboss-openshift/application-templates#https-configuration

I probably won't get to testing all this out until next week so that I understand it better, but if this content will be enough to address this BZ quickly, then I can get it added to the xPaaS docs. The only question is whether to add it to the individual docs for each image, or put it somewhere so that it applies to all of the images.

Comment 3 Erik M Jacobs 2016-04-21 12:39:36 UTC
Putting example secrets/service account definitions into the docs would be EXTREMELY helpful. Right now you basically have to know the magic -- it's barely documented anywhere, even in the upstream GitHub for the xPaaS templates.

Two steps further to go:

1) document/show how to convert an SSL certificate into a secret for use with the EAP stuff. This doc is definitely tied specifically to the xPaaS things but also would be useful elsewhere in the docs more generically (how to include SSL certificates in your apps for endpoint SSL termination) -- not sure if this is already there

2) document openSSL commands to generate a certificate and process into a secret for use with the EAP stuff. Also applies similarly to #1.

If #1 and #2 are already documented, we may want to link to them from the secret/SA stuff in the various xPaaS docs.

Comment 4 Paul Weil 2016-04-26 14:50:34 UTC
*** Bug 1330325 has been marked as a duplicate of this bug. ***

Comment 5 Dan Mace 2016-05-19 18:47:50 UTC
What's the problem with defining the SAs in the templates?

Comment 6 Jacob Lucky 2016-05-19 19:50:29 UTC
Merging SAs and Secrets into the main/single template: https://github.com/openshift/online/pull/150

Comment 7 Bilhar 2016-06-20 01:59:37 UTC
I'm closing this BZ as I believe we've addressed this in the current xPaaS EAP documentation on the customer portal:

https://access.redhat.com/documentation/en/red-hat-xpaas/version-0/red-hat-xpaas-eap-image/#installation_and_configuration

Otherwise, I'm happy to reopen if there are any other issues.

Comment 8 Erik M Jacobs 2016-06-20 12:50:50 UTC
Is this level of information in the ** OpenShift ** documentation?

Comment 9 Vikram Goyal 2016-07-18 03:41:35 UTC
(In reply to Erik M Jacobs from comment #8)
> Is this level of information in the ** OpenShift ** documentation?

Hey Erik,

Sorry for the late reply.

Secrets, in general, are covered by the Dev Guide in the OSE docs.

https://docs.openshift.com/enterprise/3.2/dev_guide/secrets.html


Note You need to log in before you can comment on or make changes to this bug.