1373106 – [RFE] installer should support deploy secure docker-registry

Bug 1373106 - [RFE] installer should support deploy secure docker-registry

Summary: [RFE] installer should support deploy secure docker-registry

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Installer
Sub Component:
Version:	3.3.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	3.3.1
Assignee:	Andrew Butcher
QA Contact:	Johnny Liu
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-09-05 08:38 UTC by Johnny Liu
Modified:	2016-10-27 16:13 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:	The OpenShift registry created by openshift-ansible is now secured by default. Management of the OpenShift registry can be disabled by setting openshift_hosted_manage_registry=false in the inventory.
Clone Of:
Environment:
Last Closed:	2016-10-27 16:13:26 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2016:2122	0	normal	SHIPPED_LIVE	OpenShift Container Platform atomic-openshift-utils bug fix update	2016-10-27 20:11:30 UTC

Description Johnny Liu 2016-09-05 08:38:49 UTC

Description of problem:
According to https://github.com/openshift/openshift-ansible/pull/2409, we have roles/openshift_hosted/tasks/registry/secure.yml to secure the registry, but it is only called when deploying standalone atomic registry. 

It is better to spread it a little so that a normal OCP installation also could call this role to deploy a secure registry. E.g: could provide user a option, openshift_secure_registry=True

Of course, we also need avoid new issues when both openshift_secure_registry=True and deployment_subtype=registry are set when implement this new feature.

Version-Release number of selected component (if applicable):
openshift-ansible-playbooks-3.3.22-1.git.0.6c888c2.el7.noarch

How reproducible:
Always

Steps to Reproduce:
1.
2.
3.

Actual results:


Expected results:


Additional info:

Comment 1 Scott Dodson 2016-10-04 15:29:37 UTC

https://github.com/openshift/openshift-ansible/pull/2475

Comment 3 Johnny Liu 2016-10-10 07:49:13 UTC

Verified this bug with openshift-ansible-3.3.30-1.git.0.b260e04.el7.noarch, and PASS.

Now installer would deploy registry-console by default which is requiring a secure registry. So a secure docker-registry will be deployed by default.

Comment 5 errata-xmlrpc 2016-10-27 16:13:26 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2016:2122

Note You need to log in before you can comment on or make changes to this bug.