1402551 – [DOCS] Securing the registry documentation incomplete and will not work as published

Bug 1402551 - [DOCS] Securing the registry documentation incomplete and will not work as published

Summary: [DOCS] Securing the registry documentation incomplete and will not work as pu...

Keywords:
Status:	CLOSED CURRENTRELEASE
Alias:	None
Product:	OpenShift Container Platform
Classification:	Red Hat
Component:	Documentation
Sub Component:
Version:	3.3.0
Hardware:	x86_64
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Target Release:	---
Assignee:	Ashley Hardin
QA Contact:	ge liu
Docs Contact:	Vikram Goyal
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2016-12-07 19:36 UTC by Matthew Whitehead
Modified:	2017-08-04 17:48 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2017-08-04 17:48:20 UTC
Target Upstream Version:

Attachments	(Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

Description Matthew Whitehead 2016-12-07 19:36:17 UTC

Document URL: https://docs.openshift.com/container-platform/3.3/install_config/registry/securing_and_exposing_registry.html#securing-the-registry

Section Number and Name: "Securing the Registry"

Describe the issue: Documentation is incomplete and will not work without two (2) additional steps:

cp /etc/origin/master/ca.crt /etc/pki/ca-trust/source/anchors/myregistrydomain.com.crt

update-ca-trust

The OS needs to know and trust the certificate in addition to Docker. Otherwise you get a certificate 'unknown authority' error. 

I found this information at https://docs.docker.com/registry/insecure/.

Suggestions for improvement: 

Additional information:

Comment 2 Ashley Hardin 2017-07-14 21:10:45 UTC

Work in progress: https://github.com/openshift/openshift-docs/pull/4791

Comment 3 ge liu 2017-07-24 08:15:21 UTC

The PR is not in merge status, and there are some comment have not be resolved, is that the last version?

Comment 4 Ashley Hardin 2017-07-24 17:36:20 UTC

I applied the latest changes based on my team's feedback, so the PR is now fully up to date. As part of our docs workflow, we are not supposed to merge docs until they are reviewed by QE. Once QE verifies the docs, we merge. Thanks!

Comment 5 ge liu 2017-07-25 01:49:32 UTC

LGTM, thx

Comment 6 openshift-github-bot 2017-07-25 15:13:31 UTC

Commits pushed to master at https://github.com/openshift/openshift-docs

https://github.com/openshift/openshift-docs/commit/2a9b196e5866b728ba86bd561a7292c6dbd8f8be
Bug 1402551, added steps about trusting the certificate

https://github.com/openshift/openshift-docs/commit/5434e068248e5dd11b6aadc6cb324239c42f4378
Merge pull request #4791 from ahardin-rh/BZ1402551

Bug 1402551, added steps about trusting the certificate

Comment 7 Vikram Goyal 2017-07-31 03:19:07 UTC

This has been published for 3.5, while I am waiting on updates for 3.4 and 3.3.

Comment 8 Ashley Hardin 2017-08-04 17:48:20 UTC

Content is now published:
https://access.redhat.com/documentation/en-us/openshift_container_platform/3.5/html/installation_and_configuration/setting-up-the-registry#securing-the-registry

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.4/html/installation_and_configuration/setting-up-the-registry#securing-the-registry

https://access.redhat.com/documentation/en-us/openshift_container_platform/3.3/html/installation_and_configuration/setting-up-the-registry#securing-the-registry

Note You need to log in before you can comment on or make changes to this bug.