Document URL: https://docs.openshift.com/container-platform/3.7/install_config/install/advanced_install.html#configuring-openshift-ansible-broker Section Number and Name: Configuring the OpenShift Ansible Broker Describe the issue: When using the `openshift` registry (ISV registry at registry.connect.redhat.com https://github.com/openshift/ansible-service-broker/blob/master/docs/config.md#openshift-registry) we must be setting the value `auth_type`. We can either set that value to be a secret/file (https://github.com/openshift/ansible-service-broker/blob/master/docs/config.md#storing-registry-credentials-in-a-secretfile) or we can set the value to be `config` and simply declare user/pass in the configuration itself. In OCP 3.7 if `auth_type` is NOT set then the Broker will completely ignore credentials even if they are stored in the configmap. I recommend the user sets this to config and declares them in the configmap unless they do not want their credentials publicly accessible. In this case they should use a secret.
Added note about the `auth_type` requirement: http://file.rdu.redhat.com/~adellape/121317/brokerconfig/install_config/oab_broker_configuration.html#oab-broker-config-isv Added `auth_type` and `auth_name` to the table: http://file.rdu.redhat.com/~adellape/121317/brokerconfig/install_config/oab_broker_configuration.html#oab-broker-config-registry New "Storing Registry Credentials" subsection: http://file.rdu.redhat.com/~adellape/121317/brokerconfig/install_config/oab_broker_configuration.html#oab-broker-config-registry-storing-creds
Please help to define the "Target Release". Thx.
Alex, Thanks for your update! But, for the "Storing Registry Credentials" subsection, we have a bug about the "file" auth type. Here: https://bugzilla.redhat.com/show_bug.cgi?id=1539310. Another problem, I think we should replace the "registry.access.redhat.com" with "https://registry.connect.redhat.com" in that doc description. Because users do NOT need to config the user/pass to access the "registry.access.redhat.com" registry. The other two docs look good to me.
Jian, Thank you! Updates made per your feedback, see: https://github.com/openshift/openshift-docs/pull/6755#issuecomment-361344953
Alex, Thanks for your update! From this PR info, I think it will be released in version 3.9, right? If yes, I think we should add the "Target Release" info for this bug. And, for 3.9 scenarios, I added some comments in your PR. I changed status to ASSIGNED since need updating.
I've set this BZ to target release 3.7.z, and I'll make a separate PR for tracking the fix into 3.9 docs.
Alex, Thanks! Actually, for version 3.7, we just need to point out the "auth_type: config" is a necessary. And, where is your PR of the 3.7 docs? The https://github.com/openshift/openshift-docs/pull/6755#issuecomment-361344953 is 3.9 docs, right? I see the PR merge request to the master branch.
Jian, see latest comments in https://github.com/openshift/openshift-docs/pull/6755#issuecomment-362708805.
Alex, Thanks for your update! I added some comments to it, change status to ASSIGNED since need updating.
Thank you again, PR updated: https://github.com/openshift/openshift-docs/pull/6755#issuecomment-363148584
Alex, Thanks! For "Storing Registry Credentials" section, it looks good to me. But, for "ISV Registry", I found the registry name was NOT updated per my comments. I think we should update the name in order to avoid confusion.
Sorry, I don't know how that kept getting missed. Fixed via https://github.com/openshift/openshift-docs/pull/7611.
And here is the 3.9 PR to remove the requirement for BZ#1526949: https://github.com/openshift/openshift-docs/pull/7614 Preview: http://file.rdu.redhat.com/~adellape/020618/oab_openshift39/install_config/oab_broker_configuration.html
Alex, For 3.9 version, we have removed the "config" type. It means the below configs will work. So, I think we can remove the "config" type instructions in 3.9 version. registry: ... - type: openshift name: isv url: https://registry.connect.redhat.com user: xxx pass: xxx images: - rocketchat/rocketchat-apb white_list: - ".*-apb$"
Thanks, I've rewritten to remove mention of the `config` type completely for 3.9+: http://file.rdu.redhat.com/~adellape/021318/oab_openshift39/install_config/oab_broker_configuration.html#oab-config-registry http://file.rdu.redhat.com/~adellape/021318/oab_openshift39/install_config/oab_broker_configuration.html#oab-config-registry-storing-creds http://file.rdu.redhat.com/~adellape/021318/oab_openshift39/install_config/oab_broker_configuration.html#oab-config-isv
Alex, Thanks for your update! There are still two places need to be updated. 1)For the secret type, the users also need to specify the namespace, like below: registry: - name: isv type: openshift url: https://registry.connect.redhat.com auth_type: secret auth_name: registry-credentials-secret ... openshift: namespace: openshift-ansible-service-broker ... 2)For the file type, the containers.volumeMounts section, its format should be: volumeMounts: - mountPath: /tmp/registry-credentials name: reg-auth
Thanks, updates made.
Alex, Thanks for your update! It looks good to me!
Commit pushed to master at https://github.com/openshift/openshift-docs https://github.com/openshift/openshift-docs/commit/0feb7347e450836423a0cae6eea12810f00fef4e Merge pull request #7984 from adellape/origin_oab_prefix Bug 1535026: Fix OAB prefix/registry for Origin
https://docs.openshift.com/container-platform/3.9/install_config/oab_broker_configuration.html#oab-config-registry https://docs.openshift.com/container-platform/3.9/install_config/oab_broker_configuration.html#oab-config-registry-storing-creds https://docs.openshift.com/container-platform/3.9/install_config/oab_broker_configuration.html#oab-config-isv