Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-10043

Fix credentials section in RHOSO doc

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Undefined Undefined
    • rhos-18.0.0
    • rhos-18.0.0
    • documentation
    • None
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • ?
    • ?
    • ?
    • None
    • Moderate

      In page https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/deploying_red_hat_openstack_services_on_openshift/assembly_creating-the-data-plane#proc_creating-the-data-plane-secrets_dataplane

      When using the stringData field, there is no need to base64 encode username and password.

      E.g., step 5. has the following example:

      apiVersion: v1
kind: Secret
metadata:
  name: subscription-manager
data:
  username: <base64_encoded_username>
  password: <base64_encoded_password>

      Change this for:

      apiVersion: v1
kind: Secret
metadata:
  name: subscription-manager
stringData:
  username: <username>
  password: <password>

      It's actually worse in step 7, where our documentation is inconsistent:

      apiVersion: v1
kind: Secret
metadata:
  name: redhat-registry
data:
  username: <registry_username>
  password: <registry_password>

      Ideally, it should be:

      apiVersion: v1
kind: Secret
metadata:
  name: redhat-registry
stringData:
  username: <registry_username>
  password: <registry_password>

      At the very minimum, it should be:

      apiVersion: v1
kind: Secret
metadata:
  name: redhat-registry
data:
  username: <base64 encoded registry_username>
  password: <rbase64 encoded egistry_password>

      The same goes for Step 9., if you use `stringData:` instead of `data`, there's no need to base64 encode the libvirt secret.

      apiVersion: v1
data:
 LibvirtPassword: <base64_password>
kind: Secret
metadata:
 name: libvirt-secret
 namespace: openstack
type: Opaque

      apiVersion: v1
stringData:
 LibvirtPassword: <password>
kind: Secret
metadata:
 name: libvirt-secret
 namespace: openstack
type: Opaque

      In step 10., the `-n openstack` in the apply command is redundant, as the namespace is already specified in the libvirt secret definition.

      Also, at Step 7 please add a link to this KCS https://access.redhat.com/RegistryAuthentication section "Creating Registry Service Account" as users should not save their main credentials inside the secret.

      I imagine that we have a similar KCS for step 5. as well, for the subsciption-manager credentials?

      Also note that in steps 5. and 8., we are not specifying the namespace, neither in 6. and 9. - so it's not clear which namespace these secrets must be created in

              igallagh@redhat.com Irina Gallagher
              akaris@redhat.com Andreas Karis
              rhos-dfg-df
              Votes:
              0 Vote for this issue
              Watchers:
              3 Start watching this issue

                Created:
                Updated:
                Resolved: