diff --git a/modules/registry-configuring-storage-baremetal.adoc b/modules/registry-configuring-storage-baremetal.adoc index ac0c977239d7..b658807c9268 100644 --- a/modules/registry-configuring-storage-baremetal.adoc +++ b/modules/registry-configuring-storage-baremetal.adoc @@ -6,8 +6,31 @@ // * installing/installing_ibm_z/installing-ibm-z.adoc // * virt/virtual_machines/importing_vms/virt-importing-vmware-vm.adoc +ifeval::["{context}" == "installing-ibm-z"] +:ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:ibm-z: +:restricted: +endif::[] +ifeval::["{context}" == "installing-ibm-power"] +:ibm-power: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-power"] +:ibm-power: +:restricted: +endif::[] + [id="registry-configuring-storage-baremetal_{context}"] +ifndef::ibm-z,ibm-power[] = Configuring registry storage for bare metal +endif::ibm-z,ibm-power[] +ifdef::ibm-z[] += Configuring registry storage for IBM Z +endif::ibm-z[] +ifdef::ibm-power[] += Configuring registry storage for IBM Power +endif::ibm-power[] As a cluster administrator, following installation you must configure your registry to use storage. @@ -15,9 +38,14 @@ registry to use storage. .Prerequisites * Cluster administrator permissions. -* A cluster on bare metal. -* Provision persistent storage -for your cluster, such as Red Hat OpenShift Container Storage. To deploy a private image registry, your storage must provide +* A cluster on +ifndef::ibm-z,ibm-power[bare metal.] +ifdef::ibm-z[IBM Z.] +ifdef::ibm-power[IBM Power.] +* Provision persistent storage for your cluster, such as +ifndef::ibm-z[Red Hat OpenShift Container Storage.] +ifdef::ibm-z[NFS.] +To deploy a private image registry, your storage must provide ReadWriteMany access mode. * Must have "100Gi" capacity. @@ -26,11 +54,6 @@ ReadWriteMany access mode. . To configure your registry to use storage, change the `spec.storage.pvc` in the `configs.imageregistry/cluster` resource. + -[NOTE] -==== -When using shared storage such as NFS, it is strongly recommended to use the `supplementalGroups` strategy, which dictates the allowable supplemental groups for the Security Context, rather than the `fsGroup` ID. Refer to the NFS *Group IDs* documentation for details. -==== - . Verify you do not have a registry Pod: + ---- @@ -39,15 +62,25 @@ $ oc get pod -n openshift-image-registry + [NOTE] ===== -* If the storage type is `emptyDIR`, the replica number cannot be greater than `1`. -* If the storage type is `NFS`, you must enable the `no_wdelay` and `root_squash` mount options. For example: -+ +If the storage type is `emptyDIR`, the replica number cannot be greater than `1`. +If the storage type is `NFS`, and you want to scale up the registry Pod by setting +`replica>1` you must enable the `no_wdelay` mount option. For example: + +ifndef::ibm-power+restricted[] ---- # cat /etc/exports -/mnt/data *(rw,sync,no_wdelay,root_squash,insecure,fsid=0) +/mnt/data *(rw,sync,no_wdelay,no_root_squash,insecure,fsid=0) sh-4.2# exportfs -rv exporting *:/mnt/data ---- +endif::ibm-power+restricted[] + +ifdef::ibm-power+restricted[] +---- +# cat /etc/exports +/var/nfsshare *(rw,sync,no_root_squash) +---- +endif::ibm-power+restricted[] ===== + . Check the registry configuration: @@ -68,3 +101,38 @@ Leave the `claim` field blank to allow the automatic creation of an ---- $ oc get clusteroperator image-registry ---- ++ +. Ensure that your registry is set to managed to enable building and pushing of images. ++ +* Run: ++ +---- +$ oc edit configs.imageregistry/cluster +---- ++ +Then, change the line ++ +---- +managementState: Removed +---- ++ +to ++ +---- +managementState: Managed +---- + +ifeval::["{context}" == "installing-ibm-z"] +:!ibm-z: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-z"] +:!ibm-z: +:!restricted: +endif::[] +ifeval::["{context}" == "installing-ibm-power"] +:!ibm-power: +endif::[] +ifeval::["{context}" == "installing-restricted-networks-ibm-power"] +:!ibm-power: +:!restricted: +endif::[] diff --git a/modules/registry-configuring-storage-vsphere.adoc b/modules/registry-configuring-storage-vsphere.adoc index 6799f7d9e5a5..460c735aa7a8 100644 --- a/modules/registry-configuring-storage-vsphere.adoc +++ b/modules/registry-configuring-storage-vsphere.adoc @@ -34,11 +34,6 @@ a different storage backend, such as `NFS`, to configure the registry storage. . To configure your registry to use storage, change the `spec.storage.pvc` in the `configs.imageregistry/cluster` resource. + -[NOTE] -==== -When using shared storage such as NFS, it is strongly recommended to use the `supplementalGroups` strategy, which dictates the allowable supplemental groups for the Security Context, rather than the `fsGroup` ID. Refer to the NFS *Group IDs* documentation for details. -==== - . Verify you do not have a registry Pod: + ---- @@ -47,12 +42,13 @@ $ oc get pod -n openshift-image-registry + [NOTE] ===== -* If the storage type is `emptyDIR`, the replica number cannot be greater than `1`. -* If the storage type is `NFS`, you must enable the `no_wdelay` and `root_squash` mount options. For example: -+ +If the storage type is `emptyDIR`, the replica number cannot be greater than `1`. +If the storage type is `NFS`, and you want to scale up the registry Pod by setting +`replica>1` you must enable the `no_wdelay` mount option. For example: + ---- # cat /etc/exports -/mnt/data *(rw,sync,no_wdelay,root_squash,insecure,fsid=0) +/mnt/data *(rw,sync,no_wdelay,no_root_squash,insecure,fsid=0) sh-4.2# exportfs -rv exporting *:/mnt/data ---- diff --git a/modules/storage-persistent-storage-nfs-group-ids.adoc b/modules/storage-persistent-storage-nfs-group-ids.adoc index 6379502a45f2..8fcd20038e2c 100644 --- a/modules/storage-persistent-storage-nfs-group-ids.adoc +++ b/modules/storage-persistent-storage-nfs-group-ids.adoc @@ -1,9 +1,7 @@ // Module included in the following assemblies: // // * storage/persistent_storage/persistent-storage-nfs.adoc -// * storage/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc -[id=storage-persistent-storage-nfs-group-ids_{context}] = Group IDs The recommended way to handle NFS access, assuming it is not an option to @@ -15,7 +13,8 @@ Pod's `securityContext`. [NOTE] ==== -To gain access to persistent storage, it is generally preferable to use supplemental group IDs versus user IDs. +It is generally preferable to use supplemental group IDs to gain access to +persistent storage versus using user IDs. ==== Because the group ID on the example target NFS directory diff --git a/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc b/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc index 3aec85982c1a..6110e4ffc4b9 100644 --- a/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc +++ b/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc @@ -12,12 +12,10 @@ include::modules/installation-registry-storage-config.adoc[leveloffset=+1] include::modules/registry-configuring-storage-baremetal.adoc[leveloffset=+1] -See xref:../../storage/persistent_storage/persistent-storage-nfs.adoc#storage-persistent-storage-nfs-group-ids_persistent-storage-nfs[Group IDs] for additional details about using supplemental groups to handle NFS access. - include::modules/installation-registry-storage-non-production.adoc[leveloffset=+1] [id="configuring-registry-storage-baremetal-addtl-resources"] == Additional resources -For more details about configuring registry storage for bare metal, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology]. +For more details on configuring registry storage for bare metal, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology]. diff --git a/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc b/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc index 80b2daf2ad56..0ad97db60f01 100644 --- a/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc +++ b/registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc @@ -12,8 +12,6 @@ include::modules/installation-registry-storage-config.adoc[leveloffset=+2] include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+1] -See xref:../../storage/persistent_storage/persistent-storage-nfs.adoc#storage-persistent-storage-nfs-group-ids_persistent-storage-nfs[Group IDs] for additional details about using supplemental groups to handle NFS access. - include::modules/installation-registry-storage-non-production.adoc[leveloffset=+1] include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+1] @@ -23,4 +21,4 @@ For instructions about configuring registry storage so that it references the co [id="configuring-registry-storage-vsphere-addtl-resources"] == Additional resources -For more details about configuring registry storage for vSphere, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology]. +For more details on configuring registry storage for vSphere, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].