November 21, 2024

OpenShift 3.4 Standalone Registry (Atomic Registry)

laurent04 mins

I realized today that the current OpenShift 3.4 documentation around installing the standalone registry is missing an important parameter. Here is the link to the bug openshift_master_default_subdomain missing . Its a small error but has some impact as the route registry-console-default.yourdomain will not be exposed externally.

Remember the standalone OpenShift registry is a full OpenShift installation thus it will need a DNS wildcard entry pointing to it for the subdomain defined in openshift_master_default_subdomain.

I used the following ansible hosts file to install the registry

# Create an OSEv3 group that contains the masters and nodes groups
[OSEv3:children]
masters
nodes

# Set variables common for all OSEv3 hosts
[OSEv3:vars]
# SSH user, this user should allow ssh based auth without requiring a password
ansible_ssh_user=root

# If ansible_ssh_user is not root, ansible_become must be set to true
#ansible_become=true
#openshift_master_cluster_public_hostname=registry.local.domb.com
openshift_master_default_subdomain=reg.local.domb.com
#openshift_master_cluster_hostname=registry.local.domb.com

deployment_type=openshift-enterprise
deployment_subtype=registry

# uncomment the following to enable htpasswd authentication; defaults to DenyAllPasswordIdentityProvider
openshift_master_identity_providers=[{'name': 'htpasswd_auth', 'login': 'true', 'challenge': 'true', 'kind': 'HTPasswdPasswordIdentityProvider', 'filename': '/etc/origin/master/htpasswd'}]

# host group for masters
[masters]
registry.local.domb.com

# host group for nodes, includes region info
[nodes]
registry.local.domb.com openshift_schedulable=true openshift_node_labels="{'region': 'infra', 'zone': 'default'}"

If you followed the redhat documentation around requirements you should be good to go. You can know run the

 [root@registry ~]# ansible-playbook /usr/share/ansible/openshift-ansible/playbooks/byo/config.yml

Once the install is done you can check with oc get routes if your route was created correctly

[root@registry ~]# oc get routes
NAME               HOST/PORT                                     PATH      SERVICES           PORT               TERMINATION
docker-registry    docker-registry-default.reg.local.domb.com              docker-registry    5000-tcp           passthrough
registry-console   registry-console-default.reg.local.domb.com             registry-console   registry-console   passthrough

You can know browse to https://registry-console-default.reg.local.domb.com and you should see the following UI (if you did not configure any users yet you will not be able to login!)

If you chose htpasswd_auth create a user with htpasswd /etc/origin/master/htpasswd admin and login. Once logged in you will see the atomic registry.

Then you can create a project and upload an image and you should see something like this