From 62ff912e4b0f598b34dfdcf2909155139aead907 Mon Sep 17 00:00:00 2001 From: Bill Dettelback Date: Fri, 30 Oct 2020 16:33:23 -0400 Subject: [PATCH 1/3] Fixed broken link to clair instructions in basic deploy guide --- modules/proc_deploy_quay_add.adoc | 10 +--------- 1 file changed, 1 insertion(+), 9 deletions(-) diff --git a/modules/proc_deploy_quay_add.adoc b/modules/proc_deploy_quay_add.adoc index 4e3232b54..613e5f630 100644 --- a/modules/proc_deploy_quay_add.adoc +++ b/modules/proc_deploy_quay_add.adoc @@ -76,15 +76,7 @@ Clair images scanning and Repository Mirroring, continue on to the next section. == Add Clair image scanning to {productname} Setting up and deploying Clair image scanning for your -{productname} deployment requires the following basic steps: - -* Restarting the {productname} Setup tool -* Creating authentication keys for Clair -* Setting up a database for Clair -* Deploying the Clair container - -These steps are described in -link:https://access.redhat.com/documentation/en-us/red_hat_quay/{producty}/html-single/manage_red_hat_quay/index#quay-security-scanner[{productname} Security Scanning with Clair]. +{productname} deployment is described in link:manage_quay.html#clair-v4[Clair Security Scanning] [[add-repo-mirroring]] == Add repository mirroring {productname} From 97b9df64361107462fb64f63b8b3eee83ffab52a Mon Sep 17 00:00:00 2001 From: Bill Dettelback Date: Wed, 9 Dec 2020 13:22:04 -0500 Subject: [PATCH 2/3] Updated text with proper secret key name and example showing how to make secret --- .../proc_deploy-quay-openshift-operator-tng.adoc | 14 +++++++++++--- 1 file changed, 11 insertions(+), 3 deletions(-) diff --git a/modules/proc_deploy-quay-openshift-operator-tng.adoc b/modules/proc_deploy-quay-openshift-operator-tng.adoc index 2ad566fd7..a381de9c8 100644 --- a/modules/proc_deploy-quay-openshift-operator-tng.adoc +++ b/modules/proc_deploy-quay-openshift-operator-tng.adoc @@ -267,13 +267,13 @@ When the Quay Operator starts up, it immediately looks for any `QuayRegistries` === Ugrading a QuayEcosystem -Upgrades are supported from previous versions of the Operator which used the `QuayEcosystem` API for a limited set of configurations. To ensure that migrations do not happen unexpectedly, a special label needs to be applied to the `QuayEcosystem` for it to be migrated. A new `QuayRegistry` will be created for the Operator to manage, but the old `QuayEcosystem` will remain until manually deleted to ensure that you can roll back and still access Quay in case anything goes wrong. To migrate an existing `QuayEcosystem` to a new `QuayRegistry`, follow these steps: +Upgrades are supported from previous versions of the Operator which used the `QuayEcosystem` API for a limited set of configurations. To ensure that migrations do not happen unexpectedly, a special label needs to be applied to the `QuayEcosystem` for it to be migrated. A new `QuayRegistry` will be created for the Operator to manage, but the old `QuayEcosystem` will remain until manually deleted to ensure that you can roll back and still access Quay in case anything goes wrong. To migrate an existing `QuayEcosystem` to a new `QuayRegistry`, follow these steps. -. If using an Operator-managed database, ensure that the password is set for the `postgres` root admin user (not set by default). This allows remote access to the database for migration. The Operator looks for this password in the `Secret` referenced by `spec.quay.database.credentialsSecretKey` under the `database-root-password` key. +If using an Operator-managed database, first ensure that the password is set for the `postgres` root admin user (not set by default). This allows remote access to the database for migration. The Operator looks for this password in the `Secret` referenced by `spec.quay.database.credentialsSecretName` under the `database-root-password` key. To set/change the password, use either the OpenShift console or `kubectl` to [open an SSH terminal connection](https://kubernetes.io/docs/tasks/debug-application-cluster/get-shell-running-container/) to the Postgres pod: ```sh -$ kubectl exec -n --stdin --tty deployment/-quay-postgresql -- /bin/bash +$ oc exec -n --stdin --tty deployment/-quay-postgresql -- /bin/bash ``` Execute the following command and follow instructions to change the password: @@ -285,6 +285,14 @@ Type "help" for help. postgres=# \password ``` +To create a `Secret` containing the `postgres` root admin users' password: +```sh +$ oc create secret generic quaydb --from-literal=database-root-password=postgresql + +``` + +To carry out the actual migration: + . Add `"quay-operator/migrate": "true"` to the `metadata.labels` of the `QuayEcosystem`. . Wait for a `QuayRegistry` to be created with the same `metadata.name` as your `QuayEcosystem`. From 95d7429274fd91a5052182236a55bdd7f410f412 Mon Sep 17 00:00:00 2001 From: Bill Dettelback Date: Wed, 9 Dec 2020 15:27:07 -0500 Subject: [PATCH 3/3] Changed secret creation example to match other quay docs --- modules/proc_deploy-quay-openshift-operator-tng.adoc | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/modules/proc_deploy-quay-openshift-operator-tng.adoc b/modules/proc_deploy-quay-openshift-operator-tng.adoc index a381de9c8..3033e53e9 100644 --- a/modules/proc_deploy-quay-openshift-operator-tng.adoc +++ b/modules/proc_deploy-quay-openshift-operator-tng.adoc @@ -285,9 +285,13 @@ Type "help" for help. postgres=# \password ``` -To create a `Secret` containing the `postgres` root admin users' password: +To create a `Secret` containing the `postgres` root admin user's password: ```sh -$ oc create secret generic quaydb --from-literal=database-root-password=postgresql +$ oc create secret generic \ + --from-literal=database-username= \ + --from-literal=database-password= \ + --from-literal=database-root-password= \ + --from-literal=database-name= ```