doc : Add steps to remove CRC pull secret from OS provided tools (#2572) #15
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
rohanKanojia
force-pushed
the
pr/issue2572
branch
from
d5952bc to
5e21a94
Compare
rohanKanojia
force-pushed
the
pr/issue2572
branch
from
5e21a94 to
c8377ba
Compare
praveenkumar
reviewed
Jan 8, 2025
modules/ROOT/pages/using.adoc
Outdated
| @@ -23,6 +23,66 @@ Only one preset can be active at a time. | |||
| * xref:installing.adoc#minimum-system-requirements[Minimum system requirements]. | |||
| * xref:configuring.adoc#changing-the-selected-preset[Changing the selected preset]. | |||
|
|
|||
| [id='about-pullsecrets'] | |||
| == About Pull Secrets | |||
| While starting cluster configured with {openshift} or {ushift} preset, {prod} would request you to provide a pull secret. It's required to pull some {ocp} specific container images. | |||
There was a problem hiding this comment.
Suggested change
| While starting cluster configured with {openshift} or {ushift} preset, {prod} would request you to provide a pull secret. It's required to pull some {ocp} specific container images. | |
| While starting cluster configured with {openshift} or {ushift} preset, {prod} would request you to provide a pull secret. It's required to pull container images from Red Hat container registries. |
There was a problem hiding this comment.
The sentence itself is confusing (too long?) as the "While"-statement is not correctly used here as a conjunction.
rohanKanojia
force-pushed
the
pr/issue2572
branch
from
c8377ba to
9959751
Compare
|
/assign @anjannath |
gbraad
requested changes
Jan 14, 2025
rohanKanojia
force-pushed
the
pr/issue2572
branch
2 times, most recently
from
27f2efd to
cf78d15
Compare
themr0c
reviewed
Jan 22, 2025
modules/ROOT/pages/using.adoc
Outdated
| @@ -95,6 +95,66 @@ $ crc setup # Initialize environment for cluster | |||
| $ crc start # Start the cluster | |||
| ---- | |||
|
|
|||
| [id='about-pullsecrets'] | |||
| == About Pull Secrets | |||
| While starting cluster configured with {openshift} or {ushift} preset {prod} would request you to provide a pull secret, it's required to pull some {ocp} specific container images. | |||
There was a problem hiding this comment.
Consider rewriting this sentence for clarity. If I understand well:
Suggested change
| While starting cluster configured with {openshift} or {ushift} preset {prod} would request you to provide a pull secret, it's required to pull some {ocp} specific container images. | |
| When using the {openshift} or {ushift} preset, {prod} requires your pull secret: | |
| * To pull the virtual machine bundle. | |
| * To pull {ocp} container images from the Red Hat registry. | |
| When you run `crc start` the first time, when the pull secret has not been provisioned, {prod} prompts you to provide your pull secret. | |
themr0c
reviewed
Jan 22, 2025
|
|
||
| Once you provide this pull secret, it gets stored in Operating System's credential manager so that {prod} doesn't ask for pull secret again in case you delete existing cluster and create | ||
| a new one. | ||
|
|
There was a problem hiding this comment.
Is this command to find the pull secret location OS agnostic?
crc config get pull-secret-file
There was a problem hiding this comment.
(In case CRC has stopped to use this config file: what happens if you have already provisioned this file?)
There was a problem hiding this comment.
Currently, pull secret can be provided to CRC via these options (in decreasing order of precedence) :
- Pull Secret from Path
--pull-secret-file - Pull Secret from config
pull-secret-file - Pull Secret from OS Credential Manager
Pull Secret is stored in OS Credential manager only when CRC is not able to resolve it from source 1 and 2. Whenever user enters pull secret via prompt it's stored in the operating system's keyring.
(In case CRC has stopped to use this config file: what happens if you have already provisioned this file?)
Sorry, I don't understand your question completely. What do you mean by provisioning the file?
There was a problem hiding this comment.
My question, indeed, makes no more sense with the information you provided. I missed the information that crc has multiple possible sources for the pull secret, with order of precedence (and continue to have them). It might be good to add this info to the docs. (See other comments)
themr0c
reviewed
Jan 22, 2025
modules/ROOT/pages/using.adoc
Outdated
|
|
||
| Please note that this pull secret would only be removed from the Operating System's credential manager when user runs [command]`{bin} cleanup` command. | ||
|
|
||
| If you manually want to remove/update pull secret from your Operating System's credential manager configuration. |
There was a problem hiding this comment.
Suggested change
| If you manually want to remove/update pull secret from your Operating System's credential manager configuration. | |
| If you manually want to remove or update the pull secret from your Operating System's credential manager configuration. |
themr0c
reviewed
Jan 22, 2025
modules/ROOT/pages/using.adoc
Outdated
Comment on lines
116
to
121
| 1. Open the Control Panel. | ||
| 2. Go to `User Accounts` > `Credential Manager`. | ||
| 3. Choose `Windows Credentials`. | ||
| 4. Find the {prod} pull secret entry you want to delete. | ||
| 5. Click on the entry to expand it. | ||
| 6. Click `Remove` to delete the credential. |
There was a problem hiding this comment.
Asciidoc syntax for ordered lists. See https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#lists
Suggested change
| 1. Open the Control Panel. | |
| 2. Go to `User Accounts` > `Credential Manager`. | |
| 3. Choose `Windows Credentials`. | |
| 4. Find the {prod} pull secret entry you want to delete. | |
| 5. Click on the entry to expand it. | |
| 6. Click `Remove` to delete the credential. | |
| . Open the Control Panel. | |
| . Go to `User Accounts` > `Credential Manager`. | |
| . Choose `Windows Credentials`. | |
| . Find the {prod} pull secret entry you want to delete. | |
| . Click on the entry to expand it. | |
| . Click `Remove` to delete the credential. |
themr0c
reviewed
Jan 22, 2025
modules/ROOT/pages/using.adoc
Outdated
Comment on lines
127
to
132
| 1. Open the `Activities` overview and start typing `Passwords`. | ||
| 2. Click on `Passwords and Keys` to open https://wiki.gnome.org/Projects/GnomeKeyring[GNOME Keyring]. | ||
| 3. Click on `Login` entry under `Passwords` | ||
| 4. Find the {prod} pull secret entry you want to delete. | ||
| 5. Right-click the entry you want to delete. | ||
| 6. Select `Delete` and confirm the deletion. |
There was a problem hiding this comment.
Asciidoc syntax for ordered lists. See https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#lists
Suggested change
| 1. Open the `Activities` overview and start typing `Passwords`. | |
| 2. Click on `Passwords and Keys` to open https://wiki.gnome.org/Projects/GnomeKeyring[GNOME Keyring]. | |
| 3. Click on `Login` entry under `Passwords` | |
| 4. Find the {prod} pull secret entry you want to delete. | |
| 5. Right-click the entry you want to delete. | |
| 6. Select `Delete` and confirm the deletion. | |
| . Open the `Activities` overview and start typing `Passwords`. | |
| . Click on `Passwords and Keys` to open https://wiki.gnome.org/Projects/GnomeKeyring[GNOME Keyring]. | |
| . Click on `Login` entry under `Passwords` | |
| . Find the {prod} pull secret entry you want to delete. | |
| . Right-click the entry you want to delete. | |
| . Select `Delete` and confirm the deletion. |
themr0c
reviewed
Jan 22, 2025
modules/ROOT/pages/using.adoc
Outdated
Comment on lines
143
to
148
| 1. Open the `Application Launcher` and start typing `KWalletManager`. | ||
| 2. Under `Contents` tab, click on `Secret Service` and expand it. | ||
| 3. Under expanded `Secret Service` entry, click on `Passwords` and expand it. | ||
| 4. Find the {prod} pull secret entry you want to delete. | ||
| 5. Right-click the entry you want to delete. | ||
| 6. Select `Delete` and confirm the deletion. |
There was a problem hiding this comment.
Asciidoc syntax for ordered lists. See https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#lists
Suggested change
| 1. Open the `Application Launcher` and start typing `KWalletManager`. | |
| 2. Under `Contents` tab, click on `Secret Service` and expand it. | |
| 3. Under expanded `Secret Service` entry, click on `Passwords` and expand it. | |
| 4. Find the {prod} pull secret entry you want to delete. | |
| 5. Right-click the entry you want to delete. | |
| 6. Select `Delete` and confirm the deletion. | |
| . Open the `Application Launcher` and start typing `KWalletManager`. | |
| . Under `Contents` tab, click on `Secret Service` and expand it. | |
| . Under expanded `Secret Service` entry, click on `Passwords` and expand it. | |
| . Find the {prod} pull secret entry you want to delete. | |
| . Right-click the entry you want to delete. | |
| . Select `Delete` and confirm the deletion. |
themr0c
reviewed
Jan 22, 2025
modules/ROOT/pages/using.adoc
Outdated
Comment on lines
152
to
193
| 1. Open `Keychain Access` from the `Applications` > `Utilities` folder. | ||
| 2. Select the keychain where the credential is stored (e.g., `login`, `iCloud`). | ||
| 3. Find the {prod} pull secret entry you want to delete. | ||
| 4. Right-click the entry and select `Delete`. | ||
| 5. Confirm the deletion when prompted. | ||
|
|
There was a problem hiding this comment.
Asciidoc syntax for ordered lists. See https://docs.asciidoctor.org/asciidoc/latest/syntax-quick-reference/#lists
Suggested change
| 1. Open `Keychain Access` from the `Applications` > `Utilities` folder. | |
| 2. Select the keychain where the credential is stored (e.g., `login`, `iCloud`). | |
| 3. Find the {prod} pull secret entry you want to delete. | |
| 4. Right-click the entry and select `Delete`. | |
| 5. Confirm the deletion when prompted. | |
| . Open `Keychain Access` from the `Applications` > `Utilities` folder. | |
| . Select the keychain where the credential is stored (e.g., `login`, `iCloud`). | |
| . Find the {prod} pull secret entry you want to delete. | |
| . Right-click the entry and select `Delete`. | |
| . Confirm the deletion when prompted. | |
rohanKanojia
force-pushed
the
pr/issue2572
branch
from
cf78d15 to
07ed515
Compare
themr0c
reviewed
Jan 23, 2025
|
|
||
| . To pull the virtual machine bundle. | ||
| . To pull {ocp} container images from the Red Hat registry. | ||
|
|
There was a problem hiding this comment.
Suggested change
| {prod} searches for an existing pull secret in these locations, by order of precedence: | |
| . `--pull-secret-file` CLI argument value. | |
| . `pull-secret-file` configuration option. | |
| . Your Operating System Credential Manager. | |
themr0c
reviewed
Jan 23, 2025
modules/ROOT/pages/using.adoc
Outdated
Comment on lines
107
to
110
| You need to download it from the Pull Secret section of the link:https://console.redhat.com/openshift/create/local[{prod} page on the {rh} Hybrid Cloud Console]. | ||
|
|
||
| Once you provide this pull secret, it gets stored in Operating System's credential manager so that {prod} doesn't ask for pull secret again in case you delete existing cluster and create | ||
| a new one. |
There was a problem hiding this comment.
Suggestion: usual Prerequisites / Procedure anchors. Deliver information in logical order. Explain the alternatives in TIP admonitions. Hopefully I am not introducing too many tech mistakes here:
Suggested change
| You need to download it from the Pull Secret section of the link:https://console.redhat.com/openshift/create/local[{prod} page on the {rh} Hybrid Cloud Console]. | |
| Once you provide this pull secret, it gets stored in Operating System's credential manager so that {prod} doesn't ask for pull secret again in case you delete existing cluster and create | |
| a new one. | |
| === Providing your pull secret to {prod} | |
| .Prerequisites | |
| . Download your pull secret from the Pull Secret section of the link:https://console.redhat.com/openshift/create/local[{prod} page on the {rh} Hybrid Cloud Console] to _<your_pull_secret_file>_ location. | |
| .Procedure | |
| * Enter your pull secret value when {prod} prompts you to provide your pull secret. | |
| {prod} stores the pull secret in the Operating System's credential manager so that {prod} doesn't ask for pull secret again in case you delete existing cluster and create a new one. | |
| + | |
| [subs="+attributes,+quotes"] | |
| ---- | |
| $ {bin} start | |
| ... | |
| ? Please enter the pull secret | |
| ---- | |
| + | |
| [TIP] | |
| ==== | |
| Alternatively, specify your pull secret file location by using the `--pull-secret-file` CLI argument. | |
| [subs="+attributes,+quotes"] | |
| ---- | |
| $ {bin} start --pull-secret-file=_<your_pull_secret_file>_ | |
| ---- | |
| ==== | |
| + | |
| [TIP] | |
| ==== | |
| Alternatively, specify your pull secret file location by setting the `pull-secret-file` configuration. | |
| [subs="+attributes,+quotes"] | |
| ---- | |
| $ {bin} config set pull-secret-file _<your_pull_secret_file>_ | |
| $ {bin} start | |
| ---- | |
| ==== | |
There was a problem hiding this comment.
Just tested and updated: the prompt requires the json content, not the file location.
There was a problem hiding this comment.
Thanks a lot for the suggestion! Sorry for the informal style of writing. I learned something new :-)
Add steps for Windows, Linux (GNOME) and MacOS to instruct user on how to remove the CRC pull secret from credential managers on abovementioned Operating Systems. Signed-off-by: Rohan Kumar <[email protected]>
rohanKanojia
force-pushed
the
pr/issue2572
branch
from
07ed515 to
311a07a
Compare
The 'official' documentation needs to see more scrutiny. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
Fix crc-org/crc#2572
Add steps for Windows, Linux (GNOME), and MacOS to instruct users on removing the CRC pull secret from credential managers on the abovementioned Operating Systems.
I've tested these steps on:
For MacOS I got help from Anjan who verified steps there.