openshift · kalexand-rh · Oct 8, 2019 · Oct 4, 2019
diff --git a/_topic_map.yml b/_topic_map.yml
@@ -88,11 +88,6 @@ Topics:
     File: installing-aws-network-customizations
   - Name: Uninstalling a cluster on AWS
     File: uninstalling-cluster-aws
-- Name: Installing on user-provisioned AWS
-  Dir: installing_aws_user_infra
-  Topics:
-  - Name: Installing a cluster on AWS using CloudFormation templates
-    File: installing-aws-user-infra
 - Name: Installing on Azure
   Dir: installing_azure
   Topics:
@@ -115,19 +110,11 @@ Topics:
     File: installing-gcp-customizations
   - Name: Uninstalling a cluster on GCP
     File: uninstalling-cluster-gcp
-- Name: Installing in restricted networks
-  Dir: installing_restricted_networks
+- Name: Installing on user-provisioned AWS
+  Dir: installing_aws_user_infra
   Topics:
-  - Name: Creating a mirror registry for a restricted network
-    File: installing-restricted-networks-preparations
-  - Name: Restricted network AWS installation
-    File: installing-restricted-networks-aws
-  - Name: Restricted network bare metal installation
-    File: installing-restricted-networks-bare-metal
-#  - Name: Restricted network  GCP installation
-#    File: installing-restricted-networks-GCP
-  - Name: Restricted network vSphere installation
-    File: installing-restricted-networks-vsphere
+  - Name: Installing a cluster on AWS using CloudFormation templates
+    File: installing-aws-user-infra
 - Name: Installing on bare metal
   Dir: installing_bare_metal
   Topics:
@@ -151,6 +138,19 @@ Topics:
   Topics:
   - Name: Installing a cluster on vSphere
     File: installing-vsphere
+- Name: Installing in restricted networks
+  Dir: installing_restricted_networks
+  Topics:
+  - Name: Creating a mirror registry for a restricted network
+    File: installing-restricted-networks-preparations
+  - Name: Restricted network AWS installation
+    File: installing-restricted-networks-aws
+  - Name: Restricted network bare metal installation
+    File: installing-restricted-networks-bare-metal
+#  - Name: Restricted network  GCP installation
+#    File: installing-restricted-networks-GCP
+  - Name: Restricted network vSphere installation
+    File: installing-restricted-networks-vsphere
 - Name: Gathering installation logs
   File: installing-gather-logs
 - Name: Installation configuration

diff --git a/...installing_restricted_networks/installing-restricted-networks-preparations.adoc b/...installing_restricted_networks/installing-restricted-networks-preparations.adoc
@@ -5,8 +5,7 @@ include::modules/common-attributes.adoc[]
 
 toc::[]
 
-Before you install a cluster on infrastructure that you provision in a
-restricted network, you must create a mirror registry.
+Before you install a cluster on infrastructure that you provision in a restricted network, you must create a mirror registry. Installations on a restricted network are supported on only infrastructure that you provision, not infrastructure that the installer provisions.
 
 [IMPORTANT]
 ====

diff --git a/modules/installation-creating-mirror-registry.adoc b/modules/installation-creating-mirror-registry.adoc
@@ -41,13 +41,12 @@ endif::restricted[]
 . Install the required packages:
 +
 ----
-# yum -y install podman httpd httpd-tools jq
+# yum -y install podman httpd-tools
 ----
 +
 The `podman` package provides the container package that you run the registry
-in. The `httpd` and `httpd-tools` packages provide the `htpasswd` utility, which
-you use to create users. The `jq` package improves the display of JSON output
-on your command line.
+in. The `httpd-tools` package provides the `htpasswd` utility, which
+you use to create users.
 
 . Create folders for the registry:
 +
@@ -92,7 +91,7 @@ OpenSSL documentation.
 . Create the `mirror-registry` container to host your registry:
 +
 ----
-# podman run --name mirror-registry -p 5000:<local_registry_host_port> \ <1>
+# podman run --name mirror-registry -p <local_registry_host_port>:5000 \ <1>
      -v /opt/registry/data:/var/lib/registry:z \
      -v /opt/registry/auth:/auth:z \
      -e "REGISTRY_AUTH=htpasswd" \

diff --git a/modules/installation-generate-aws-user-infra-install-config.adoc b/modules/installation-generate-aws-user-infra-install-config.adoc
@@ -85,18 +85,15 @@ For `bastion_host_name`, specify the registry domain name
 that you specified in the certificate for your mirror registry, and for
 `<credentials>`, specify the base64-encoded user name and password for
 your mirror registry.
-.. Add the `additionalTrustBundle` parameter and value:
+.. Add the `additionalTrustBundle` parameter and value. The value must be the contents of the certificate file that you used for your mirror registry, which can be an exiting, trusted certificate authority or the self-signed certificate that you generated for the mirror registry.
 +
 ----
 additionalTrustBundle: |
   -----BEGIN CERTIFICATE-----
   ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ
   -----END CERTIFICATE-----
 ----
-+
-Provide the contents of the certificate file that you used for your mirror
-registry.
-.. Update image content resources:
+.. Add the image content resources:
 +
 ----
 imageContentSources:

diff --git a/modules/installation-local-registry-pull-secret.adoc b/modules/installation-local-registry-pull-secret.adoc
@@ -10,25 +10,26 @@ the information for your registry.
 
 .Prerequisites
 
-* You configured a mirror registry to use in your restricted network.
+* You configured a mirror registry to use in your restricted network and have its domain name and port as well as credentials for it.
 
 .Procedure
 
-* On the bastion host, create a new pull secret for your registry that is in
-JSON format:
+. On the bastion host, generate the pull secret for your registry:
 +
 ----
-{
-  "auths": {
-    "<local_registry_host_name>:<local_registry_host_port>": { <1>
-      "auth": "<credentials>", <2>
-      "email": "[email protected]"
-    }
-  }
-}
+$ podman login --authfile ~/pullsecret_config.json <local_registry_host_name>:<local_registry_host_port> <1>
+----
+<1> For `<local_registry_host_name>`, specify the registry domain name
+for your mirror registry, such as `registry.example.com`. For
+`<local_registry_host_port>`, specify the port that your mirror registry uses to
+serve content.
++
+Provide your credentials for the mirror registry at the prompts.
+
+. View the pull secret that you created:
++
+----
+# cat ~/pullsecret_config.json
+
+{ "auths": { "<local_registry_host_name>:<local_registry_host_port>": { "auth": "ZHVtbXk6ZHVtbXk=" } } }
 ----
-<1> For `bastion_host_name`, specify the registry domain name
-that you specified in your certificate, and for `<local_registry_host_port>`,
-specify the port that your mirror registry uses to serve content.
-<2> For `<credentials>`, specify the base64-encoded user name and password for
-the mirror registry that you generated.