Cherry Picked 788ed2c from PR24276

modules/registry-configuring-storage-baremetal.adoc

@@ -4,46 +4,20 @@
 // * installing/installing_bare_metal/installing-restricted-networks-bare-metal.adoc
 // * registry/configuring_registry_storage-baremetal
 // * installing/installing_ibm_z/installing-ibm-z.adoc
-// * cnv/cnv_virtual_machines/cnv_importing_vms/cnv-importing-vmware-vm.adoc
-
-ifeval::["{context}" == "installing-ibm-z"]
-:ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
-:ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-ibm-power"]
-:ibm-power:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
-:ibm-power:
-endif::[]
+// * virt/virtual_machines/importing_vms/virt-importing-vmware-vm.adoc
 
 [id="registry-configuring-storage-baremetal_{context}"]
-ifndef::ibm-z,ibm-power[]
 = Configuring registry storage for bare metal
-endif::ibm-z,ibm-power[]
-ifdef::ibm-z[]
-= Configuring registry storage for IBM Z
-endif::ibm-z[]
-ifdef::ibm-power[]
-= Configuring registry storage for IBM Power
-endif::ibm-power[]
 
 As a cluster administrator, following installation you must configure your
 registry to use storage.
 
 .Prerequisites
 
 * Cluster administrator permissions.
-* A cluster on
-ifndef::ibm-z,ibm-power[bare metal.]
-ifdef::ibm-z[IBM Z.]
-ifdef::ibm-power[IBM Power.]
-* Provision persistent storage for your cluster, such as
-ifndef::ibm-z[Red Hat OpenShift Container Storage.]
-ifdef::ibm-z[NFS.]
-To deploy a private image registry, your storage must provide
+* A cluster on bare metal.
+* Provision persistent storage
+for your cluster, such as Red Hat OpenShift Container Storage. To deploy a private image registry, your storage must provide
 ReadWriteMany access mode.
 * Must have "100Gi" capacity.
 
@@ -52,6 +26,11 @@ ReadWriteMany access mode.
 . To configure your registry to use storage, change the `spec.storage.pvc` in
 the `configs.imageregistry/cluster` resource.
 +
+[NOTE]
+====
+When using shared storage such as NFS, it is strongly recommended to use the `supplementalGroups` strategy, which dictates the allowable supplemental groups for the Security Context, rather than the `fsGroup` ID. Refer to the NFS *Group IDs* documentation for details.
+====
+
 . Verify you do not have a registry Pod:
 +
 ----
@@ -60,13 +39,14 @@ $ oc get pod -n openshift-image-registry
 +
 [NOTE]
 =====
-If the storage type is `emptyDIR`, the replica number cannot be greater than `1`.
-If the storage type is `NFS`, and you want to scale up the registry Pod by setting
-`replica>1` you must enable the `no_wdelay` mount option. For example:
-
+* If the storage type is `emptyDIR`, the replica number cannot be greater than `1`.
+* If the storage type is `NFS`, you must enable the `no_wdelay` and `root_squash` mount options. For example:
++
 ----
 # cat /etc/exports
-/var/nfsshare *(rw,sync,no_root_squash)
+/mnt/data *(rw,sync,no_wdelay,root_squash,insecure,fsid=0)
+sh-4.2# exportfs -rv
+exporting *:/mnt/data
 ----
 =====
 +
@@ -88,16 +68,3 @@ Leave the `claim` field blank to allow the automatic creation of an
 ----
 $ oc get clusteroperator image-registry
 ----
-
-ifeval::["{context}" == "installing-ibm-z"]
-:!ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-z"]
-:!ibm-z:
-endif::[]
-ifeval::["{context}" == "installing-ibm-power"]
-:!ibm-power:
-endif::[]
-ifeval::["{context}" == "installing-restricted-networks-ibm-power"]
-:!ibm-power:
-endif::[]

modules/registry-configuring-storage-vsphere.adoc

@@ -2,7 +2,10 @@
 //
 // * installing/installing_vsphere/installing-restricted-networks-vsphere.adoc
 // * installing/installing_vsphere/installing-vsphere.adoc
-// * registry/configuring_registry_storage-vsphere.adoc
+// * installing/installing_vsphere/installing-vsphere-installer-provisioned.adoc
+// * installing/installing_vsphere/installing-vsphere-installer-provisioned-network-customizations.adoc
+// * installing/installing_vsphere/installing-vsphere-installer-provisioned-customizations.adoc
+// * registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc
 
 [id="registry-configuring-storage-vsphere_{context}"]
 = Configuring registry storage for VMware vSphere
@@ -31,6 +34,11 @@ a different storage backend, such as `NFS`, to configure the registry storage.
 . To configure your registry to use storage, change the `spec.storage.pvc` in the
 `configs.imageregistry/cluster` resource.
 +
+[NOTE]
+====
+When using shared storage such as NFS, it is strongly recommended to use the `supplementalGroups` strategy, which dictates the allowable supplemental groups for the Security Context, rather than the `fsGroup` ID. Refer to the NFS *Group IDs* documentation for details.
+====
+
 . Verify you do not have a registry Pod:
 +
 ----
@@ -39,13 +47,12 @@ $ oc get pod -n openshift-image-registry
 +
 [NOTE]
 =====
-If the storage type is `emptyDIR`, the replica number cannot be greater than `1`.
-If the storage type is `NFS`, and you want to scale up the registry Pod by setting
-`replica>1` you must enable the `no_wdelay` mount option. For example:
-
+* If the storage type is `emptyDIR`, the replica number cannot be greater than `1`.
+* If the storage type is `NFS`, you must enable the `no_wdelay` and `root_squash` mount options. For example:
++
 ----
 # cat /etc/exports
-/mnt/data *(rw,sync,no_wdelay,no_root_squash,insecure,fsid=0)
+/mnt/data *(rw,sync,no_wdelay,root_squash,insecure,fsid=0)
 sh-4.2# exportfs -rv
 exporting *:/mnt/data
 ----

modules/storage-persistent-storage-nfs-group-ids.adoc

@@ -1,7 +1,9 @@
 // Module included in the following assemblies:
 //
 // * storage/persistent_storage/persistent-storage-nfs.adoc
+// * storage/registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc
 
+[id=storage-persistent-storage-nfs-group-ids_{context}]
 = Group IDs
 
 The recommended way to handle NFS access, assuming it is not an option to
@@ -13,8 +15,7 @@ Pod's `securityContext`.
 
 [NOTE]
 ====
-It is generally preferable to use supplemental group IDs to gain access to
-persistent storage versus using user IDs.
+To gain access to persistent storage, it is generally preferable to use supplemental group IDs versus user IDs.
 ====
 
 Because the group ID on the example target NFS directory

registry/configuring_registry_storage/configuring-registry-storage-baremetal.adoc

@@ -12,10 +12,12 @@ include::modules/installation-registry-storage-config.adoc[leveloffset=+1]
 
 include::modules/registry-configuring-storage-baremetal.adoc[leveloffset=+1]
 
+See xref:../../storage/persistent_storage/persistent-storage-nfs.adoc#storage-persistent-storage-nfs-group-ids_persistent-storage-nfs[Group IDs] for additional details about using supplemental groups to handle NFS access.
+
 include::modules/installation-registry-storage-non-production.adoc[leveloffset=+1]
 
 
 [id="configuring-registry-storage-baremetal-addtl-resources"]
 == Additional resources
 
-For more details on configuring registry storage for bare metal, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].
+For more details about configuring registry storage for bare metal, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].

registry/configuring_registry_storage/configuring-registry-storage-vsphere.adoc

@@ -12,6 +12,8 @@ include::modules/installation-registry-storage-config.adoc[leveloffset=+2]
 
 include::modules/registry-configuring-storage-vsphere.adoc[leveloffset=+1]
 
+See xref:../../storage/persistent_storage/persistent-storage-nfs.adoc#storage-persistent-storage-nfs-group-ids_persistent-storage-nfs[Group IDs] for additional details about using supplemental groups to handle NFS access.
+
 include::modules/installation-registry-storage-non-production.adoc[leveloffset=+1]
 
 include::modules/installation-registry-storage-block-recreate-rollout.adoc[leveloffset=+1]
@@ -21,4 +23,4 @@ For instructions about configuring registry storage so that it references the co
 [id="configuring-registry-storage-vsphere-addtl-resources"]
 == Additional resources
 
-For more details on configuring registry storage for vSphere, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].
+For more details about configuring registry storage for vSphere, see xref:../../scalability_and_performance/optimizing-storage.adoc#recommended-configurable-storage-technology_persistent-storage[Recommended configurable storage technology].