Merge pull request #70201 from stevsmit/OCPBUGS-23961

Updates various commands for IR docs

Author: stevsmit

modules/images-configuration-allowed.adoc

@@ -64,19 +64,48 @@ The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster
 ifndef::openshift-rosa,openshift-dedicated[]
 .Verification
 
-* To check that the registries have been added to the policy file, use the following command on a node:
+* Enter the following command to obtain a list of your nodes:
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/policy.json
+$ oc get nodes
+----
++
+Example output
++
+[source,terminal]
+----
+NAME               STATUS   ROLES                  AGE   VERSION
+<node_name>        Ready    control-plane,master   37m   v1.27.8+4fab27b
+----
+
+. Run the following command to enter debug mode on the node:
++
+[source,terminal]
+----
+$ oc debug node/<node_name> 
+----
+
+. When prompted, enter `chroot/host` into the terminal:
++
+[source,terminal]
+----
+sh-4.4# chroot/host
+----
+
+. Enter the following command to check that the registries have been added to the policy file:
++
+[source,terminal]
+----
+sh-5.1# cat /etc/containers/policy.json | jq '.'
 ----
 +
 The following policy indicates that only images from the example.com, quay.io, and registry.redhat.io registries are permitted for image pulls and pushes:
 +
 .Example image signature policy file
 [%collapsible]
 ====
-[source,terminal]
+[source,text]
 ----
 {
    "default":[
@@ -168,7 +197,7 @@ If your cluster uses the `registrySources.insecureRegistries` parameter, ensure
 
 For example:
 
-[source,yml]
+[source,yaml]
 ----
 spec:
   registrySources:

modules/images-configuration-blocked.adoc

@@ -61,18 +61,46 @@ The Machine Config Operator (MCO) watches the `image.config.openshift.io/cluster
 ifndef::openshift-rosa,openshift-dedicated[]
 .Verification
 
-* To check that the registries have been added to the policy file, use the following command on a node:
-// cannot create resource "namespaces"
+* Enter the following command to obtain a list of your nodes:
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/registries.conf
+$ oc get nodes
+----
++
+Example output
++
+[source,terminal]
+----
+NAME                STATUS   ROLES                  AGE   VERSION
+<node_name>         Ready    control-plane,master   37m   v1.27.8+4fab27b
+----
+
+. Run the following command to enter debug mode on the node:
++
+[source,terminal]
+----
+$ oc debug node/<node_name> 
+----
+
+. When prompted, enter `chroot/host` into the terminal:
++
+[source,terminal]
+----
+sh-4.4# chroot/host
+----
+
+. Enter the following command to check that the registries have been added to the policy file:
++
+[source,terminal]
+----
+sh-5.1# cat etc/containers/registries.conf
 ----
 +
 The following example indicates that images from the `untrusted.com` registry are prevented for image pulls and pushes:
 +
 .Example output
-[source,terminal]
+[source,text]
 ----
 unqualified-search-registries = ["registry.access.redhat.com", "docker.io"]
 

modules/images-configuration-shortname.adoc

@@ -93,16 +93,45 @@ When the `allowedRegistries` parameter is defined, all registries, including the
 ifndef::openshift-rosa,openshift-dedicated[]
 .Verification
 
-* To check that the registries have been added, when a node returns to the `Ready` state, use the following command on the node:
+* Enter the following command to obtain a list of your nodes:
 +
 [source,terminal]
 ----
-$ cat /host/etc/containers/registries.conf.d/01-image-searchRegistries.conf
+$ oc get nodes
 ----
 +
-.Example output
+Example output
++
 [source,terminal]
 ----
+NAME                STATUS   ROLES                  AGE   VERSION
+<node_name>         Ready    control-plane,master   37m   v1.27.8+4fab27b
+----
+
+. Run the following command to enter debug mode on the node:
++
+[source,terminal]
+----
+$ oc debug node/<node_name> 
+----
+
+. When prompted, enter `chroot/host` into the terminal:
++
+[source,terminal]
+----
+sh-4.4# chroot/host
+----
+
+. Enter the following command to check that the registries have been added to the policy file:
++
+[source,terminal]
+----
+sh-5.1# cat /etc/containers/registries.conf.d/01-image-searchRegistries.conf 
+----
++
+.Example output
+[source,text]
+----
 unqualified-search-registries = ['reg1.io', 'reg2.io', 'reg3.io']
 ----
 endif::openshift-rosa,openshift-dedicated[]