Uploaded image for project: 'Red Hat OpenStack Services on OpenShift'
  1. Red Hat OpenStack Services on OpenShift
  2. OSPRH-19131

Documentation feedback: Chapter 3 Migrating TLS-e to the RHOSO deployment reveiw

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Normal Normal
    • rhos-18.0.z
    • rhos-18.0.10 FR 3
    • documentation
    • None
    • 2
    • False
    • Hide

      None

      Show
      None
    • False
    • ?
    • rhos-ops-platform-services-security
    • None
    • Low

      https://docs.redhat.com/en/documentation/red_hat_openstack_services_on_openshift/18.0/html/adopting_a_red_hat_openstack_platform_director_operator_environment/migrating-tls-everywhere_configuring-network

      IPA_SSH is defined twice in the documentation, one for ssh to a freeipa server, the other if you are using a container. 
      But the order does not make sense, 

      IPA_SSH="podman exec -ti freeipa-server"

      is set after trying to locate the CA certificate and key. 

      It would make more sense to move the up to Prerequisites. 

      Step 1 

      IPA_SSH certutil -L -d /etc/pki/pki-tomcat/alias

      Should be 

      $IPA_SSH certutil -L -d /etc/pki/pki-tomcat/alias

      In the Prerequisites we say log into the freeipa server as root, but this not something that would normally be recommended. 

      It would probably be better to do something like this.

      IPA_SSH="ssh -i <path_to_ssh_key> <admin user>@<freeipa-server-ip-address> sudo"

              kgilliga@redhat.com Katie Gilligan
              rhn-support-dsedgmen David Sedgmen
              rhos-dfg-security
              Votes:
              0 Vote for this issue
              Watchers:
              5 Start watching this issue

                Created:
                Updated:
                Resolved: