Please fill in the following information:

---

Issue description

Step 2.1 Should use yq (either the original or the new version) to get data.  For instance, here:
oc get OpenStackControlPlane -o yaml | yq r - 'spec.tls'

That is much easier to parse than the whole file.

Same with step 2.2:
oc get OpenStackControlPlane -o yaml | yq r - 'status.tls'

(the new version uses '.spec...' instead of 'spec')

 

Step 3.4 uses some fancy sed commands, but you can do the same sort of thing with head.  I showed this:

 

diff <( head -n 11 internal-ca-bundle.pem ) <( head ca.crt )

That just shows the comment as different, but I'm not sure trimming it further is worth the extra coding.

 

Also, in step 3.4 why are we just testing the first 10 lines?  Why not 24 (which is the entire certificate)?

 

Step 4.1 I highly recommend using the bash shell when you get into the openstackclient pod:

 

oc rsh --shell=/usr/bin/bash openstackclient

 

That will have the bash completion working for all the openstack commands.

 

Step 5.1 should be using yq again.

 

Step 5.2 says we are using openssl s_client, but we show openssl x509.  The substep content should read:

Use the openssl x509 command to verify the expiration date of the certificate.

 

Step 5.2 should use better options.  You don't need to redirect anything in/out.  There are options for the input file.  Why are we showing the subject and issuer anyway?  Why are we using -ext subjectAltName?

If you want to just see the expiration date, use this:

 

openssl x509 -noout -enddate -in ca.crt

 

Step 6.  Why do we always return to the default project?  We always start by going to the openstack project anyway.  I think we should remove this step in every single exercise and lab.  There is no reason for it.