From 2b8143cb8ddad84fa5a4dd29e064ff722b7ce73c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=A1n=20Lieskovsk=C3=BD?= Date: Mon, 23 Apr 2018 21:10:37 +0200 Subject: [PATCH] Fix issue with improper rendering of xreferences (#371) Signed-off-by: Jan Lieskovsky --- .../advanced_concepts/advanced_concepts.adoc | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/openshift/content/advanced_concepts/advanced_concepts.adoc b/openshift/content/advanced_concepts/advanced_concepts.adoc index cd92c834a4..85713af90b 100644 --- a/openshift/content/advanced_concepts/advanced_concepts.adoc +++ b/openshift/content/advanced_concepts/advanced_concepts.adoc @@ -21,9 +21,9 @@ $ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default The RH-SSO application templates using xref:../introduction/introduction.adoc#passthrough-templates[passthrough TLS termination] require: -* An xref:#create-https-keystore[HTTPS keystore] used for encryption of https traffic, -* The xref:#create-jgroups-keystore[JGroups keystore] used for encryption of JGroups communications between nodes in the cluster, and -* xref:#create-server-truststore[RH-SSO server truststore] used for securing the RH-SSO requests +* An xref:create-https-keystore[HTTPS keystore] used for encryption of https traffic, +* The xref:create-jgroups-keystore[JGroups keystore] used for encryption of JGroups communications between nodes in the cluster, and +* xref:create-server-truststore[RH-SSO server truststore] used for securing the RH-SSO requests the {xpaasproduct-shortname} image to be deployed properly. @@ -45,7 +45,7 @@ See the https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Applicati *_Create the HTTPS keystore:_* [[generate-ca-certificate]] -.. Generate a CA certificate. Pick and remember the password. Provide identical password, when xref:#signing-csr-with-ca-certificate[signing the certificate sign request with the CA certificate] below: +.. Generate a CA certificate. Pick and remember the password. Provide identical password, when xref:signing-csr-with-ca-certificate[signing the certificate sign request with the CA certificate] below: + [subs="verbatim,macros"] ---- @@ -64,7 +64,7 @@ $ keytool -certreq -keyalg rsa -alias jboss -keystore keystore.jks -file sso.csr [[signing-csr-with-ca-certificate]] [start=4] -.. Sign the certificate sign request with the CA certificate. Provide the same password that was used to xref:#generate-ca-certificate[generate the CA certificate]: +.. Sign the certificate sign request with the CA certificate. Provide the same password that was used to xref:generate-ca-certificate[generate the CA certificate]: + ---- $ openssl x509 -req -CA xpaas.crt -CAkey xpaas.key -in sso.csr -out sso.crt -days 365 -CAcreateserial @@ -103,7 +103,7 @@ $ keytool -import -file xpaas.crt -alias xpaas.ca -keystore truststore.jks OpenShift uses objects called link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html[secrets] to hold sensitive information, such as passwords or keystores. -. Create the secrets for the HTTPS and JGroups keystores, and RH-SSO server truststore, generated in the xref:#Configuring-Keystores[previous section]. +. Create the secrets for the HTTPS and JGroups keystores, and RH-SSO server truststore, generated in the xref:Configuring-Keystores[previous section]. + ---- $ oc secret new sso-app-secret keystore.jks jgroups.jceks truststore.jks @@ -116,15 +116,15 @@ $ oc secrets link default sso-app-secret ==== Deploying the Chosen RH-SSO Passthrough TLS Template via OpenShift CLI -After the aforementioned xref:#Configuring-Keystores[keystores] and xref:#Configuring-Secrets[secrets] are created, deploy some of the available xref:../introduction/introduction.adoc#passthrough-templates[passthrough TLS termination] as follows: +After the aforementioned xref:Configuring-Keystores[keystores] and xref:Configuring-Secrets[secrets] are created, deploy some of the available xref:../introduction/introduction.adoc#passthrough-templates[passthrough TLS termination] as follows: [WARNING] ==== -For simplicity, the values of *_SSO_ADMIN_USERNAME_*, *_SSO_ADMIN_PASSWORD_*, *_HTTPS_PASSWORD_*, *_JGROUPS_ENCRYPT_PASSWORD_*, and *_SSO_TRUSTSTORE_PASSWORD_* variables xref:#advanced-topics-deploy-sso72-https-template[in the following command] have been chosen to match the default values of the respective parameters of the *_sso72-https_* RH-SSO application template. +For simplicity, the values of *_SSO_ADMIN_USERNAME_*, *_SSO_ADMIN_PASSWORD_*, *_HTTPS_PASSWORD_*, *_JGROUPS_ENCRYPT_PASSWORD_*, and *_SSO_TRUSTSTORE_PASSWORD_* variables xref:advanced-topics-deploy-sso72-https-template[in the following command] have been chosen to match the default values of the respective parameters of the *_sso72-https_* RH-SSO application template. For production environments, Red Hat recommends that you consult the on-site policy, specific to your organization for guidance on how to generate sufficiently strong user name and password for the administrator user account of the RH-SSO server, and passwords for the HTTPS and JGroups keystores, and the truststore of the RH-SSO server. -Be aware that *the passwords provided when provisioning the template need to match the passwords provided when creating the keystores*. If using different username and passwords, modify the values of respective xref:#advanced-topics-deploy-sso72-https-template[template parameters] as appropriate for your environment. +Be aware that *the passwords provided when provisioning the template need to match the passwords provided when creating the keystores*. If using different username and passwords, modify the values of respective xref:advanced-topics-deploy-sso72-https-template[template parameters] as appropriate for your environment. ==== [NOTE]