Fix issue with improper rendering of xreferences (#371)
Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
This commit is contained in:
Ján Lieskovský
Stian Thorgersen
parent
3892ca58eb
commit
2b8143cb8d
1 changed files with 9 additions and 9 deletions
|
|
@ -21,9 +21,9 @@ $ oc policy add-role-to-user view system:serviceaccount:$(oc project -q):default
|
|||
|
||||
The RH-SSO application templates using xref:../introduction/introduction.adoc#passthrough-templates[passthrough TLS termination] require:
|
||||
|
||||
* An xref:#create-https-keystore[HTTPS keystore] used for encryption of https traffic,
|
||||
* The xref:#create-jgroups-keystore[JGroups keystore] used for encryption of JGroups communications between nodes in the cluster, and
|
||||
* xref:#create-server-truststore[RH-SSO server truststore] used for securing the RH-SSO requests
|
||||
* An xref:create-https-keystore[HTTPS keystore] used for encryption of https traffic,
|
||||
* The xref:create-jgroups-keystore[JGroups keystore] used for encryption of JGroups communications between nodes in the cluster, and
|
||||
* xref:create-server-truststore[RH-SSO server truststore] used for securing the RH-SSO requests
|
||||
|
||||
the {xpaasproduct-shortname} image to be deployed properly.
|
||||
|
||||
|
|
@ -45,7 +45,7 @@ See the https://access.redhat.com/documentation/en-US/JBoss_Enterprise_Applicati
|
|||
*_Create the HTTPS keystore:_*
|
||||
|
||||
[[generate-ca-certificate]]
|
||||
.. Generate a CA certificate. Pick and remember the password. Provide identical password, when xref:#signing-csr-with-ca-certificate[signing the certificate sign request with the CA certificate] below:
|
||||
.. Generate a CA certificate. Pick and remember the password. Provide identical password, when xref:signing-csr-with-ca-certificate[signing the certificate sign request with the CA certificate] below:
|
||||
+
|
||||
[subs="verbatim,macros"]
|
||||
----
|
||||
|
|
@ -64,7 +64,7 @@ $ keytool -certreq -keyalg rsa -alias jboss -keystore keystore.jks -file sso.csr
|
|||
|
||||
[[signing-csr-with-ca-certificate]]
|
||||
[start=4]
|
||||
.. Sign the certificate sign request with the CA certificate. Provide the same password that was used to xref:#generate-ca-certificate[generate the CA certificate]:
|
||||
.. Sign the certificate sign request with the CA certificate. Provide the same password that was used to xref:generate-ca-certificate[generate the CA certificate]:
|
||||
+
|
||||
----
|
||||
$ openssl x509 -req -CA xpaas.crt -CAkey xpaas.key -in sso.csr -out sso.crt -days 365 -CAcreateserial
|
||||
|
|
@ -103,7 +103,7 @@ $ keytool -import -file xpaas.crt -alias xpaas.ca -keystore truststore.jks
|
|||
|
||||
OpenShift uses objects called link:https://docs.openshift.com/container-platform/latest/dev_guide/secrets.html[secrets] to hold sensitive information, such as passwords or keystores.
|
||||
|
||||
. Create the secrets for the HTTPS and JGroups keystores, and RH-SSO server truststore, generated in the xref:#Configuring-Keystores[previous section].
|
||||
. Create the secrets for the HTTPS and JGroups keystores, and RH-SSO server truststore, generated in the xref:Configuring-Keystores[previous section].
|
||||
+
|
||||
----
|
||||
$ oc secret new sso-app-secret keystore.jks jgroups.jceks truststore.jks
|
||||
|
|
@ -116,15 +116,15 @@ $ oc secrets link default sso-app-secret
|
|||
|
||||
==== Deploying the Chosen RH-SSO Passthrough TLS Template via OpenShift CLI
|
||||
|
||||
After the aforementioned xref:#Configuring-Keystores[keystores] and xref:#Configuring-Secrets[secrets] are created, deploy some of the available xref:../introduction/introduction.adoc#passthrough-templates[passthrough TLS termination] as follows:
|
||||
After the aforementioned xref:Configuring-Keystores[keystores] and xref:Configuring-Secrets[secrets] are created, deploy some of the available xref:../introduction/introduction.adoc#passthrough-templates[passthrough TLS termination] as follows:
|
||||
|
||||
[WARNING]
|
||||
====
|
||||
For simplicity, the values of *_SSO_ADMIN_USERNAME_*, *_SSO_ADMIN_PASSWORD_*, *_HTTPS_PASSWORD_*, *_JGROUPS_ENCRYPT_PASSWORD_*, and *_SSO_TRUSTSTORE_PASSWORD_* variables xref:#advanced-topics-deploy-sso72-https-template[in the following command] have been chosen to match the default values of the respective parameters of the *_sso72-https_* RH-SSO application template.
|
||||
For simplicity, the values of *_SSO_ADMIN_USERNAME_*, *_SSO_ADMIN_PASSWORD_*, *_HTTPS_PASSWORD_*, *_JGROUPS_ENCRYPT_PASSWORD_*, and *_SSO_TRUSTSTORE_PASSWORD_* variables xref:advanced-topics-deploy-sso72-https-template[in the following command] have been chosen to match the default values of the respective parameters of the *_sso72-https_* RH-SSO application template.
|
||||
|
||||
For production environments, Red Hat recommends that you consult the on-site policy, specific to your organization for guidance on how to generate sufficiently strong user name and password for the administrator user account of the RH-SSO server, and passwords for the HTTPS and JGroups keystores, and the truststore of the RH-SSO server.
|
||||
|
||||
Be aware that *the passwords provided when provisioning the template need to match the passwords provided when creating the keystores*. If using different username and passwords, modify the values of respective xref:#advanced-topics-deploy-sso72-https-template[template parameters] as appropriate for your environment.
|
||||
Be aware that *the passwords provided when provisioning the template need to match the passwords provided when creating the keystores*. If using different username and passwords, modify the values of respective xref:advanced-topics-deploy-sso72-https-template[template parameters] as appropriate for your environment.
|
||||
====
|
||||
|
||||
[NOTE]
|
||||
|
|
|
|||
Loading…
Reference in a new issue