[General] Drop the duplicate 'Creating Administrator Account for {project_name} Server'

paragraph from the 'Get Started' section Keep the copy present in 'Advanced Concept's section, because it is more updated & already present part of the book dedicated to advanced topics (see 7.2 guide for reference) Signed-off-by: Jan Lieskovsky <jlieskov@redhat.com>
2018-12-14 22:11:46 +01:00 · 2018-12-14 22:11:46 +01:00 · 4a09aea087
commit 4a09aea087
parent f743f4633c
3 changed files with 23 additions and 134 deletions
--- a/openshift/topics/advanced_concepts.adoc
+++ b/openshift/topics/advanced_concepts.adoc
@ -262,7 +262,7 @@ and access the {project_name} administrator console at:
 * *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*
 * *\http://sso-sso-app-demo.openshift.example.com/auth/admin*
-using the xref:../advanced_concepts/advanced_concepts.adoc#advanced-concepts-sso-administrator-setup[administrator account].
+using the xref:sso-administrator-setup[administrator account].
 [[advanced-concepts-sso-hostname-spi-setup]]
 === Customizing Hostname for the {project_name} Server
@ -318,10 +318,10 @@ If successful, the previous command will return the following output:
 route "sso" patched
 ----
-[[advanced-concepts-sso-administrator-setup]]
+[[sso-administrator-setup]]
-=== Creating Administrator Account for Red Hat Single Sign-On Server
+=== Creating the Administrator Account for {project_name} Server
-Red Hat Single Sign-On does not provide any pre-configured management account out of the box. This administrator account is necessary for logging into the `master` realm's management console and perform server maintenance operations such as, creating realms or users, or registering applications intended to be secured by Red Hat Single Sign-On.
+{project_name} does not provide any pre-configured management account out of the box. This administrator account is necessary for logging into the `master` realm's management console and perform server maintenance operations such as, creating realms or users, or registering applications intended to be secured by {project_name}.
 The administrator account can be created:
@ -330,13 +330,13 @@ The administrator account can be created:
 [NOTE]
 ====
-Red Hat Single Sign-On allows an initial administrator account to be created via the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html-single/getting_started_guide/#creating_the_admin_account[Welcome Page] web form, but only if the Welcome Page is accessed from localhost; this method of administrator account creation is not applicable for the {project_openshift_product_name} image.
+{project_name} allows an initial administrator account to be created via the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html-single/getting_started_guide/#creating_the_admin_account[Welcome Page] web form, but only if the Welcome Page is accessed from localhost; this method of administrator account creation is not applicable for the {project_openshift_product_name} image.
 ====
-[[advanced-concepts-sso-admin-template-parameters]]
+[[sso-admin-template-parameters]]
-==== Creating {project_name} Administrator Account via Template Parameters
+==== Creating the Administrator Account Using Template Parameters
-When deploying {project_name} application template, *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters denote the username and password of the {project_name} server's administrator account to be created for the `master` realm.
+When deploying {project_name} application template, the *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters denote the username and password of the {project_name} server's administrator account to be created for the `master` realm.
 [NOTE]
 ====
@ -381,8 +381,8 @@ $ oc set env dc/sso \
 ----
 ====
-[[advanced-concepts-sso-admin-remote-shell]]
+[[sso-admin-remote-shell]]
-==== Creating {project_name} Administrator Account via Remote Shell Session to {project_name} Pod
+==== Creating the Administrator Account via Remote Shell Session to {project_name} Pod
 Run following commands to create an administrator account for the `master` realm of the {project_name} server, when deploying the {project_openshift_product_name} image directly from the image stream (without the xref:../introduction/introduction.adoc#sso-templates[template]), after the {project_name} application pod has been started:
@ -407,13 +407,16 @@ sh-4.2$
 [source,bash,subs="attributes+,macros+"]
 ----
 sh-4.2$ cd /opt/eap/bin/
-sh-4.2$ ./add-user-keycloak.sh -r master -u sso_admin -p sso_password
+sh-4.2$ ./add-user-keycloak.sh \
        -r master \
        -u sso_admin \
        -p sso_password
 Added 'sso_admin' to '/opt/eap/standalone/configuration/keycloak-add-user.json', restart server to load user
 ----
 +
 [NOTE]
 ====
-The `sso_admin`/`sso_password` credentials in the example above are for demonstration purposes only. Refer to the password policy applicable within your organization for guidance on how to create a secure user name and password.
+The 'sso_admin' / 'sso_password' credentials in the example above are for demonstration purposes only. Refer to the password policy applicable within your organization for guidance on how to create a secure user name and password.
 ====
 . Restart the underlying JBoss EAP server instance to load the newly added user account. Wait for the server to restart properly.
 +
@ -441,7 +444,7 @@ After the {project_name} web server pod has started, it can be accessed at its c
 * *\http://sso-_<project-name>_._<hostname>_/auth/admin*: for the {project_name} web server, and
 * *\https://secure-sso-_<project-name>_._<hostname>_/auth/admin*: for the encrypted {project_name} web server.
-Use the xref:../advanced_concepts/advanced_concepts.adoc#advanced-concepts-sso-administrator-setup[administrator user credentials] to log in into the `master` realm’s administration console.
+Use the xref:sso-administrator-setup[administrator user credentials] to log in into the `master` realm’s administration console.
 [[SSO-Clients]]
 === {project_name} Clients
--- a/openshift/topics/get_started.adoc
+++ b/openshift/topics/get_started.adoc
@ -109,120 +109,6 @@ $ oc secrets link <pass:quotes[_service-account-name_]> <pass:quotes[_sso-ssl-se
 ----
 ////
 [[sso-administrator-setup]]
 ==== Creating Administrator Account for {project_name} Server
 {project_name} does not provide any pre-configured management account out of the box. This administrator account is necessary for logging into the `master` realm's management console and perform server maintenance operations such as, creating realms or users, or registering applications intended to be secured by {project_name}.
 The administrator account can be created:
 * By providing values for the xref:sso-admin-template-parameters[*_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters], when deploying the {project_name} application template, or
 * By xref:sso-admin-remote-shell[a remote shell session to particular {project_name} pod], if the {project_openshift_product_name} image is deployed without an application template.
 [NOTE]
 ====
 {project_name} allows an initial administrator account creation via the link:https://access.redhat.com/documentation/en-us/red_hat_single_sign-on/7.2/html-single/getting_started_guide/#creating_the_admin_account[Welcome Page] web form. But only if the `Welcome Page` is accessed from a localhost, this method of administrator account creation is not applicable for {project_openshift_product_name} image.
 ====
 [[sso-admin-template-parameters]]
 ===== Creating {project_name} Administrator Account via Template Parameters
 When deploying {project_name} application template, *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* parameters denote the username and password of the {project_name} server's administrator account to be created for the `master` realm.
 [NOTE]
 ====
 *Both of these parameters are required.* If not specified, they are auto generated and displayed as an OpenShift instructional message when the template is instantiated.
 ====
 [IMPORTANT]
 ====
 The lifespan of the {project_name} server's administrator account depends upon the the storage type used to store the {project_name} server's database:
 * For an in-memory database mode (*_{project_templates_version}-https_* and *_{project_templates_version}-x509-https_* templates) the account exist throughout the lifecycle of the particular {project_name} pod (stored account data is lost upon pod destruction),
 * For an ephemeral database mode (*_{project_templates_version}-mysql_* and *_{project_templates_version}-postgresql_* templates) the account exist throughout the lifecycle of the database pod (even if {project_name} pod is destructed, the stored account data is preserved under the assumption that the database pod is still running),
 * For persistent database mode (*_{project_templates_version}-mysql-persistent_*, *_{project_templates_version}-x509-mysql-persistent_*, *_{project_templates_version}-postgresql-persistent_*, and *_{project_templates_version}-x509-postgresql-persistent_* templates) the account exists throughout the lifecycle of the persistent medium used to hold the database data. This means that the stored account data is preserved even when both, the {project_name} and the database pods are destructed.
 It is a common practice to deploy an {project_name} application template to get the corresponding OpenShift deployment config for the application, and then reuse that deployment config multiple times (every time a new {project_name} application needs to be instantiated).
 ====
 [WARNING]
 ====
 In the case of *ephemeral or persistent database mode*, after creating the RH_SSO server's administrator account, remove the *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* variables from the deployment config before deploying new {project_name} applications.
 ====
 [IMPORTANT]
 ====
 Run the following commands to prepare the previously created deployment config of the {project_name} application for reuse after the administrator account has been created:
 . Identify the deployment config of the {project_name} application.
 +
 [source,bash,subs="attributes+,macros+"]
 ----
 $ oc get dc -o name
 deploymentconfig/sso
 deploymentconfig/sso-mysql
 ----
 . Clear the *_SSO_ADMIN_USERNAME_* and *_SSO_ADMIN_PASSWORD_* variables setting.
 +
 [source,bash,subs="attributes+,macros+"]
 ----
 $ oc set env dc/sso \
  -e SSO_ADMIN_USERNAME="" \
  -e SSO_ADMIN_PASSWORD=""
 ----
 ====
 [[sso-admin-remote-shell]]
 ===== Creating {project_name} Administrator Account via Remote Shell Session to {project_name} Pod
 Run following commands to create administrator account for the `master` realm of the {project_name} server, when deploying the {project_openshift_product_name} image directly from the image stream (without the xref:../introduction/introduction.adoc#sso-templates[template]), after the {project_name} application pod has been started:
 . Identify the {project_name} application pod.
 +
 [source,bash,subs="attributes+,macros+"]
 ----
 $ oc get pods
 NAME                READY     STATUS    RESTARTS   AGE
 sso-12-pt93n        1/1       Running   0          1m
 sso-mysql-6-d97pf   1/1       Running   0          2m
 ----
 . Open a remote shell session to {project_openshift_product_name} container.
 +
 [source,bash,subs="attributes+,macros+"]
 ----
 $ oc rsh sso-12-pt93n
 sh-4.2$
 ----
 . Create the {project_name} server administrator account for the `master` realm at the command line with the `add-user-keycloak.sh` script.
 +
 [source,bash,subs="attributes+,macros+"]
 ----
 sh-4.2$ cd /opt/eap/bin/
 sh-4.2$ ./add-user-keycloak.sh -r master -u sso_admin -p sso_password
 Added 'sso_admin' to '/opt/eap/standalone/configuration/keycloak-add-user.json', restart server to load user
 ----
 +
 [NOTE]
 ====
 The `sso_admin`/`sso_password` credentials in the example above are for demonstration purposes only. Refer to the password policy applicable within your organization for guidance on how to create a secure user name and password.
 ====
 . Restart the underlying JBoss EAP server instance to load the newly added user account. Wait for the server to restart properly.
 +
 [source,bash,subs="attributes+,macros+"]
 ----
 sh-4.2$ ./jboss-cli.sh --connect ':reload'
 {
    "outcome" => "success",
    "result" => undefined
 }
 ----
 +
 [WARNING]
 ====
 When restarting the server it is important to restart just the JBoss EAP process within the running {project_name} container, and not the whole container. Because restarting the whole container recreates it from scratch, without the {project_name} server administration account for the `master` realm to be created.
 ====
 . Log into the `master` realm's administration console of the {project_name} server using the the credentials created in the steps above. In the browser, navigate to *\http://sso-<project-name>.<hostname>/auth/admin*  for the {project_name} web server, or to *\https://secure-sso-<project-name>.<hostname>/auth/admin* for the encrypted {project_name} web server, and specify user name and password used to create the administrator user.
 ==== Using the OpenShift Web Console
 Log in to the OpenShift web console:
@ -321,7 +207,7 @@ The EAP 6.4 / 7.1 JSP service application requires dedicated {project_name} real
 +
 *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*
 +
-Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the {project_name} administrator user].
+Use the xref:sso-administrator-setup[credentials of the {project_name} administrator user].
 . Hover your cursor over the realm namespace (default is *Master*) at the top of the sidebar and click *Add Realm*.
 . Enter a realm name (this example uses `demo`) and click *Create*.
@ -807,7 +693,7 @@ Perform the following steps to add the `appuser` to the `admin` {project_name} r
 +
 *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*.
 +
-Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the {project_name} administrator user].
+Use the xref:sso-administrator-setup[credentials of the {project_name} administrator user].
 . Click *Users* in the *Manage* sidebar to view the user information for the `demo` realm.
 . Click *View all users* button.
 . Click the ID link for the *appuser* or alternatively click the *Edit* button in the *Actions* column.
--- a/openshift/topics/tutorials.adoc
+++ b/openshift/topics/tutorials.adoc
@ -39,7 +39,7 @@ The EAP 6.4 / 7.1 JSP service application requires dedicated {project_name} real
 +
 *\https://secure-sso-sso-app-demo.openshift.example.com/auth/admin*
 +
-Use the xref:sso_server.adoc#sso-administrator-setup[credentials of the {project_name} administrator user].
+Use the xref:sso-administrator-setup[credentials of the {project_name} administrator user].
 . Hover your cursor over the realm namespace (default is *Master*) at the top of the sidebar and click *Add Realm*.
 . Enter a realm name (this example uses `demo`) and click *Create*.
@ -608,7 +608,7 @@ When the *_SSO_REALM_* configuration variable is set on the {project_openshift_p
 +
 . Click *Create* to deploy the application template and start pod deployment. This may take a couple of minutes.
 +
-Then access the {project_name} web console at *$$https://secure-sso-$$_<sso-app-demo>_._<openshift32.example.com>_/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account].
+Then access the {project_name} web console at *$$https://secure-sso-$$_<sso-app-demo>_._<openshift32.example.com>_/auth/admin* using the xref:sso-administrator-setup[administrator account].
 +
 [NOTE]
 ====
@ -737,7 +737,7 @@ Configure OpenShift to use the {project_name} deployment as the authorization ga
 This example adds {project_name} as an authentication method alongside the HTPasswd method configured in the https://access.redhat.com/documentation/en/red-hat-xpaas/0/single/openshift-primer/#understand_roles_and_authentication[OpenShift Primer]. Once configured, both methods will be available for user login to your OpenShift web console.
 ==== Configuring {project_name} Credentials
-Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_sso-app-demo_._openshift32.example.com_/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account] created during the {project_name} deployment.
+Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_sso-app-demo_._openshift32.example.com_/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment.
 *Create a Realm*
@ -901,7 +901,7 @@ $ oc secrets link default eap-ssl-secret eap-jgroup-secret
 ----
 ==== Preparing the {project_name} Credentials
-Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_<project-name>_._<hostname>_/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account] created during the {project_name} deployment.
+Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_<project-name>_._<hostname>_/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment.
 *Create a Realm*
@ -1019,7 +1019,7 @@ This example uses a SAML client but an OpenID-Connect client could also be used.
 ====
 ==== Preparing the {project_name} Credentials
-Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_<project-name>_._<hostname>_/auth/admin* using the xref:../advanced_concepts/advanced_concepts.adoc#sso-administrator-setup[administrator account] created during the {project_name} deployment.
+Log in to the encrypted {project_name} web server at *$$https://secure-sso-$$_<project-name>_._<hostname>_/auth/admin* using the xref:sso-administrator-setup[administrator account] created during the {project_name} deployment.
 *Create a Realm*