Spelling and typo fixes
Based on sphinx spellchecker testing/refinement. Signed-off-by: Ron Stone <ronald.stone@windriver.com> Change-Id: Ibfe9b6d7bc8bf044a7fff0ac7e362e4067b17989
This commit is contained in:
parent
0d1d90eb4b
commit
4868e1c226
@ -602,7 +602,7 @@ consult with your sub-project's PL and TL to see if release
|
|||||||
notes are needed, and follow the
|
notes are needed, and follow the
|
||||||
`Release Note
|
`Release Note
|
||||||
<https://docs.starlingx.io/contributor/release_note_contribute_guide.html>`_
|
<https://docs.starlingx.io/contributor/release_note_contribute_guide.html>`_
|
||||||
to contibute your changes to the release notes.
|
to contribute your changes to the release notes.
|
||||||
|
|
||||||
The documentation changes needed for a code change should be
|
The documentation changes needed for a code change should be
|
||||||
included in the planning phase, working with project's docs team as
|
included in the planning phase, working with project's docs team as
|
||||||
|
@ -35,7 +35,7 @@ pci-passthrough interface.
|
|||||||
with an equal or larger |MTU|.
|
with an equal or larger |MTU|.
|
||||||
|
|
||||||
This is not used by the Kubernetes |SRIOV| plugin. In order to
|
This is not used by the Kubernetes |SRIOV| plugin. In order to
|
||||||
address the |MTU| in Kubernetes, the network attached definiition
|
address the |MTU| in Kubernetes, the network attached definition
|
||||||
needs to use the tuning plugin. For more details, see the examples
|
needs to use the tuning plugin. For more details, see the examples
|
||||||
in :ref:`Create Network Attachment Definitions
|
in :ref:`Create Network Attachment Definitions
|
||||||
<creating-network-attachment-definitions>`.
|
<creating-network-attachment-definitions>`.
|
||||||
|
@ -44,7 +44,7 @@ See :ref:`technology-preview-reduced-scope-0008a139a4b9` for details.
|
|||||||
.. rubric:: Debian |prod| General Availability
|
.. rubric:: Debian |prod| General Availability
|
||||||
|
|
||||||
|
|
||||||
An upcoming release will make Debian |prod| genrally available for
|
An upcoming release will make Debian |prod| generally available for
|
||||||
production deployments.
|
production deployments.
|
||||||
|
|
||||||
This upcoming release will run Debian Bullseye 11.3 or later with
|
This upcoming release will run Debian Bullseye 11.3 or later with
|
||||||
|
@ -29,7 +29,7 @@ configure the VM using Edit Settings as follows:
|
|||||||
|
|
||||||
#. Go to Display and move the "Video memory" slider all the way to the right.
|
#. Go to Display and move the "Video memory" slider all the way to the right.
|
||||||
Then tick the "Acceleration" checkbox "Enable 3D Acceleration".
|
Then tick the "Acceleration" checkbox "Enable 3D Acceleration".
|
||||||
#. Go to General/Advanced and set "Shared Clipboard" and "Drag'n Drop" to
|
#. Go to General/Advanced and set "Shared Clipboard" and drag-and-drop to
|
||||||
Bidirectional.
|
Bidirectional.
|
||||||
#. Go to User Interface/Devices and select "Devices/Insert Guest Additions CD
|
#. Go to User Interface/Devices and select "Devices/Insert Guest Additions CD
|
||||||
image" from the drop down. Restart your VM.
|
image" from the drop down. Restart your VM.
|
||||||
|
@ -153,7 +153,7 @@ scripting an initial setup.
|
|||||||
#. Verify that the host has been added successfully.
|
#. Verify that the host has been added successfully.
|
||||||
|
|
||||||
Use the :command:`fm alarm-list` command to check if any alarms (major or
|
Use the :command:`fm alarm-list` command to check if any alarms (major or
|
||||||
critical) events have occured. You can also type :command:`fm event-list`
|
critical) events have occurred. You can also type :command:`fm event-list`
|
||||||
to see a log of events. For more information on alarms, see :ref:`Fault
|
to see a log of events. For more information on alarms, see :ref:`Fault
|
||||||
Management Overview <fault-management-overview>`.
|
Management Overview <fault-management-overview>`.
|
||||||
|
|
||||||
|
@ -73,7 +73,7 @@ you want to define ``STX_CONFIG_DIR``? Possibly when working on a major
|
|||||||
change in the lower layer, such as the cutover to a newer OS version. Or
|
change in the lower layer, such as the cutover to a newer OS version. Or
|
||||||
perhaps when redefining the set of layers, or the boundary between layers. In
|
perhaps when redefining the set of layers, or the boundary between layers. In
|
||||||
these cases it might be very painful to repo sync due to conflicts. It
|
these cases it might be very painful to repo sync due to conflicts. It
|
||||||
might be desireable to copy ``stx-tools/centos-mirror-tools/config`` outside
|
might be desirable to copy ``stx-tools/centos-mirror-tools/config`` outside
|
||||||
of git for a time, and make your changes there. More on the config
|
of git for a time, and make your changes there. More on the config
|
||||||
directory below.
|
directory below.
|
||||||
|
|
||||||
@ -407,7 +407,7 @@ Using option 'b' (see below) would be safer.
|
|||||||
Option b) Use an alternative config directory.
|
Option b) Use an alternative config directory.
|
||||||
|
|
||||||
Copy the default config to an alternative directory outside of git,
|
Copy the default config to an alternative directory outside of git,
|
||||||
but still visible to the build. In the copyied config, edit the config files,
|
but still visible to the build. In the copied config, edit the config files,
|
||||||
replacing the existing 'distro' url's with ``file:///`` urls. Finally
|
replacing the existing 'distro' url's with ``file:///`` urls. Finally
|
||||||
instruct the build to use the alternate config. I'll use the
|
instruct the build to use the alternate config. I'll use the
|
||||||
environment variable method in the example below. It can also be done
|
environment variable method in the example below. It can also be done
|
||||||
@ -479,7 +479,7 @@ Making packaging changes
|
|||||||
|
|
||||||
**In what layer should I place my new compiled package ?**
|
**In what layer should I place my new compiled package ?**
|
||||||
|
|
||||||
If the package is original content, writen for the StarlingX project, it
|
If the package is original content, written for the StarlingX project, it
|
||||||
belongs in the 'flock' layer. Yes, envision a flock of starling, might
|
belongs in the 'flock' layer. Yes, envision a flock of starling, might
|
||||||
be corny but that is what we named it. All other content is considered
|
be corny but that is what we named it. All other content is considered
|
||||||
third party and goes in either the 'distro' or 'compiler' layer.
|
third party and goes in either the 'distro' or 'compiler' layer.
|
||||||
|
@ -607,7 +607,7 @@ Reference build overview
|
|||||||
|
|
||||||
* A server in the regional office performs regular (e.g. daily) automated
|
* A server in the regional office performs regular (e.g. daily) automated
|
||||||
builds using existing methods. These builds are called *reference builds*.
|
builds using existing methods. These builds are called *reference builds*.
|
||||||
* The builds are timestamped and preserved for some time (i.e. a number of weeks).
|
* The builds are time-stamped and preserved for some time (i.e. a number of weeks).
|
||||||
* A build CONTEXT, which is a file produced by ``build-pkgs`` at location
|
* A build CONTEXT, which is a file produced by ``build-pkgs`` at location
|
||||||
``$MY_WORKSPACE/CONTEXT``, is captured. It is a bash script that can cd to
|
``$MY_WORKSPACE/CONTEXT``, is captured. It is a bash script that can cd to
|
||||||
each and every Git and check out the SHA that contributed to the build.
|
each and every Git and check out the SHA that contributed to the build.
|
||||||
|
@ -230,7 +230,7 @@ The life cycle of a patch consists of the following states:
|
|||||||
repository and installed on any host yet.
|
repository and installed on any host yet.
|
||||||
|
|
||||||
* **Partial-Apply**: A patch in the Partial-Apply state means the patching
|
* **Partial-Apply**: A patch in the Partial-Apply state means the patching
|
||||||
process has been trigged by the :command:`sw-patch apply` command, but the
|
process has been triggered by the :command:`sw-patch apply` command, but the
|
||||||
patch has not been installed on all hosts that require it. It may have been
|
patch has not been installed on all hosts that require it. It may have been
|
||||||
installed on some hosts, but not all.
|
installed on some hosts, but not all.
|
||||||
|
|
||||||
@ -238,7 +238,7 @@ The life cycle of a patch consists of the following states:
|
|||||||
hosts that require it.
|
hosts that require it.
|
||||||
|
|
||||||
* **Partial-Remove**: A patch in the Partial-Remove state means the removing
|
* **Partial-Remove**: A patch in the Partial-Remove state means the removing
|
||||||
process has been trigged by the :command:`sw-patch remove` command, but the
|
process has been triggered by the :command:`sw-patch remove` command, but the
|
||||||
patch has not been removed from all hosts that installed it. It may have been
|
patch has not been removed from all hosts that installed it. It may have been
|
||||||
removed from some hosts, but not all.
|
removed from some hosts, but not all.
|
||||||
|
|
||||||
|
@ -166,7 +166,7 @@ function correctly.
|
|||||||
| tcp | 25491 | mgmt | dcorch-patch |allowed(service | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy internal endpoint|
|
| tcp | 25491 | mgmt | dcorch-patch |allowed(service | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy internal endpoint|
|
||||||
| | | | -api-proxy |internal endpoint)| | | | |
|
| | | | -api-proxy |internal endpoint)| | | | |
|
||||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||||
| tcp | 25492 | mgmt | dcorch-patch | allowed(sevice | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy admin endpoint |
|
| tcp | 25492 | mgmt | dcorch-patch | allowed(service | NA | Not used between System Controller and Subclouds | | dcorch-patch-api-proxy admin endpoint |
|
||||||
| | | | -api-proxy | admin endpoint) | | | | |
|
| | | | -api-proxy | admin endpoint) | | | | |
|
||||||
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
+----------+-------+---------+------------------+------------------+------------------+--------------------------------------------------+-------------------------------------+-----------------------------------------+
|
||||||
| tcp | 30001-| mgmt | VIM | allowed | allowed | Not used between System Controller and Subclouds | | |
|
| tcp | 30001-| mgmt | VIM | allowed | allowed | Not used between System Controller and Subclouds | | |
|
||||||
|
@ -520,7 +520,7 @@ Look for 'No space left on device' logs on the console, in the
|
|||||||
|
|
||||||
**Debugging a Rejected Local Install**
|
**Debugging a Rejected Local Install**
|
||||||
|
|
||||||
The followimg command is to query Local Install logs:
|
The following command is to query Local Install logs:
|
||||||
|
|
||||||
.. code-block::
|
.. code-block::
|
||||||
|
|
||||||
|
@ -57,7 +57,7 @@ Alarm Messages - 700s
|
|||||||
+ +---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
+ +---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
||||||
| | tenant=<tenant-uuid>.instance=<instance-uuid> |
|
| | tenant=<tenant-uuid>.instance=<instance-uuid> |
|
||||||
+----------+---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
+----------+---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
||||||
| 700.010 | nstance <instance_name> owned by <tenant_name> has been cold-migrated to host <host_name> waiting for confirmation. | C\* | Confirm or revert cold-migrate of instance. |
|
| 700.010 | Instance <instance_name> owned by <tenant_name> has been cold-migrated to host <host_name> waiting for confirmation.| C\* | Confirm or revert cold-migrate of instance. |
|
||||||
+ +---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
+ +---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
||||||
| | tenant=<tenant-uuid>.instance=<instance-uuid> |
|
| | tenant=<tenant-uuid>.instance=<instance-uuid> |
|
||||||
+----------+---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
+----------+---------------------------------------------------------------------------------------------------------------------+----------+-----------------------------------------------------------------------------------------------------------+
|
||||||
|
@ -20,8 +20,8 @@ Ceph cluster will be containerized and managed by Rook, to improve operation
|
|||||||
and maintenance efficiency.
|
and maintenance efficiency.
|
||||||
|
|
||||||
This guide describes a method to migrate the host-based Ceph cluster deployed with
|
This guide describes a method to migrate the host-based Ceph cluster deployed with
|
||||||
StarlingX early releses to the newly containerized Ceph clusters using an upcoming
|
StarlingX early releases to the newly containerized Ceph clusters using an upcoming
|
||||||
StarlingX release, while maintaining user data in :abbr:`OSDs (Object Store Devices)`.
|
StarlingX release, while maintaining user data in |OSDs|.
|
||||||
|
|
||||||
The migration procedure maintains CEPH OSDs and data on OSDs. Although the procedure
|
The migration procedure maintains CEPH OSDs and data on OSDs. Although the procedure
|
||||||
does result in hosted applications experiencing several minutes of service outage due
|
does result in hosted applications experiencing several minutes of service outage due
|
||||||
@ -556,7 +556,7 @@ Apply rook-ceph application
|
|||||||
deployment.apps "rook-ceph-mon-a" deleted
|
deployment.apps "rook-ceph-mon-a" deleted
|
||||||
|
|
||||||
|
|
||||||
#. Apply service rook-ceph-mon-a, and get cluster ip, for examplex, 10.104.152.151.
|
#. Apply service rook-ceph-mon-a, and get cluster ip, for example, 10.104.152.151.
|
||||||
|
|
||||||
::
|
::
|
||||||
|
|
||||||
|
@ -21,7 +21,7 @@ and maintenance efficiency.
|
|||||||
|
|
||||||
This guide describes a method to migrate the Ceph cluster deployed with StarlingX
|
This guide describes a method to migrate the Ceph cluster deployed with StarlingX
|
||||||
early releases to the newly containerized Ceph clusters using an upcoming StarlingX
|
early releases to the newly containerized Ceph clusters using an upcoming StarlingX
|
||||||
release, while maintaining user data in :abbr:`OSDs (Object Store Devices)`.
|
release, while maintaining user data in |OSDs|.
|
||||||
|
|
||||||
---------------------
|
---------------------
|
||||||
Prepare for migration
|
Prepare for migration
|
||||||
@ -664,7 +664,7 @@ Remove script ceph.sh on all hosts.
|
|||||||
sudo rm -rf /etc/services.d/worker/ceph.sh
|
sudo rm -rf /etc/services.d/worker/ceph.sh
|
||||||
sudo rm -rf /etc/services.d/storage/ceph.sh
|
sudo rm -rf /etc/services.d/storage/ceph.sh
|
||||||
|
|
||||||
Reboot controller-0 and controller-1. And after the controller reboot sucessfully,
|
Reboot controller-0 and controller-1. And after the controller reboot successfully,
|
||||||
lock and unlock storage-0 and storage-1, wait for node to be available.
|
lock and unlock storage-0 and storage-1, wait for node to be available.
|
||||||
|
|
||||||
-----------------------------
|
-----------------------------
|
||||||
|
@ -74,11 +74,11 @@ the migration procedures.
|
|||||||
#. Edit pv and pvc provisioner
|
#. Edit pv and pvc provisioner
|
||||||
|
|
||||||
For already created pv and pvc in openstack, if |prefix|-openstack
|
For already created pv and pvc in openstack, if |prefix|-openstack
|
||||||
application is applied before migration, change the provsioner to
|
application is applied before migration, change the provisioner to
|
||||||
kube-system.rbd.csi.ceph.com from rbd/ceph.com, as csi pod will provide csi
|
kube-system.rbd.csi.ceph.com from rbd/ceph.com, as csi pod will provide csi
|
||||||
service to K8s.
|
service to K8s.
|
||||||
|
|
||||||
#. Update keyring and conf file on controller-0, controler-1
|
#. Update keyring and conf file on controller-0, controller-1
|
||||||
|
|
||||||
For k8s pv, it will use host /etc/ceph/keyring for ceph cluster access,
|
For k8s pv, it will use host /etc/ceph/keyring for ceph cluster access,
|
||||||
update folder /etc/ceph/ with containerized ceph cluster.
|
update folder /etc/ceph/ with containerized ceph cluster.
|
||||||
|
@ -66,8 +66,8 @@ Kata Containers
|
|||||||
Kata containers are an optional capability on |prod| that provide a secure
|
Kata containers are an optional capability on |prod| that provide a secure
|
||||||
container runtime with lightweight virtual machines that feel and perform like
|
container runtime with lightweight virtual machines that feel and perform like
|
||||||
containers, but provide stronger workload isolation. For improved performance
|
containers, but provide stronger workload isolation. For improved performance
|
||||||
wrt isolation, Kata containers leverages hardware-enforced isotation with
|
with relation to isolation, Kata containers leverages hardware-enforced isolation
|
||||||
virtualization VT extensions.
|
with virtualization VT extensions.
|
||||||
|
|
||||||
For more information, see :ref:`starlingx-kubernetes-user-tutorials-overview`.
|
For more information, see :ref:`starlingx-kubernetes-user-tutorials-overview`.
|
||||||
|
|
||||||
@ -89,7 +89,7 @@ The following considerations apply to PodSecurityPolicies (PSPs):
|
|||||||
|
|
||||||
- are disabled by default
|
- are disabled by default
|
||||||
|
|
||||||
- can be enable by the System Administor via **system service-parameter-add
|
- can be enable by the System Administrator via **system service-parameter-add
|
||||||
kubernetes kube_apiserver admission_plugins=PodSecurityPolicy**
|
kubernetes kube_apiserver admission_plugins=PodSecurityPolicy**
|
||||||
|
|
||||||
|prod| provides default PSP and RBAC definitions to simplify initial
|
|prod| provides default PSP and RBAC definitions to simplify initial
|
||||||
|
@ -193,10 +193,10 @@ only the Interface sections are modified for |prod-os|.
|
|||||||
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
+-----------------------------------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------+
|
||||||
| Network Ports | \(Typical deployment.\) |
|
| Network Ports | \(Typical deployment.\) |
|
||||||
| | |
|
| | |
|
||||||
| | - Magement and Cluster Host: 2 x 10GE LAG \(shared interface\) |
|
| | - Management and Cluster Host: 2 x 10GE LAG \(shared interface\) |
|
||||||
| | |
|
| | |
|
||||||
| | .. note:: |
|
| | .. note:: |
|
||||||
| | Magement ports are required for Duplex systems only |
|
| | Management ports are required for Duplex systems only |
|
||||||
| | |
|
| | |
|
||||||
| | - OAM: 2 x 1GE LAG |
|
| | - OAM: 2 x 1GE LAG |
|
||||||
| | |
|
| | |
|
||||||
|
@ -44,7 +44,7 @@ Each service can use different storage backends.
|
|||||||
| | | |
|
| | | |
|
||||||
| | - used for VM boot disk volumes | |
|
| | - used for VM boot disk volumes | |
|
||||||
| | | |
|
| | | |
|
||||||
| | - used as aditional disk volumes for VMs booted from images | |
|
| | - used as additional disk volumes for VMs booted from images| |
|
||||||
| | | |
|
| | | |
|
||||||
| | - snapshots and persistent backups for volumes | |
|
| | - snapshots and persistent backups for volumes | |
|
||||||
+---------+---------------------------------------------------------------+---------------------------------------------------------------+
|
+---------+---------------------------------------------------------------+---------------------------------------------------------------+
|
||||||
|
@ -42,7 +42,7 @@ The StarlingX 2.0.1 release provides fixes for the following bugs:
|
|||||||
* `1817936 <https://bugs.launchpad.net/starlingx/+bug//1817936/>`_
|
* `1817936 <https://bugs.launchpad.net/starlingx/+bug//1817936/>`_
|
||||||
Periodic message loss seen between VIM and OpenStac REST APIs
|
Periodic message loss seen between VIM and OpenStac REST APIs
|
||||||
* `1827246 <https://bugs.launchpad.net/starlingx/+bug//1827246/>`_
|
* `1827246 <https://bugs.launchpad.net/starlingx/+bug//1827246/>`_
|
||||||
Access to VM console not working as Horion redirects to
|
Access to VM console not working as Horizon redirects to
|
||||||
novncproxy.openstack.svc.cluster.local
|
novncproxy.openstack.svc.cluster.local
|
||||||
* `1830736 <https://bugs.launchpad.net/starlingx/+bug//1830736/>`_
|
* `1830736 <https://bugs.launchpad.net/starlingx/+bug//1830736/>`_
|
||||||
Ceph osd process was not recovered after lock and unlock on storage
|
Ceph osd process was not recovered after lock and unlock on storage
|
||||||
|
@ -75,7 +75,7 @@ StoryBoard entries for the features.
|
|||||||
|
|
||||||
`2006274 <https://storyboard.openstack.org/#!/story/2006274>`_
|
`2006274 <https://storyboard.openstack.org/#!/story/2006274>`_
|
||||||
|
|
||||||
* Support for OpenID connet authentication parameters for bootstrap
|
* Support for OpenID connect authentication parameters for bootstrap
|
||||||
|
|
||||||
`2006235 <https://storyboard.openstack.org/#!/story/2006235>`_
|
`2006235 <https://storyboard.openstack.org/#!/story/2006235>`_
|
||||||
|
|
||||||
|
@ -146,9 +146,9 @@ where, <UUID> is the UUID of the ssl\_ca certtype to be removed.
|
|||||||
followed by locking and unlocking all controller nodes for the change to
|
followed by locking and unlocking all controller nodes for the change to
|
||||||
take effect.
|
take effect.
|
||||||
|
|
||||||
-----------------------------------
|
------------------------------------
|
||||||
Update/Renew trusted CA certficates
|
Update/Renew trusted CA certificates
|
||||||
-----------------------------------
|
------------------------------------
|
||||||
|
|
||||||
.. warning::
|
.. warning::
|
||||||
|
|
||||||
|
@ -204,7 +204,7 @@ Configure OIDC Auth Applications
|
|||||||
|CA| which signed it, respectively. These secrets are created in this
|
|CA| which signed it, respectively. These secrets are created in this
|
||||||
example.
|
example.
|
||||||
|
|
||||||
In addition, one can indicate the |WAD| certificate for an ldap server
|
In addition, one can indicate the |WAD| certificate for an |LDAP| server
|
||||||
that has https enabled by using the secret ``wad-ca-cert`` as in this
|
that has https enabled by using the secret ``wad-ca-cert`` as in this
|
||||||
example.
|
example.
|
||||||
|
|
||||||
|
@ -10,7 +10,7 @@ HTTPs where x509 certificates are required.
|
|||||||
|
|
||||||
Etcd certificates in |prod| includes:
|
Etcd certificates in |prod| includes:
|
||||||
|
|
||||||
- Etcd Root |CA| certificiate
|
- Etcd Root |CA| certificate
|
||||||
- Etcd server certificate
|
- Etcd server certificate
|
||||||
- Etcd client certificate
|
- Etcd client certificate
|
||||||
- ``kube-apiserver``'s etcd client certificate
|
- ``kube-apiserver``'s etcd client certificate
|
||||||
|
@ -42,7 +42,7 @@ either an uploaded certificate or an auto generated certificate.
|
|||||||
.. rubric:: |proc|
|
.. rubric:: |proc|
|
||||||
|
|
||||||
Before starting the update, it is highly recommended to backup the existing
|
Before starting the update, it is highly recommended to backup the existing
|
||||||
Kubernetes Root |CA| certficiate and key, i.e. ``/etc/kubernetes/pki/ca.crt``
|
Kubernetes Root |CA| certficate and key, i.e. ``/etc/kubernetes/pki/ca.crt``
|
||||||
and ``/etc/kubernetes/pki/ca.key``.
|
and ``/etc/kubernetes/pki/ca.key``.
|
||||||
|
|
||||||
#. Create the strategy.
|
#. Create the strategy.
|
||||||
|
@ -35,12 +35,13 @@ Local |LDAP| user accounts share the following set of attributes:
|
|||||||
|
|
||||||
- The initial password must be changed immediately upon first login.
|
- The initial password must be changed immediately upon first login.
|
||||||
|
|
||||||
- For complete details on password rules, see :ref:`System Account Password Rules <starlingx-system-accounts-system-account-password-rules>`.
|
- For complete details on password rules, see :ref:`System Account
|
||||||
|
Password Rules <starlingx-system-accounts-system-account-password-rules>`.
|
||||||
|
|
||||||
- Login sessions are logged out automatically after about 15 minutes of
|
- Login sessions are logged out automatically after about 15 minutes of
|
||||||
inactivity.
|
inactivity.
|
||||||
|
|
||||||
- After each unsuccessful login attemt, a 15 second delay is imposed before
|
- After each unsuccessful login attempt, a 15 second delay is imposed before
|
||||||
making another attempt. If you attempt to login before 15 seconds the
|
making another attempt. If you attempt to login before 15 seconds the
|
||||||
system will display a message such as:
|
system will display a message such as:
|
||||||
|
|
||||||
@ -49,7 +50,7 @@ Local |LDAP| user accounts share the following set of attributes:
|
|||||||
.. note:: On Debian-based |prod| systems, this delay is 3 seconds.
|
.. note:: On Debian-based |prod| systems, this delay is 3 seconds.
|
||||||
|
|
||||||
- After five consecutive unsuccessful login attempts, further attempts are
|
- After five consecutive unsuccessful login attempts, further attempts are
|
||||||
blocked for about five minutes. On further attemps within 5 minutes, the
|
blocked for about five minutes. On further attempts within 5 minutes, the
|
||||||
system will display a message such as:
|
system will display a message such as:
|
||||||
|
|
||||||
``Account locked due to 6 failed logins``
|
``Account locked due to 6 failed logins``
|
||||||
|
@ -86,7 +86,7 @@ and ``/etc/kubernetes/pki/ca.key``.
|
|||||||
|
|
||||||
``--expiry-date``
|
``--expiry-date``
|
||||||
|
|
||||||
Optional argment to specify the expiry date of the new certificate. It has
|
Optional argument to specify the expiry date of the new certificate. It has
|
||||||
to be in the "YYYY-MM-DD" format. If not specified, the new certificate
|
to be in the "YYYY-MM-DD" format. If not specified, the new certificate
|
||||||
will have the same valid period as the existing one (normally 10 years).
|
will have the same valid period as the existing one (normally 10 years).
|
||||||
|
|
||||||
|
@ -204,7 +204,7 @@ namespaces:
|
|||||||
Pod Security Admission Controller - Usage Example
|
Pod Security Admission Controller - Usage Example
|
||||||
-------------------------------------------------
|
-------------------------------------------------
|
||||||
|
|
||||||
This page walks thru a usage example of |PSA| where you will:
|
This page walks through a usage example of |PSA| where you will:
|
||||||
|
|
||||||
- Create a namespace for each of the 3 security policies levels: privileged,
|
- Create a namespace for each of the 3 security policies levels: privileged,
|
||||||
baseline and restricted.
|
baseline and restricted.
|
||||||
|
@ -32,7 +32,7 @@ The default initial password is **sysadmin**.
|
|||||||
.. note:: On Debian-based |prod| systems, this delay is 3 seconds.
|
.. note:: On Debian-based |prod| systems, this delay is 3 seconds.
|
||||||
|
|
||||||
- After five consecutive unsuccessful login attempts, further attempts are
|
- After five consecutive unsuccessful login attempts, further attempts are
|
||||||
blocked for about five minutes. On further attemps within 5 minutes, the
|
blocked for about five minutes. On further attempts within 5 minutes, the
|
||||||
system will display a message such as:
|
system will display a message such as:
|
||||||
|
|
||||||
``Account locked due to 6 failed logins``
|
``Account locked due to 6 failed logins``
|
||||||
|
@ -38,7 +38,7 @@ The following is a list of pools created by |prod-os|, and Rados Gateway applica
|
|||||||
| | | | | |
|
| | | | | |
|
||||||
| | | - used for VM boot disk volumes | | |
|
| | | - used for VM boot disk volumes | | |
|
||||||
| | | | | |
|
| | | | | |
|
||||||
| | | - used as aditional disk volumes for VMs booted from images | | |
|
| | | - used as additional disk volumes for VMs booted from images| | |
|
||||||
| | | | | |
|
| | | | | |
|
||||||
| | | - snapshots and persistent backups for volumes | | |
|
| | | - snapshots and persistent backups for volumes | | |
|
||||||
+----------------------------------+---------------------+---------------------------------------------------------------+----------+----------------------------------------------------------------------------------------+
|
+----------------------------------+---------------------+---------------------------------------------------------------+----------+----------------------------------------------------------------------------------------+
|
||||||
|
@ -117,6 +117,6 @@ The following example sets ``ExternalSizeMax`` to 3 gigabytes.
|
|||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
Configuring a parameter raises the 250.001 *controller-0 Configuration
|
Configuring a parameter raises the 250.001 *controller-0 Configuration
|
||||||
is out-of-date* adarm. A lock/unlock is required to clear it. For more
|
is out-of-date* alarm. A lock/unlock is required to clear it. For more
|
||||||
information, see :ref:`locking-a-host-using-the-cli` and
|
information, see :ref:`locking-a-host-using-the-cli` and
|
||||||
:ref:`unlocking-a-host-using-the-cli`.
|
:ref:`unlocking-a-host-using-the-cli`.
|
||||||
|
@ -40,7 +40,7 @@ ptp4l
|
|||||||
|
|
||||||
~(keystone_admin)]$ system ptp-instance-add ptp-inst1 ptp4l
|
~(keystone_admin)]$ system ptp-instance-add ptp-inst1 ptp4l
|
||||||
|
|
||||||
#. Create a |PTP| inteface for the instance.
|
#. Create a |PTP| interface for the instance.
|
||||||
|
|
||||||
.. code-block::
|
.. code-block::
|
||||||
|
|
||||||
|
@ -156,7 +156,8 @@ To assign a dedicated |VLAN| segment ID you must first enable the Neutron
|
|||||||
.. note::
|
.. note::
|
||||||
|
|
||||||
Thr name **test1-st-segement01-mx6fa5eonzrr** has been folded onto
|
Thr name **test1-st-segement01-mx6fa5eonzrr** has been folded onto
|
||||||
two lines in the sample output above for display pruposes.
|
two lines in the sample output above for display purposes.
|
||||||
|
|
||||||
#. List subnets.
|
#. List subnets.
|
||||||
|
|
||||||
.. code-block:: none
|
.. code-block:: none
|
||||||
|
Loading…
Reference in New Issue
Block a user