Merge "OIDC script updates"

doc/source/deploy_install_guides/r5_release/bare_metal/configuring-a-pxe-boot-server.rst

@@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
 
 .. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb:
 
-#.  Copy the ISO image from the source \(product DVD, USB device, or WindShare
+#.  Copy the ISO image from the source \(product DVD, USB device, or
-    `http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
+    |dnload-loc| to a temporary location on the |PXE| boot server.
-    temporary location on the PXE boot server.
 
-    This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
+    This example assumes that the copied image file is
+    ``tmp/TS-host-installer-1.0.iso``.
 
 #.  Mount the ISO image and make it executable.
 

doc/source/deploy_install_guides/r6_release/bare_metal/configuring-a-pxe-boot-server.rst

@@ -95,11 +95,11 @@ Use a Linux workstation as the |PXE| Boot server.
 
 .. _configuring-a-pxe-boot-server-steps-qfb-kyh-2cb-r6:
 
-#.  Copy the ISO image from the source \(product DVD, USB device, or WindShare
+#.  Copy the ISO image from the source \(product DVD, USB device, or
-    `http://windshare.windriver.com <http://windshare.windriver.com>`__\) to a
+    |dnload-loc| to a temporary location on the |PXE| boot server.
-    temporary location on the PXE boot server.
 
-    This example assumes that the copied image file is tmp/TS-host-installer-1.0.iso.
+    This example assumes that the copied image file is
+    ``tmp/TS-host-installer-1.0.iso``.
 
 #.  Mount the ISO image and make it executable.
 

doc/source/security/kubernetes/obtain-the-authentication-token-using-the-oidc-auth-shell-script.rst

@@ -24,6 +24,8 @@ credential for the user in the **kubectl** config file.
 -   On controller-0, **oidc-auth** is installed as part of the base |prod|
     installation, and ready to use.
 
+-   On remote hosts, **oidc-auth** must be installed from |dnload-loc|.
+
 .. xbooklink
 
    -   On a remote workstation using remote-cli container, **oidc-auth** is
@@ -31,17 +33,15 @@ credential for the user in the **kubectl** config file.
         information on configuring remote CLI access, see |sysconf-doc|:
         :ref:`Configure Remote CLI Access <configure-remote-cli-access>`.
 
--   On a remote host, when using directly installed **kubectl** and **helm**, the following setup is required:
+-   On a remote host, when using directly installed **kubectl** and **helm**,
+    the following setup is required:
 
 
     -   Install "Python Mechanize" module using the following command:
 
         .. code-block:: none
 
-            # sudo pip2 install mechanize
+            sudo pip2 install mechanize
-
-    -   Get the **oidc-auth** script from WindShare.
-
 
 
 .. note::
@@ -55,7 +55,8 @@ credential for the user in the **kubectl** config file.
     credentials in **kubectl** config file with the retrieved token.
 
 
-    -   If **oidc-auth-apps** is deployed with a single backend **ldap** connector, run the following command:
+    -   If **oidc-auth-apps** is deployed with a single backend **ldap**
+        connector, run the following command:
 
         .. code-block:: none
 
@@ -71,17 +72,16 @@ credential for the user in the **kubectl** config file.
             Updating kubectl config ...
             User testuser set.
 
-    -   If **oidc-auth-apps** is deployed with multiple backend **ldap** connectors, run the following command:
+    -   If **oidc-auth-apps** is deployed with multiple backend **ldap**
+        connectors, run the following command:
 
         .. code-block:: none
 
             ~(keystone_admin)]$ oidc-auth -b <connector-id> -c <ip> -u <username>
 
-
-
     .. note::
-        If you are running **oidc-auth** within the |prod| containerized
+        If you are running **oidc-auth** within the |prod| containerized remote
-        remote CLI, you must use the -p <password> option to run the command
+        CLI, you must use the ``-p <password>`` option to run the command
         non-interactively.
 
 

doc/source/security/kubernetes/overview-of-windows-active-directory.rst

@@ -11,14 +11,13 @@ to authenticate users of the Kubernetes API, using the **oidc-auth-apps**
 application.
 
 The **oidc-auth-apps** application installs a proxy |OIDC| identity provider
-that can be configured to proxy authentication requests to an LDAP \(s\)
+that can be configured to proxy authentication requests to an |LDAP| \(s\)
-identity provider, such as Windows Active Directory. For more information,
+identity provider, such as Windows Active Directory. For more information, see,
-see, `https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
+`https://github.com/dexidp/dex <https://github.com/dexidp/dex>`__. The
-**oidc-auth-apps** application also provides an |OIDC| client for accessing
+**oidc-auth-apps** application also provides an |OIDC| client for accessing the
-the username and password |OIDC| login page for user authentication and
+username and password |OIDC| login page for user authentication and retrieval
-retrieval of tokens. An **oidc-auth** CLI script, available on Wind Share, at
+of tokens. An **oidc-auth** CLI script can also be used for |OIDC| user
-`https://windshare.windriver.com/ <https://windshare.windriver.com/>`__, can
+authentication and retrieval of tokens.
-also be used for |OIDC| user authentication and retrieval of tokens.
 
 In addition to installing and configuring the **oidc-auth-apps**
 application, the admin must also configure Kubernetes cluster's