From ecfd58375dde84f4dc2f7fc2db2ea647f5179bee Mon Sep 17 00:00:00 2001 From: Ron Stone Date: Mon, 15 Nov 2021 14:44:21 -0500 Subject: [PATCH] Add a note for remotecli section when the https is enabled on the system Added said note as a prereq. Cleaned up some incidental formatting errors. Incorporated patchset 1 review comments. Incorporated patchset 2 review comments. Incorporated patchset 3 review comments. Signed-off-by: Ron Stone Change-Id: I0e2096eb999e2a156d82680e340f769cf33acdd8 --- ...ntainer-backed-remote-clis-and-clients.rst | 26 +++++++++++ ...ntainer-backed-remote-clis-and-clients.rst | 45 ++++++++++--------- 2 files changed, 51 insertions(+), 20 deletions(-) diff --git a/doc/source/security/kubernetes/using-container-backed-remote-clis-and-clients.rst b/doc/source/security/kubernetes/using-container-backed-remote-clis-and-clients.rst index 880245655..ac53ff7d6 100644 --- a/doc/source/security/kubernetes/using-container-backed-remote-clis-and-clients.rst +++ b/doc/source/security/kubernetes/using-container-backed-remote-clis-and-clients.rst @@ -68,6 +68,32 @@ variables and aliases for the remote |CLI| commands. ... root@myclient:/home/user/remote_cli_wd# + + .. note:: + + See the procedure for configuring the |SSL| platform certificate at + :ref:`install-update-the-starlingx-rest-and-web-server-certificate`. + + If HTTPS is enabled for the StarlingX REST API Server on the |prod| + system, copy the certificate of the |CA| that issued/signed the + StarlingX REST API Server's |SSL| certificate to the folder + ``$HOME/remote_wd_cli`` on the remote machine and execute commands as + follows: + + * For ``system`` commands: + + .. code-block:: none + + ~(keystone_admin)]$ system --ca-file ca.pem host-list + + * For ``dcmanager`` commands: + + .. code-block:: none + + ~(keystone_admin)]$ OS_CACERT=ca.pem + ~(keystone_admin)]$ dcmanager subcloud list + + .. note:: Some |CLI| commands are designed to leave you in a shell prompt, for example: diff --git a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst index da9279d2c..b5c5d3429 100644 --- a/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst +++ b/doc/source/usertasks/kubernetes/kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients.rst @@ -15,6 +15,7 @@ This functionality is made available using a docker container with pre-installed |CLIs| and clients. The container's image is pulled as required by the remote CLI/client configuration scripts. + .. rubric:: |prereq| .. _kubernetes-user-tutorials-configuring-container-backed-remote-clis-and-clients-ul-ev3-bfq-nlb: @@ -50,6 +51,7 @@ by the remote CLI/client configuration scripts. - You will need a kubectl config file containing your user account and login credentials from your |prod| administrator. + The following procedure helps you configure the Container-backed remote |CLIs| and clients for a non-admin user. @@ -77,28 +79,29 @@ and clients for a non-admin user. In this example, we use 'user1' user in the 'tenant1' tenant. - #. Navigate to **Project** \> **API Access** \> **Download Openstack RC - file**. + #. Navigate to :menuselection:`Project --> API Access --> Download Openstack RC + file`. - #. Select **Openstack RC file**. + #. Select :guilabel:`Openstack RC file`. - The file my-openrc.sh downloads. + The file ``my-openrc.sh`` downloads. .. note:: - For a Distributed Cloud system, navigate to **Project** \> **Central Cloud Regions** \> **RegionOne** \> - and download the **Openstack RC file**. + For a Distributed Cloud system, navigate to :menuselection:`Project + --> Central Cloud Regions --> RegionOne` and download the **Openstack + RC file**. -#. Copy the user-kubeconfig file \(received from your administrator containing - your user account and credentials\) to the remote workstation. +#. Copy the user-kubeconfig file received from your administrator containing + your user account and credentials to the remote workstation. You can copy the file to any location on the remote workstation. For convenience, this example assumes that it is copied to the location of the extracted tarball. .. note:: - Ensure that the user-kubeconfig file has 666 permissions after copying - the file to the remote workstation, otherwise, use the following + Confirm that the user-kubeconfig file has 666 permissions after copying + the file to the remote workstation. If necessary, use the following command to change permissions, :command:`chmod 666 user-kubeconfig`. #. On the remote workstation, configure the client access. @@ -112,8 +115,10 @@ and clients for a non-admin user. #. Create a working directory that will be mounted by the container implementing the remote |CLIs|. - See the description of the :command:`configure\_client.sh` ``-w`` option - :ref:`below ` for more details. + See the description of the :command:`configure\_client.sh` ``-w`` + option :ref:`below + ` + for more details. .. code-block:: none @@ -216,15 +221,15 @@ variables and aliases for the remote |CLI| commands. your shells will automatically be initialized with the environment variables and aliases for the remote |CLI| commands. -See :ref:`Using Container-backed Remote CLIs and Clients ` for details. - -**Related information** +See :ref:`Using Container-backed Remote CLIs and Clients +` for details. .. seealso:: - :ref:`Using Container-backed Remote CLIs and Clients - ` - :ref:`Installing Kubectl and Helm Clients Directly on a Host - ` + * :ref:`Using Container-backed Remote CLIs and Clients + ` - :ref:`Configuring Remote Helm Client ` \ No newline at end of file + * :ref:`Installing Kubectl and Helm Clients Directly on a Host + ` + + * :ref:`Configuring Remote Helm Client ` \ No newline at end of file