Red Hat Bugzilla – Bug 621345
Documentation Quick Fixes
Last modified: 2014-08-04 18:19:04 EDT
Chapter 1. Introduction
"There are, however, cloud-specific configuration required, such as the following examples: "
Should this be "There is..." ?
" On the RHEL Client instance, the following certificates are used:
* client.crt - The entitlement certificate that describes the channels to which a RHEL client has access.
* ca.crt - Certificate Authority certificate used to sign the server's SSL certificate. "
Might want to make it "... sign the CDS server's SSL certificate."
There are two extra, blank columns in the table.
"... Refer to the Red Hat Enterprise Linux Installation Guide for more information. Storage Configuration
During or after..."
The "Storage Configuration" header doesn't look like it's properly formatted; it's at the end of the previous sentence.
In the intro to this section, you might want to add a note section that indicates that one SSL certificate will be generated for each CDS instance. This is implied since the CN has to be the FQDN of the name, but for clarity it might be better to explicitly point out that they will be generating multiple certs.
The cloud provider should know this, but you might want to add in a note that the permissions on the ~/.ssh directory must be 700. If the permissions aren't set right, the password-less login won't work and the RHUA will hang when it tries to connect to the CDS.
In step 1, the URL passed to wget hard codes i386. Might want to add in a note that says to substitute in the correct architecture.
In step 2, same thing about the architecture in the ISO name.
Technically, the install_* scripts will prompt the user to install (the normal yum installation prompt where you have to type y). It's your call if you want to mention that, just wanted to make you aware.
In step 2, you mkdir /mnt/rhuiso, but in the following line you refer to /mnt/satiso. In steps 3 and 4, you also refer to /mnt/satiso.
Chapter 4, 5, 6, 7:
"And, choose option 4 to configure the entitlement certificate. "
IMO, the "And, " part feels awkward, but that's largely just a stylistic thing.
Step 2: Change /root/ent/rhel-server-5.pem to something like /root/ent/content-cert.pem. Simply because we're also going to be including the RHUI channel in there as well.
Might want to make an explicit note that if you select that there is no proxy server, you won't be prompted for steps 6-8.
"5. Full path to the CDS SSL certificate's CA certificate - Input the path to the CA certifcate generated by the CA (such as /root/ssl/build/cds2-example-com) "
Might want to change that example to be CDS agnostic, since the same CA signed the certs for all CDSes (e.g. /root/ss/ca.crt)
"5. Full path to the CA certificate used to sign the SSL certificate — Input the path to the CA certificate file created for signing CDS certificates (such as /cloud/entitlement-ca.pem)"
The verbiage in rhui-tools now specifies "... the CDS SSL certificiate" just to make sure it's clear. Might want to update that here. Also add in "SSL" to the end of that line to make it "CDS SSL certificates". I only mention this because there are quite a few types of certificates and keys in play in the RHUI and I've found it's better to be explicit to keep confusion at a minimum.
While we're at it, change the example to be /cloud/ca.crt just to be safe. Again, these are the CDS server SSL certificiates whereas "entitlement" certificates live on the client.
Remove "rhua monitor" from being listed, it's not meant to be run by customers but rather by our cron scripts.
Reword the following line to say "The following tests are run as part of running rhua summary"
Yank this whole section, it's not something we're providing to customers.
Remove "Terminates all running CDS instances", we don't actually start/stop instances in this release.
Same as for 9.1.3.
Add in a line that all of the packages are deleted from the CDS instances.
Thanks for the feedback! This has been fixed in the latest build of the RHUI Deployment Guide:
Verified all the changes.. took awhile :) found one issue.
Full path to the content certificate to be used as the basis for the entitlement certificate. The list of entitled channels will be derived from this certificate — Input the path where the Red Hat distributed entitlement certificate is located (such as /root/ent/rhel-server-5.pem)
I think rhel-server-5.pem needs to be updated to /root/ent/content-cert.pem.
jdob noted this in his cht4 comment, I dont see the change.
Fix from Comment #2 applied at the URL below. Thanks for the correction!
Fixed in Chapter 4, verified with below link.