[enterprise-4.20] OSDOCS-17072-batch6

modules/oadp-using-ca-certificates-with-velero-command.adoc

@@ -31,9 +31,12 @@ $ alias velero='oc -n openshift-adp exec deployment/velero -c velero -it -- ./ve
 . Check that the alias is working by running the following command:
 +
 [source,terminal]
-.Example
 ----
 $ velero version
+----
++
+[source,terminal]
+----
 Client:
 	Version: v1.12.1-OADP
 	Git commit: -

modules/op-using-tekton-chains-to-sign-and-verify-image-and-provenance.adoc

@@ -142,15 +142,18 @@ $ cosign verify-attestation --key cosign.pub $REGISTRY/kaniko-chains
 +
 [source,terminal]
 ----
-$ rekor-cli search --sha <image_digest> <1>
-
+$ rekor-cli search --sha <image_digest>
+----
+* `<image_digest>`: Substitute with the `sha256` digest of the image.
++
+[source,terminal]
+----
 <uuid_1> <2>
 <uuid_2> <3>
 ...
 ----
-<1> Substitute with the `sha256` digest of the image.
-<2> The first matching universally unique identifier (UUID).
-<3> The second matching UUID.
+* `<uuid_1>`: The first matching universally unique identifier (UUID).
+* `<uuid_2>`: The second matching UUID.
 +
 The search result displays UUIDs of the matching entries. One of those UUIDs holds the attestation.
 +

modules/ossm-cert-manage-verify-cert.adoc

@@ -80,12 +80,9 @@ $ diff -s /tmp/ca-cert.crt.txt /tmp/pod-cert-chain-ca.crt.txt
 You should see the following result:
 `Files /tmp/ca-cert.crt.txt and /tmp/pod-cert-chain-ca.crt.txt are identical.`
 
-. Verify the certificate chain from the root certificate to the workload certificate. Replace `<path>` with the path to your certificates.
+. Verify the certificate chain from the root certificate to the workload certificate. Replace `<path>` with the path to your certificates. After you run the command, the expected output shows `./proxy-cert-1.pem: OK`.
 +
 [source,terminal]
 ----
 $ openssl verify -CAfile <(cat <path>/ca-cert.pem <path>/root-cert.pem) ./proxy-cert-1.pem
 ----
-+
-You should see the following result:
-`./proxy-cert-1.pem: OK`

modules/persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure.adoc

@@ -6,6 +6,8 @@
 [id="persistent-storage-csi-azure-file-cross-sub-dynamic-provisioning-procedure_{context}"]
 = Dynamic provisioning across subscriptions for Azure File
 
+To use Azure File dynamic provisioning across subscriptions by completing this procedure.
+
 .Prerequisites
 * Installed {product-title} cluster on Azure with the service principal or managed identity as an Azure identity in one subscription (call it Subscription A)
 
@@ -14,7 +16,6 @@
 * Logged in to the Azure CLI
 
 .Procedure
-To use Azure File dynamic provisioning across subscriptions:
 
 . Record the Azure identity (service principal or managed identity) by running the following applicable commands. The Azure identity is needed in a later step:
 +

modules/preparing-aws-credentials-for-oadp.adoc

@@ -11,6 +11,7 @@
 An {aws-full} account must be prepared and configured to accept an {oadp-first} installation.
 
 .Procedure
+
 . Create the following environment variables by running the following commands:
 +
 [IMPORTANT]
@@ -20,32 +21,72 @@ Change the cluster name to match your cluster, and ensure you are logged into th
 +
 [source,terminal]
 ----
-$ export CLUSTER_NAME=my-cluster <1>
-  export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
-  export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
-  export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
-  export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-  export CLUSTER_VERSION=$(rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.')
-  export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
-  export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
-  mkdir -p ${SCRATCH}
-  echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
-  ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+$ export CLUSTER_NAME=my-cluster
+----
++
+--
+* `my-cluster`: Replace `my-cluster` with your cluster name.
+--
++
+[source,terminal]
+----
+$ export ROSA_CLUSTER_ID=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .id)
+----
++
+[source,terminal]
+----
+$ export REGION=$(rosa describe cluster -c ${CLUSTER_NAME} --output json | jq -r .region.id)
+----
++
+[source,terminal]
+----
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
+----
++
+[source,terminal]
+----
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+----
++
+[source,terminal]
+----
+$ export CLUSTER_VERSION=$(rosa describe cluster -c ${CLUSTER_NAME} -o json | jq -r .version.raw_id | cut -f -2 -d '.')
+----
++
+[source,terminal]
+----
+$ export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
 ----
 +
-<1> Replace `my-cluster` with your cluster name.
+[source,terminal]
+----
+$ export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
+----
++
+[source,terminal]
+----
+$ mkdir -p ${SCRATCH}
+----
++
+[source,terminal]
+----
+$ echo "Cluster ID: ${ROSA_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
+  ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
+----
 
 . On the {aws-short} account, create an IAM policy to allow access to {aws-short} S3:
-
++
 .. Check to see if the policy exists by running the following command:
 +
 [source,terminal]
 ----
-$ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='RosaOadpVer1'].{ARN:Arn}" --output text) <1>
+$ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='RosaOadpVer1'].{ARN:Arn}" --output text)
 ----
 +
-<1> Replace `RosaOadp` with your policy name.
-
+--
+* `RosaOadp`: Replace `RosaOadp` with your policy name.
+--
++
 ..  Enter the following command to create the policy JSON file and then create the policy:
 +
 [NOTE]
@@ -56,7 +97,7 @@ If the policy ARN is not found, the command creates the policy. If the policy AR
 [source,terminal]
 ----
 $ if [[ -z "${POLICY_ARN}" ]]; then
-  cat << EOF > ${SCRATCH}/policy.json <1>
+  cat << EOF > ${SCRATCH}/policy.json
   {
   "Version": "2012-10-17",
   "Statement": [
@@ -101,18 +142,19 @@ EOF
   fi
 ----
 +
-<1> `SCRATCH` is a name for a temporary directory created for the environment variables.
-
+--
+* `SCRATCH`: `SCRATCH` is a name for a temporary directory created for the environment variables.
+--
++
 .. View the policy ARN by running the following command:
 +
 [source,terminal]
 ----
 $ echo ${POLICY_ARN}
 ----
 
-
 . Create an IAM role trust policy for the cluster:
-
++
 .. Create the trust policy file by running the following command:
 +
 [source,terminal]
@@ -137,7 +179,7 @@ $ cat <<EOF > ${SCRATCH}/trust-policy.json
   }
 EOF
 ----
-
++
 .. Create the role by running the following command:
 +
 [source,terminal]
@@ -152,7 +194,7 @@ $ ROLE_ARN=$(aws iam create-role --role-name \
          Key=operator_name,Value=openshift-oadp \
   --query Role.Arn --output text)
 ----
-
++
 .. View the role ARN by running the following command:
 +
 [source,terminal]

modules/preparing-aws-sts-credentials-for-oadp.adoc

@@ -10,6 +10,7 @@
 An {aws-full} account must be prepared and configured to accept an {oadp-first} installation. Prepare the {aws-short} credentials by using the following procedure.
 
 .Procedure
+
 . Define the `cluster_name` environment variable by running the following command:
 +
 [source,terminal]
@@ -23,45 +24,67 @@ $ export CLUSTER_NAME= <AWS_cluster_name> <1>
 [source,terminal]
 ----
 $ export CLUSTER_VERSION=$(oc get clusterversion version -o jsonpath='{.status.desired.version}{"\n"}')
-
-export AWS_CLUSTER_ID=$(oc get clusterversion version -o jsonpath='{.spec.clusterID}{"\n"}')
-
-export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
-
-export REGION=$(oc get infrastructures cluster -o jsonpath='{.status.platformStatus.aws.region}' --allow-missing-template-keys=false || echo us-east-2)
-
-export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
-
-export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
 ----
++
+[source,terminal]
+----
+$ export AWS_CLUSTER_ID=$(oc get clusterversion version -o jsonpath='{.spec.clusterID}{"\n"}')
+----
++
+[source,terminal]
+----
+$ export OIDC_ENDPOINT=$(oc get authentication.config.openshift.io cluster -o jsonpath='{.spec.serviceAccountIssuer}' | sed 's|^https://||')
+----
++
+[source,terminal]
+----
+$ export REGION=$(oc get infrastructures cluster -o jsonpath='{.status.platformStatus.aws.region}' --allow-missing-template-keys=false || echo us-east-2)
+----
++
+[source,terminal]
+----
+$ export AWS_ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
+----
++
+[source,terminal]
+----
+$ export ROLE_NAME="${CLUSTER_NAME}-openshift-oadp-aws-cloud-credentials"
+----
+
 . Create a temporary directory to store all of the files by running the following command:
 +
 [source,terminal]
 ----
 $ export SCRATCH="/tmp/${CLUSTER_NAME}/oadp"
 mkdir -p ${SCRATCH}
 ----
+
 . Display all of the gathered details by running the following command:
 +
 [source,terminal]
 ----
 $ echo "Cluster ID: ${AWS_CLUSTER_ID}, Region: ${REGION}, OIDC Endpoint:
 ${OIDC_ENDPOINT}, AWS Account ID: ${AWS_ACCOUNT_ID}"
 ----
-. On the {aws-short} account, create an IAM policy to allow access to {aws-short} S3:
 
+. On the {aws-short} account, create an IAM policy to allow access to {aws-short} S3:
++
 .. Check to see if the policy exists by running the following commands:
 +
 [source,terminal]
 ----
-$ export POLICY_NAME="OadpVer1" <1>
+$ export POLICY_NAME="OadpVer1"
 ----
-<1> The variable can be set to any value.
++
+--
+* `POLICY_NAME`: The variable can be set to any value.
+--
 +
 [source,terminal]
 ----
 $ POLICY_ARN=$(aws iam list-policies --query "Policies[?PolicyName=='$POLICY_NAME'].{ARN:Arn}" --output text)
 ----
++
 ..  Enter the following command to create the policy JSON file and then create the policy:
 +
 [NOTE]
@@ -113,12 +136,11 @@ EOF
 POLICY_ARN=$(aws iam create-policy --policy-name $POLICY_NAME \
 --policy-document file:///${SCRATCH}/policy.json --query Policy.Arn \
 --tags Key=openshift_version,Value=${CLUSTER_VERSION} Key=operator_namespace,Value=openshift-adp Key=operator_name,Value=oadp \
---output text) <1>
+--output text)
 fi
 ----
+* `SCRATCH`: The name for a temporary directory created for storing the files.
 +
-<1> `SCRATCH` is a name for a temporary directory created for storing the files.
-
 .. View the policy ARN by running the following command:
 +
 [source,terminal]
@@ -127,7 +149,7 @@ $ echo ${POLICY_ARN}
 ----
 
 . Create an IAM role trust policy for the cluster:
-
++
 .. Create the trust policy file by running the following command:
 +
 [source,terminal]
@@ -152,7 +174,7 @@ $ cat <<EOF > ${SCRATCH}/trust-policy.json
 }
 EOF
 ----
-
++
 .. Create an IAM role trust policy for the cluster by running the following command:
 +
 [source,terminal]
@@ -162,7 +184,7 @@ $ ROLE_ARN=$(aws iam create-role --role-name \
   --assume-role-policy-document file://${SCRATCH}/trust-policy.json \
   --tags Key=cluster_id,Value=${AWS_CLUSTER_ID}  Key=openshift_version,Value=${CLUSTER_VERSION} Key=operator_namespace,Value=openshift-adp Key=operator_name,Value=oadp --query Role.Arn --output text)
 ----
-
++
 .. View the role ARN by running the following command:
 +
 [source,terminal]

modules/querying-cluster-node-journal-logs.adoc

@@ -35,19 +35,23 @@ ifdef::openshift-rosa-hcp[]
 * Query `kubelet` `journald` unit logs from {product-title} cluster nodes. The following example queries worker nodes only:
 endif::openshift-rosa-hcp[]
 +
+ifndef::openshift-rosa-hcp[]
 [source,terminal]
 ----
-ifndef::openshift-rosa-hcp[]
 $ oc adm node-logs --role=master -u kubelet  <1>
+----
 endif::openshift-rosa-hcp[]
 ifdef::openshift-rosa-hcp[]
-$ oc adm node-logs --role=worker -u kubelet  <1>
-endif::openshift-rosa-hcp[]
+[source,terminal]
+----
+$ oc adm node-logs --role=worker -u kubelet
 ----
-<1> Replace `kubelet` as appropriate to query other unit logs.
+endif::openshift-rosa-hcp[]
+* `kubelet`: Replace as appropriate to query other unit logs.
 
 ifndef::openshift-rosa-hcp[]
 . Collect logs from specific subdirectories under `/var/log/` on cluster nodes.
++
 .. Retrieve a list of logs contained within a `/var/log/` subdirectory. The following example lists files in `/var/log/openshift-apiserver/` on all control plane nodes:
 +
 [source,terminal]