openshift · JStickler · Aug 10, 2020 · Aug 10, 2020
diff --git a/modules/ossm-about-collecting-ossm-data.adoc b/modules/ossm-about-collecting-ossm-data.adoc
@@ -9,6 +9,7 @@ You can use the `oc adm must-gather` CLI command to collect information about yo
 
 To collect {ProductName} data with `must-gather`, you must specify the {ProductName} image: 
 
+[source,terminal]
 ----
 $ oc adm must-gather --image=registry.redhat.io/openshift-service-mesh/istio-must-gather-rhel7
 ----
diff --git a/modules/ossm-control-plane-deploy.adoc b/modules/ossm-control-plane-deploy.adoc
@@ -80,12 +80,14 @@ Follow this procedure to deploy the {ProductName} control plane the command line
 
 . Log in to the {product-title} CLI as a user with the `cluster-admin` role.
 +
+[source,terminal]
 ----
 $ oc login https://{HOSTNAME}:6443
 ----
 
 . Create a project named `istio-system`.
 +
+[source,terminal]
 ----
 $ oc new-project istio-system
 ----
@@ -94,12 +96,14 @@ $ oc new-project istio-system
 
 . Run the following command to deploy the control plane:
 +
+[source,terminal]
 ----
 $ oc create -n istio-system -f istio-installation.yaml
 ----
 +
 . Execute the following command to see the status of the control plane installation.
 +
+[source,terminal]
 ----
 $ oc get smcp -n istio-system
 ----
@@ -119,6 +123,8 @@ $ oc get pods -n istio-system -w
 +
 You should see output similar to the following:
 +
+.Example output
+[source,terminal]
 ----
 NAME                                     READY   STATUS             RESTARTS   AGE
 grafana-7bf5764d9d-2b2f6                 2/2     Running            0          28h

diff --git a/modules/ossm-control-plane-remove.adoc b/modules/ossm-control-plane-remove.adoc
@@ -60,13 +60,15 @@ You can use the shortened `smcp` alias in place of `servicemeshcontrolplane`.
 
 . Run this command to retrieve the name of the installed `ServiceMeshControlPlane`:
 +
+[source,terminal]
 ----
 $ oc get servicemeshcontrolplanes -n istio-system
 ----
 
 +
 . Replace `<name_of_custom_resource>` with the output from the previous command, and run this command to remove the custom resource:
 +
+[source,terminal]
 ----
 $ oc delete servicemeshcontrolplanes -n istio-system <name_of_custom_resource>
 ----
diff --git a/modules/ossm-control-plane-templates.adoc b/modules/ossm-control-plane-templates.adoc
@@ -31,19 +31,27 @@ Follow this procedure to create the ConfigMap.
 
 . From the CLI, run this command to create the ConfigMap named `smcp-templates` in the `openshift-operators` project and replace `<templates-directory>` with the location of the `ServiceMeshControlPlane` files on your local disk:
 +
+[source,terminal]
 ----
 $ oc create configmap --from-file=<templates-directory> smcp-templates -n openshift-operators
 ----
 
 . Locate the Operator ClusterServiceVersion name.
 +
+[source,terminal]
 ----
 $ oc get clusterserviceversion -n openshift-operators | grep 'Service Mesh'
+----
++
+.Example output
+[source,terminal]
+----
 maistra.v1.0.0            Red Hat OpenShift Service Mesh   1.0.0                Succeeded
 ----
 
 . Edit the Operator cluster service version to instruct the Operator to use the `smcp-templates` ConfigMap.
 +
+[source,terminal]
 ----
 $ oc edit clusterserviceversion -n openshift-operators maistra.v1.0.0
 ----

diff --git a/modules/ossm-member-roll-create.adoc b/modules/ossm-member-roll-create.adoc
@@ -74,12 +74,14 @@ Follow this procedure to add a project to the `ServiceMeshMemberRoll` from the c
 
 . Log in to the {product-title} CLI.
 +
+[source,terminal]
 ----
 $ oc login
 ----
 +
 . Create a `ServiceMeshMemberRoll` resource in the same project as the `ServiceMeshControlPlane` resource, in our example that is `istio-system`. The resource must be named `default`.
 +
+[source,terminal]
 ----
 $ oc create -n istio-system -f servicemeshmemberroll-default.yaml
 ----

diff --git a/modules/ossm-member-roll-modify.adoc b/modules/ossm-member-roll-modify.adoc
@@ -62,6 +62,7 @@ Follow this procedure to modify an existing {ProductShortName} member roll using
 
 . Edit the `ServiceMeshMemberRoll` resource.
 +
+[source,terminal]
 ----
 $ oc edit smmr -n <controlplane-namespace>
 ----

diff --git a/modules/ossm-mixer-policy.adoc b/modules/ossm-mixer-policy.adoc
@@ -17,12 +17,14 @@ In previous versions of {ProductName}, Mixer’s policy enforcement was enabled
 
 . Run this command to check the current Mixer policy enforcement status:
 +
+[source,terminal]
 ----
 $ oc get cm -n istio-system istio -o jsonpath='{.data.mesh}' | grep disablePolicyChecks
 ----
 
 . If `disablePolicyChecks: true`, edit the {ProductShortName} ConfigMap:
 +
+[source,terminal]
 ----
 $ oc edit cm -n istio-system istio
 ----

diff --git a/modules/ossm-observability-access.adoc b/modules/ossm-observability-access.adoc
@@ -17,6 +17,7 @@ To access the console, in the menu bar, click the *Application launcher* > *Kial
 
 . Run this command from the CLI to obtain the route and Kiali URL:
 +
+[source,terminal]
 ----
 $ oc get routes
 ----

diff --git a/modules/ossm-rn-fixed-issues.adoc b/modules/ossm-rn-fixed-issues.adoc
@@ -23,12 +23,28 @@ The following issues been resolved in the current release:
 +
 To remove the CRDs, run the following commands:
 +
-[source,bash]
+[source,terminal]
 ----
 $ oc delete crd clusterissuers.certmanager.k8s.io
+----
++
+[source,terminal]
+----
 $ oc delete crd issuers.certmanager.k8s.io
+----
++
+[source,terminal]
+----
 $ oc delete crd certificates.certmanager.k8s.io
+----
++
+[source,terminal]
+----
 $ oc delete crd orders.certmanager.k8s.io
+----
++
+[source,terminal]
+----
 $ oc delete crd challenges.certmanager.k8s.io
 ----
 

diff --git a/modules/ossm-routing-bookinfo-example.adoc b/modules/ossm-routing-bookinfo-example.adoc
@@ -25,13 +25,19 @@ This tutorial helps you apply rules that route all traffic to `v1` (version 1) o
 To route to one version only, apply virtual services that set the default version for the micro-services. In the following example, the virtual service routes all traffic to `v1` of each micro-service
 
 1.  Run the following command to apply the virtual services:
-
-    $ oc apply -f https://raw.githubusercontent.com/Maistra/istio/maistra-1.1/samples/bookinfo/networking/virtual-service-all-v1.yaml
++
+[source,terminal]
+----
+$ oc apply -f https://raw.githubusercontent.com/Maistra/istio/maistra-1.1/samples/bookinfo/networking/virtual-service-all-v1.yaml
+----
 +
 2. To test the command was successful, display the defined routes with the following command:
 +
-    $ oc get virtualservices -o yaml
-+    
+[source,terminal]
+----
+$ oc get virtualservices -o yaml
+----
++
 That command returns the following YAML file. 
 +
 [source,yaml]
@@ -117,13 +123,19 @@ Next, change the route configuration so that all traffic from a specific user is
 Note that {ProductShortName} doesn't have any special, built-in understanding of user identity. This example is enabled by the fact that the `productpage` service adds a custom `end-user` header to all outbound HTTP requests to the reviews service.
 
 1. Run the following command to enable user-based routing:
-
-    $ oc apply -f https://raw.githubusercontent.com/Maistra/istio/maistra-1.1/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
++
+[source,terminal]
+----
+$ oc apply -f https://raw.githubusercontent.com/Maistra/istio/maistra-1.1/samples/bookinfo/networking/virtual-service-reviews-test-v2.yaml
+----
 +
 2. Confirm the rule is created:
 +
-    $ oc get virtualservice reviews -o yaml
-+    
+[source,terminal]
+----
+$ oc get virtualservice reviews -o yaml
+----
++
 That command returns the following YAML file. 
 +
 [source,yaml]

diff --git a/modules/ossm-routing-ingress.adoc b/modules/ossm-routing-ingress.adoc
@@ -12,6 +12,7 @@ In {ProductName}, the Ingress Gateway enables Service Mesh features such as moni
 
 Run the following command to determine if your Kubernetes cluster is running in an environment that supports external load balancers:
 
+[source,terminal]
 ----
 $ oc get svc istio-ingressgateway -n istio-system
 ----
@@ -30,14 +31,17 @@ Follow these instructions if your environment has an external load balancer.
 
 Set the ingress IP and ports:
 
+[source,terminal]
 ----
 $ export INGRESS_HOST=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].ip}')
 ----
 
+[source,terminal]
 ----
 $ export INGRESS_PORT=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].port}')
 ----
 
+[source,terminal]
 ----
 $ export SECURE_INGRESS_PORT=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].port}')
 ----
@@ -46,6 +50,7 @@ In some environments, the load balancer may be exposed using a host name instead
 
 Use the following command to correct the `INGRESS_HOST` value:
 
+[source,terminal]
 ----
 $ export INGRESS_HOST=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.status.loadBalancer.ingress[0].hostname}')
 ----
@@ -56,10 +61,12 @@ Follow these instructions if your environment does not have an external load bal
 
 Set the ingress ports:
 
+[source,terminal]
 ----
 $ export INGRESS_PORT=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="http2")].nodePort}')
 ----
 
+[source,terminal]
 ----
 $ export SECURE_INGRESS_PORT=$(oc -n istio-system get service istio-ingressgateway -o jsonpath='{.spec.ports[?(@.name=="https")].nodePort}')
 ----
diff --git a/modules/ossm-routing.adoc b/modules/ossm-routing.adoc
@@ -24,6 +24,7 @@ Without virtual services, {ProductName} distributes traffic using round-robin lo
 
 The following example routes requests to different versions of a service depending on which user connects to the application. Use this command to apply this example YAML file, or one you create.
 
+[source,terminal]
 ----
 $ oc apply -f - <<EOF
 apiVersion: networking.istio.io/v1alpha3

diff --git a/modules/ossm-security-cert-manage.adoc b/modules/ossm-security-cert-manage.adoc
@@ -22,6 +22,7 @@ Add the certificates to {ProductShortName} by following these steps. Save the ce
 
 1. Create a secret `cacert` that includes the input files `ca-cert.pem`, `ca-key.pem`, `root-cert.pem` and `cert-chain.pem`.
 +
+[source,terminal]
 ----
 $ oc create secret generic cacerts -n istio-system --from-file=<path>/ca-cert.pem \
     --from-file=<path>/ca-key.pem --from-file=<path>/root-cert.pem \
@@ -45,6 +46,7 @@ spec:
 +
 3. To make sure the workloads add the new certificates promptly, delete the secrets generated by {ProductShortName}, named `istio.*`. In this example, `istio.default`. {ProductShortName} issues new certificates for the workloads.
 +
+[source,terminal]
 ----
 $ oc delete secret istio.default
 ----
@@ -56,18 +58,21 @@ Use the Bookinfo sample application to verify your certificates are mounted corr
 
 1. Store the pod name in the variable `RATINGSPOD`.
 +
+[source,terminal]
 ----
 $ RATINGSPOD=`oc get pods -l app=ratings -o jsonpath='{.items[0].metadata.name}'`
 ----
 +
 Run the following commands to retrieve the certificates mounted on the proxy.
 +
+[source,terminal]
 ----
 $ oc exec -it $RATINGSPOD -c istio-proxy -- /bin/cat /etc/certs/root-cert.pem > /tmp/pod-root-cert.pem
 ----
 +
 The file `/tmp/pod-root-cert.pem` contains the root certificate propagated to the pod.
 +
+[source,terminal]
 ----
 $ oc exec -it $RATINGSPOD -c istio-proxy -- /bin/cat /etc/certs/cert-chain.pem > /tmp/pod-cert-chain.pem
 ----
@@ -76,30 +81,62 @@ The file `/tmp/pod-cert-chain.pem` contains the workload certificate and the CA
 +
 3. Verify the root certificate is the same as the one specified by the Operator. Replace `<path>` with the path to your certificates.
 +
+[source,terminal]
 ----
 $ openssl x509 -in <path>/root-cert.pem -text -noout > /tmp/root-cert.crt.txt
+----
++
+[source,terminal]
+----
 $ openssl x509 -in /tmp/pod-root-cert.pem -text -noout > /tmp/pod-root-cert.crt.txt
+----
++
+[source,terminal]
+----
 $ diff /tmp/root-cert.crt.txt /tmp/pod-root-cert.crt.txt
 ----
 +
 Expect the output to be empty.
 +
 4. Verify the CA certificate is the same as the one specified by Operator. Replace `<path>` with the path to your certificates.
 +
+[source,terminal]
 ----
 $ sed '0,/^-----END CERTIFICATE-----/d' /tmp/pod-cert-chain.pem > /tmp/pod-cert-chain-ca.pem
+----
++
+[source,terminal]
+----
 $ openssl x509 -in <path>/ca-cert.pem -text -noout > /tmp/ca-cert.crt.txt
+----
++
+[source,terminal]
+----
 $ openssl x509 -in /tmp/pod-cert-chain-ca.pem -text -noout > /tmp/pod-cert-chain-ca.crt.txt
+----
++
+[source,terminal]
+----
 $ diff /tmp/ca-cert.crt.txt /tmp/pod-cert-chain-ca.crt.txt
 ----
 +
 Expect the output to be empty.
 +
 5. Verify the certificate chain from the root certificate to the workload certificate. Replace `<path>` with the path to your certificates.
 +
+[source,terminal]
 ----
 $ head -n 21 /tmp/pod-cert-chain.pem > /tmp/pod-cert-chain-workload.pem
+----
++
+[source,terminal]
+----
 $ openssl verify -CAfile <(cat <path>/ca-cert.pem <path>/root-cert.pem) /tmp/pod-cert-chain-workload.pem
+----
++
+.Example output
+[source,terminal]
+----
 /tmp/pod-cert-chain-workload.pem: OK
 ----
 
@@ -110,6 +147,7 @@ To remove the certificates you added, follow these steps.
 
 1. Remove the secret `cacerts`.
 +
+[source,terminal]
 ----
 $ oc delete secret cacerts -n istio-system
 ----
-Original file line number
+Diff line change
@@ Expand Up @@
     . Edit the `ServiceMeshMemberRoll` resource.
     +
+    [source,terminal]
     ----
     $ oc edit smmr -n <controlplane-namespace>
     ----
@@ Expand Down @@