Restructure trento install section

trento/adoc/trento-ansible-install.adoc

@@ -1,6 +1,6 @@
 include::product-attributes.adoc[]
 
-== Automated deployment with Ansible
+=== Automated deployment with Ansible
 :revdate: 2025-08-05
 
 

trento/adoc/trento-container-install.adoc

@@ -1,6 +1,6 @@
 include::product-attributes.adoc[]
 
-== Containerized deployment
+=== Containerized deployment
 :revdate: 2025-08-05
 
 
@@ -11,9 +11,9 @@ Docker containers.
 Follow the steps in <<sec-systemd-deployment>>, but skip the *Install
 Trento using RPM packages* step and follow the procedures as described below.
 
-=== Install Trento using Docker
+==== Install Trento using Docker
 
-==== Install Docker container runtime
+===== Install Docker container runtime
 
 . Enable the containers module (replace `15.x` with the correct Service Pack version):
 +
@@ -35,7 +35,7 @@ zypper install docker
 systemctl enable --now docker
 ----
 
-==== Create a dedicated Docker network for Trento
+===== Create a dedicated Docker network for Trento
 
 . Create the Trento Docker network:
 +
@@ -61,7 +61,7 @@ The output should be similar to this (the exact address may vary):
 . Open the _/var/lib/pgsql/data/pg_hba.conf_ file for editing and replace `0.0.0.0/0` with the address returned by the command in the previous step.
 . Restart the PostgreSQL server using the `systemctl restart postgresql` command.
 
-==== Install Trento on Docker
+===== Install Trento on Docker
 
 . Create secret environment variables:
 +

trento/adoc/trento-install-server.adoc

@@ -2,232 +2,9 @@ include::product-attributes.adoc[]
 
 [[sec-trento-installing-trentoserver]]
 == Installing {trserver}
-:revdate: 2025-08-05
+:revdate: 2025-10-16
 
-
-[[sec-trento-k8s-deployment]]
-=== {k8s} deployment
-
-The subsection uses the following placeholders:
-
-* `TRENTO_SERVER_HOSTNAME`: the host name used by the end user to access the console.
-* `ADMIN_PASSWORD`: the password of the default user created during the installation process. It must have at least 8 characters.
-
-[[sec-trento-install-trentoserver-on-existing-k8s-cluster]]
-==== Installing {trserver} on an existing {k8s} cluster
-
-{trserver} consists of a several components delivered as container images and intended for deployment on a {k8s} cluster. A manual production-ready deployment of these components requires {k8s} knowledge. Customers without in-house {k8s} expertise and who want to try {trento} with a minimum of effort, can use the {trento} Helm chart. This approach automates the deployment of all the required components on a single {k8s} cluster node. You can use the {trento} Helm chart to install {trserver} on a existing {k8s} cluster as follows:
-
-. Install Helm:
-+
-====
-[source,bash,subs="attributes"]
-----
-curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-----
-====
-+
-. Connect Helm to an existing {k8s} cluster.
-. Use Helm to install {trserver} with the {trento} Helm chart:
-+
-====
-[source,bash,subs="attributes"]
-----
-helm upgrade \
-   --install trento-server oci://registry.suse.com/trento/trento-server \
-   --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \
-   --set trento-web.adminUser.password=ADMIN_PASSWORD
-----
-====
-+
-When using a Helm version lower than 3.8.0, an experimental flag must be set as follows:
-+
-====
-[source,bash]
-----
-HELM_EXPERIMENTAL_OCI=1 helm upgrade \
-   --install trento-server oci://registry.suse.com/trento/trento-server \
-   --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \
-   --set trento-web.adminUser.password=ADMIN_PASSWORD
-----
-====
-+
-. To verify that the {trserver} installation was successful, open the URL of the {trweb} (`http://TRENTO_SERVER_HOSTNAME`) from a workstation on the {sap} administrator's LAN.
-
-[[sec-trento-install-trentoserver-on-k3s]]
-==== Installing {trserver} on K3s
-
-If you do not have a {k8s} cluster, or have one but do not want to use it for {trento}, {suse} Rancher's K3s provides an alternative. To deploy {trserver} on K3s, you need a small server or VM (see <<sec-trento-server-requirements>> for minimum requirements) and follow steps in <<pro-trento-manually-installing>>.
-
-[IMPORTANT]
-====
-The following procedure deploys {trserver} on a single-node K3s cluster. Note that this setup is not recommended for production use.
-====
-
-[[pro-trento-manually-installing]]
-===== Manually installing Trento on a {trserver} host
-
-. Log in to the {trserver} host.
-+
-[[st-install-k3s]]
-. Install K3s either as {rootuser} or a non-{rootuser} user.
-+
-* Installing as user {rootuser}:
-+
-====
-[source,subs="attributes"]
-----
-curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true sh
-----
-====
-+
-* Installing as a non-{rootuser} user:
-+
-====
-[source,bash,subs="attributes"]
-----
-curl -sfL https://get.k3s.io | INSTALL_K3S_SKIP_SELINUX_RPM=true sh -s - --write-kubeconfig-mode 644
-----
-====
-+
-[[st-install-helm]]
-. Install Helm as {rootuser}.
-+
-====
-[source,subs="attributes"]
-----
-curl https://raw.githubusercontent.com/helm/helm/master/scripts/get-helm-3 | bash
-----
-====
-+
-. Set the `KUBECONFIG` environment variable for the same user that installed K3s:
-+
-====
-[source,bash]
-----
-export KUBECONFIG=/etc/rancher/k3s/k3s.yaml
-----
-====
-+
-[[st-deploy-k3s]]
-. With the same user that installed K3s, install {trserver} using the Helm chart:
-+
-====
-[source,bash]
-----
-helm upgrade \
-   --install trento-server oci://registry.suse.com/trento/trento-server \
-   --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \
-   --set trento-web.adminUser.password=ADMIN_PASSWORD
-----
-====
-When using a Helm version lower than 3.8.0, an experimental flag must be set as follows:
-+
-====
-[source,bash]
-----
-HELM_EXPERIMENTAL_OCI=1 helm upgrade \
-   --install trento-server oci://registry.suse.com/trento/trento-server \
-   --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \
-   --set trento-web.adminUser.password=ADMIN_PASSWORD
-----
-====
-+
-. Monitor the creation and start-up of the {trserver} pods, and wait until they are ready and running:
-+
-====
-[source,bash]
-----
-watch kubectl get pods
-----
-====
-+
-All pods must be in the ready and running state.
-+
-. Log out of the {trserver} host.
-. To verify that the {trserver} installation was successful, open the URL of the {trweb} (`http://TRENTO_SERVER_HOSTNAME`) from a workstation on the {sap} administrator's LAN.
-
-[[sec-trento-deploying-trento-on-selected-nodes]]
-==== Deploying {trserver} on selected nodes
-
-If you use a multi-node {k8s} cluster, it is possible to deploy {trserver} images on selected nodes by specifying the field `nodeSelector` in the helm upgrade command as follows:
-====
-[source,bash]
-----
-HELM_EXPERIMENTAL_OCI=1 helm upgrade \
-   --install trento-server oci://registry.suse.com/trento/trento-server \
-   --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \
-   --set trento-web.adminUser.password=ADMIN_PASSWORD \
-   --set prometheus.server.nodeSelector.LABEL=VALUE \
-   --set postgresql.primary.nodeSelector.LABEL=VALUE \
-   --set trento-web.nodeSelector.LABEL=VALUE \
-   --set trento-runner.nodeSelector.LABEL=VALUE
-----
-====
-
-include::helm-event-pruning.adoc[leveloffset=+2]
-
-[[sec-trento-enabling-email-alerts]]
-==== Enabling email alerts
-
-Email alerting feature notifies the {sap} Basis administrator about important changes in the {sap} Landscape being monitored by {trento}.
-
-The reported events include the following:
-
-* Host heartbeat failed
-* Cluster health detected critical
-* Database health detected critical
-* {sap} System health detected critical
-
-This feature is disabled by default. It can be enabled at installation time or anytime at a later stage. In both cases, the procedure is the same and uses the following placeholders:
-
-`SMTP_SERVER`::
-The SMTP server designated to send email alerts
-
-`SMTP_PORT`::
-Port on the SMTP server
-
-`SMTP_USER`::
-User name to access SMTP server
-
-`SMTP_PASSWORD`::
-Password to access SMTP server
-
-`ALERTING_SENDER`::
-Sender email for alert notifications
-
-`ALERTING_RECIPIENT`::
-Recipient email for alert notifications.
-
-The command to enable email alerts is as follows:
-
-[source,bash]
-----
-HELM_EXPERIMENTAL_OCI=1 helm upgrade \
-   --install trento-server oci://registry.suse.com/trento/trento-server \
-   --set trento-web.trentoWebOrigin=TRENTO_SERVER_HOSTNAME \
-   --set trento-web.adminUser.password=ADMIN_PASSWORD \
-   --set trento-web.alerting.enabled=true \
-   --set trento-web.alerting.smtpServer=SMTP_SERVER \
-   --set trento-web.alerting.smtpPort=SMTP_PORT \
-   --set trento-web.alerting.smtpUser=SMTP_USER \
-   --set trento-web.alerting.smtpPassword=SMTP_PASSWORD \
-   --set trento-web.alerting.sender=ALERTING_SENDER \
-   --set trento-web.alerting.recipient=ALERTING_RECIPIENT
-----
-
-[[sec-trento-enabling-ssl]]
-==== Enabling SSL
-
-Ingress may be used to provide SSL termination for the Web component of {trserver}. This would allow to encrypt the communication from the agent to the server, which is already secured by the corresponding API key. It would also allow HTTPS access to the Web console with trusted certificates.
-
-Configuration must be done in the tls section of the `values.yaml` file of the chart of the {trserver} Web component.
-
-For details on the required Ingress setup and configuration, refer to: https://kubernetes.io/docs/concepts/services-networking/ingress/. Particularly, refer to section https://kubernetes.io/docs/concepts/services-networking/ingress/#tls for details on the secret format in the YAML configuration file.
-
-Additional steps are required on the Agent side.
-// toms 2022-09-14: which steps?
-
-include::trento-systemd-install.adoc[leveloffset=+1]
-include::trento-container-install.adoc[leveloffset=+1]
-include::trento-ansible-install.adoc[leveloffset=+1]
+include::trento-kubernetes-install.adoc[]
+include::trento-systemd-install.adoc[]
+include::trento-container-install.adoc[]
+include::trento-ansible-install.adoc[]