From e647c97d8b6f631c56903a13d1467e130e47dfd2 Mon Sep 17 00:00:00 2001
From: mrpa <miruna.paun@enea.com>
Date: Wed, 7 Apr 2021 13:00:03 +0200
Subject: Added in Tomcat Certificate generation info and the related
 limitation in the rel notes.

Change-Id: I92ff4209aefe6c5251e4462910152544c56ac82e
Signed-off-by: mrpa <miruna.paun@enea.com>
---
 .../doc/advanced_configurations.xml                | 62 +++++++++++++++++++++-
 .../doc/installation_guide.xml                     | 40 +++++++++-----
 .../doc/upgrade_ena.xml                            | 11 ++--
 .../doc/known_bugs_and_limitations.xml             | 47 ++--------------
 4 files changed, 99 insertions(+), 61 deletions(-)

diff --git a/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml b/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml
index 90de441..c596735 100644
--- a/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml
+++ b/doc/book-enea-edge-getting-started/doc/advanced_configurations.xml
@@ -411,6 +411,66 @@ node0.1048576kB = 3 </programlisting>
     </section>
   </section>
 
+  <section id="create_certificate">
+    <title>Tomcat Certificate Generation</title>
+
+    <para>The self-signed Tomcat Certificate the Enea Edge
+    Management application uses is generated at installation time. It can
+    be regenerated anytime after installation by using the
+    <filename>createCertificate.sh</filename> script.</para>
+
+    <para>On the CentOS 7 server open a terminal, log into a bash shell with
+    the root account and perform the following:</para>
+
+    <orderedlist>
+        <listitem>
+          <para>Extract <literal>Enea_Edge_Management_&lt;version&gt;-build&lt;build_number&gt;.tar.gz</literal></para>
+
+          <para>The directory in which the archive has been unpacked will be
+          denoted as: <literal>&lt;uCPEM-installerdir&gt;</literal>.</para>
+        </listitem>
+
+        <listitem>
+          <para>Enter <literal>&lt;uCPEM-installerdir&gt;/dist</literal>.</para>
+        </listitem>
+
+        <listitem>
+          <para>Run the following command:</para>
+
+          <programlisting>./createCertificate.sh ucpemanager &lt;IP_or_domain&gt; \
+            /opt/ems [&lt;service_username&gt;]</programlisting>
+
+          <para>Where the following need to be included:</para>
+
+          <itemizedlist>
+            <listitem>
+              <para>The IP or domain name of the server the Enea Edge
+              Management application is running on.</para>
+            </listitem>
+
+            <listitem>
+              <para>The service username, which is the one set when installing the
+              Enea Edge Management application. For more details
+                see <olink targetdoc="book_enea_edge_getting_started"
+              targetptr="fresh_ucpemg_install">Fresh Installation of the Enea
+              Edge Management application in the <ns:include
+              href="../../s_docbuild/olinkdb/pardoc-names.xml"
+              xmlns:ns="http://www.w3.org/2001/XInclude"
+              xpointer="element(book_enea_edge_getting_started/1)" /></olink> Manual.
+              Providing the service username is optional. If it is not provided, the default
+              value will be used.</para>
+            </listitem>
+          </itemizedlist>
+        </listitem>
+
+        <listitem>
+          <para>Restart the Enea Edge Management service:</para>
+
+          <programlisting>service ucpemanager restart</programlisting>
+        </listitem>
+      </orderedlist>
+  </section>
+
   <section condition="hidden" id="high_availability_ig">
     <title>Installing the Enea Edge Management application in High
     Availability Mode</title>
@@ -1103,4 +1163,4 @@ Configuration complete.</programlisting>
       </orderedlist>
     </section>
   </section>
-</chapter>
\ No newline at end of file
+</chapter>
diff --git a/doc/book-enea-edge-getting-started/doc/installation_guide.xml b/doc/book-enea-edge-getting-started/doc/installation_guide.xml
index 1ca3b02..477b5c4 100644
--- a/doc/book-enea-edge-getting-started/doc/installation_guide.xml
+++ b/doc/book-enea-edge-getting-started/doc/installation_guide.xml
@@ -578,7 +578,7 @@ Enea_NFV_Access_uCPEManager_&lt;version&gt;-build&lt;build_number&gt;.tar.gz</pr
               <listitem>
                 <para>High Availability Configurations:</para>
 
-                <itemizedlist>
+                <itemizedlist spacing="compact">
                   <listitem>
                     <para>Specify the IP address of the local interface: The
                     CentOS 7 Server loopback address:
@@ -593,19 +593,35 @@ Enea_NFV_Access_uCPEManager_&lt;version&gt;-build&lt;build_number&gt;.tar.gz</pr
               </listitem>
 
               <listitem>
-                <para>Heap Configuration: <literal>Please enter the new
-                Maximum Heap Size [4g]</literal>:</para>
+                <para>Create the self-signed certificate: <literal>Specify IP or domain name</literal> 
+                  (or press <literal>Enter</literal> to skip):</para>
+
+                  <para>The Tomcat self-signed certificate can be generated
+                  again by running the
+                  <filename>createCertificate.sh</filename>. For more details, please see <olink
+                  targetdoc="book_enea_edge_getting_started"
+                  targetptr="create_certificate">Tomcat Certificate
+                  Generation in the <ns:include
+                  href="../../s_docbuild/olinkdb/pardoc-names.xml"
+                  xpointer="element(book_enea_edge_getting_started/1)"
+                  xmlns:ns="http://www.w3.org/2001/XInclude" /></olink> Manual.</para>
+                
+                <note>
+                  <para>The generation of the Tomcat self-signed cerificate
+                  should be skipped only if another certifcate will be
+                  provided.</para>
+                </note>
               </listitem>
 
               <listitem>
-                <para>Create the self-signed certificate: <literal>Specify IP
-                or domain name</literal>:</para>
-
-                <note>
-                  <para>The certificate can be generated again by running the
-                  <filename>createCertificate</filename> script from the
-                  distribution folder.</para>
-                </note>
+                <para>Heap Configuration:</para> 
+                
+                <itemizedlist spacing="compact">
+                    <listitem>
+                      <para>Please enter the new Maximum Heap Size
+                      [4g]:</para>
+                    </listitem>
+                  </itemizedlist>
               </listitem>
             </itemizedlist>
 
@@ -1236,4 +1252,4 @@ of=/dev/sdb bs=4M conv=fsync</programlisting>
       </note>
     </section>
   </section>
-</chapter>
\ No newline at end of file
+</chapter>
diff --git a/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml b/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml
index 80473cb..ac2ebb6 100644
--- a/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml
+++ b/doc/book-enea-edge-getting-started/doc/upgrade_ena.xml
@@ -1,9 +1,9 @@
-<?xml version="1.0" encoding="UTF-8"?>
+<?xml version="1.0" encoding="ISO-8859-1"?>
 <chapter id="upgrade_ena">
   <title>Upgrading Enea Edge</title>
 
   <para>Enea provides regular releases that will require the upgrading of Enea
-  Edge components. The Enea Edge Management application must be upgraded
+ Edge components. The Enea Edge Management application must be upgraded
   first, followed by upgrading the Enea Edge Runtime on the uCPE
   devices.</para>
 
@@ -116,8 +116,7 @@ Enea_NFV_Access_uCPEManager_&lt;version&gt;-build&lt;build_number&gt;.tar.gz</pr
         </listitem>
 
         <listitem>
-          <para>Enter
-          <literal>&lt;uCPEM-installerdir&gt;/dist</literal>.</para>
+          <para>Enter <literal>&lt;uCPEM-installerdir&gt;/dist</literal>.</para>
         </listitem>
 
         <listitem>
@@ -165,7 +164,7 @@ Enea_NFV_Access_uCPEManager_&lt;version&gt;-build&lt;build_number&gt;.tar.gz</pr
         <listitem>
           <para>Enter
           <literal>&lt;uCPEM-installerdir&gt;/dist</literal>.</para>
-        </listitem>        
+        </listitem>
 
         <listitem>
           <para>Run the following command with the root user and change
@@ -602,7 +601,7 @@ Enea_NFV_Access_uCPEManager_&lt;version&gt;-build&lt;build_number&gt;.tar.gz</pr
           </listitem>
 
           <listitem>
-            <para>Select <emphasis role="bold">Operations</emphasis>, then
+            <para>Select <emphasis role="bold">Operations</emphasis>, then 
             <emphasis role="bold">Upgrade</emphasis>, enter the
             <literal>Release Name</literal> and press <emphasis
             role="bold">Execute</emphasis>. Filling in the <literal>Restore
diff --git a/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml b/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml
index 0fdb9aa..81816a5 100644
--- a/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml
+++ b/doc/book-enea-edge-release-info/doc/known_bugs_and_limitations.xml
@@ -129,47 +129,10 @@
     </listitem>
 
     <listitem>
-      <para><remark>ELCCR-1351</remark>The updated
-      <filename>.Keystore</filename> and <filename>server.xml</filename> files
-      from the
-      <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/</literal>
-      folder are overwritten during a product upgrade. As a workaround for
-      this issue, after an upgrade, copy the updated
-      <filename>.Keystore</filename> and <filename>server.xml</filename> files
-      into the
-      <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/</literal>
-      folder and restart the ucpemanager service.</para>
-    </listitem>
-
-    <listitem>
-      <para><remark>ELCCR-1371</remark>The current self-signed certificate for
-      the Enea Edge Management application is generated at build time, with a
-      hard-coded common-name causing the uCPE device upgrade to fail in HTTPS
-      mode. As a workaround, another certificate (containing an IP based
-      common-name) must be generated.</para>
-
-      <para>Perform the following the steps to generate the
-      certificate:</para>
-
-      <orderedlist>
-        <listitem>
-          <para>Stop the Edge Management service.</para>
-        </listitem>
-
-        <listitem>
-          <para>Create the certificate using the
-          <filename>createCertificate.sh</filename> script from distribution
-          folder. This will create a new <filename>.Keystore</filename> file
-          and copy it into the
-          <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/config/certificates</literal>
-          folder.</para>
-        </listitem>
-
-        <listitem>
-          <para>Start the Enea Edge Management application, the new
-          certificate should now take effect.</para>
-        </listitem>
-      </orderedlist>
+      <para><remark>ELCCR-1561</remark>Before starting an Enea Edge Management
+      upgrade, any owned Tomcat certificates should be manually copied into the 
+        <literal>/opt/ems/ucpemanager/application/3rdParty/apache-tomcat/conf/config/certificates</literal>
+      folder.</para>
     </listitem>
 
     <listitem>
@@ -213,4 +176,4 @@
 
   <!-- <xi:include href="jiraissues_generated.xml"
               xmlns:xi="http://www.w3.org/2001/XInclude" /> -->
-</chapter>
\ No newline at end of file
+</chapter>
-- 
cgit v1.2.3-54-g00ecf