Continued fixups

Author: ravindk89

source/administration/console/security-and-access.rst

@@ -1,7 +1,7 @@
-
-
 .. _minio-console-security-access:
+
 :orphan:
+
 ===================
 Security and Access
 ===================

source/administration/identity-access-management/policy-based-access-control.rst

@@ -970,7 +970,7 @@ To select all of the available kms policy actions, use ``kms:*``.
 
    For example, the following policy document allows a user to list keys, create new keys, and check the status of keys for any resource that begins with ``keys-abc-`` or ``myuser-``.
 
-   .. codeblock:: shell
+   .. code-block:: shell
       :class: copyable
    
       {

source/developers/file-transfer-protocol.rst

@@ -15,7 +15,6 @@ File Transfer Protocol (FTP/SFTP)
    :depth: 2
 
 .. tab-set::
-   :class: parent
 
    .. tab-item:: Kubernetes
       :sync: k8s
@@ -41,7 +40,6 @@ Supported Protocols
 -------------------
 
 .. tab-set::
-   :class: hidden
 
    .. tab-item:: Kubernetes
       :sync: k8s
@@ -121,7 +119,6 @@ Prerequisites
 -------------
 
 .. tab-set::
-   :class: hidden
 
    .. tab-item:: Kubernetes
       :sync: k8s
@@ -141,7 +138,6 @@ Procedure
 ---------
 
 .. tab-set::
-   :class: hidden
 
    .. tab-item:: Kubernetes
       :sync: k8s
@@ -171,7 +167,7 @@ This type of authentication requires the following:
 
 The keys must include a `principals list <https://man.openbsd.org/ssh-keygen#CERTIFICATES>`__ of the user(s) that can authenticate with the key:
 
-.. code-block:: console
+.. code-block:: shell
    :class: copyable
 
    ssh-keygen -s ~/.ssh/ca_user_key -I miniouser -n miniouser -V +1h -z 1 miniouser1.pub
@@ -189,10 +185,10 @@ The keys must include a `principals list <https://man.openbsd.org/ssh-keygen#CER
 MinIO requires specifying the Certificate Authority used to sign the certificates for SFTP access.
 Start or restart the MinIO Server and specify the path to the trusted certificate authority's public key using an ``--sftp="trusted-user-ca-key=PATH"`` flag:
 
-  .. code-block:: console
-     :class: copyable 
+.. code-block:: shell
+   :class: copyable 
 
-     minio server {path-to-server} --sftp="trusted-user-ca-key=/path/to/.ssh/ca_user_key.pub" {...other flags}
+   minio server {path-to-server} --sftp="trusted-user-ca-key=/path/to/.ssh/ca_user_key.pub" {...other flags}
 
 When connecting to the MinIO Server with SFTP, the client verifies the MinIO Server's certificate.
 The client then passes its own certificate to the MinIO Server.

source/includes/baremetal/steps-configure-ad-ldap-external-identity-management.rst

@@ -4,7 +4,6 @@
 
    * MinIO Client
    * Environment variables
-   * MinIO Console
 
    All methods require starting/restarting the MinIO deployment to apply changes.
 
@@ -19,32 +18,33 @@
          For distributed deployments, the :mc:`mc idp ldap` command applies the configuration to all nodes in the deployment. 
 
          The following example code sets *all* configuration settings related to configuring an AD/LDAP provider for external identity management.
-	 The minimum *required* settings are:
+	      The minimum *required* settings are:
 
          - :mc-conf:`server_addr <identity_ldap.server_addr>`
          - :mc-conf:`lookup_bind_dn <identity_ldap.lookup_bind_dn>`
          - :mc-conf:`lookup_bind_password <identity_ldap.lookup_bind_password>`
          - :mc-conf:`user_dn_search_base_dn <identity_ldap.user_dn_search_base_dn>`
          - :mc-conf:`user_dn_search_filter <identity_ldap.user_dn_search_filter>`
 
-        .. code-block:: shell
-           :class: copyable
+         .. code-block:: shell
+            :class: copyable
 
-	   mc idp ldap add ALIAS                                                   \
-	      server_addr="ldaps.example.net:636"                                  \
+            mc idp ldap add ALIAS                                                  \
+              server_addr="ldaps.example.net:636"                                  \
               lookup_bind_dn="CN=xxxxx,OU=xxxxx,OU=xxxxx,DC=example,DC=net"        \
-	      lookup_bind_password="xxxxxxxx"                                      \
-	      user_dn_search_base_dn="DC=example,DC=net"                           \
-	      user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"  \
-	      group_search_filter= "(&(objectClass=group)(member=%d))"             \
-	      group_search_base_dn="ou=MinIO Users,dc=example,dc=net"              \
-              enabled="true"                                                       \
+              lookup_bind_password="xxxxxxxx"                                      \
+              user_dn_search_base_dn="DC=example,DC=net"                           \
+              user_dn_search_filter="(&(objectCategory=user)(sAMAccountName=%s))"  \
+              group_search_filter= "(&(objectClass=group)(member=%d))"             \
+              group_search_base_dn="ou=MinIO Users,dc=example,dc=net"              \
               tls_skip_verify="off"                                                \
               server_insecure=off                                                  \
               server_starttls="off"                                                \
               srv_record_name=""                                                   \
               comment="Test LDAP server"
 
+        For Kubernetes deployments, ensure the `ALIAS` corresponds to the externally accessible hostname for the MinIO Tenant.
+
         For more complete documentation on these settings, see :mc:`mc idp ldap`.
 
 	.. admonition:: :mc:`mc idp ldap` recommended
@@ -58,9 +58,9 @@
       .. tab-item:: Environment Variables
 
          MinIO supports specifying the AD/LDAP provider settings using :ref:`environment variables <minio-server-envvar-external-identity-management-ad-ldap>`.
-	 The :mc:`minio server` process applies the specified settings on its next startup.
-	 For distributed deployments, specify these settings across all nodes in the deployment using the *same* values.
-	 Any differences in server configurations between nodes will result in startup or configuration failures.
+	      The :mc:`minio server` process applies the specified settings on its next startup.
+	      For distributed deployments, specify these settings across all nodes in the deployment using the *same* values.
+	      Any differences in server configurations between nodes will result in startup or configuration failures.
 
          The following example code sets *all* environment variables related to configuring an AD/LDAP provider for external identity management. The minimum *required* variable are:
 
@@ -86,16 +86,7 @@
             export MINIO_IDENTITY_LDAP_SRV_RECORD_NAME=""
             export MINIO_IDENTITY_LDAP_COMMENT="LDAP test server"
 
-         For complete documentation on these variables, see :ref:`minio-server-envvar-external-identity-management-ad-ldap`
-
-      .. tab-item:: MinIO Console
-
-         MinIO supports specifying the AD/LDAP provider settings using the :ref:`MinIO Console <minio-console>`.
-         For distributed deployments, configuring AD/LDAP from the Console applies the configuration to all nodes in the deployment.
-
-	 .. include:: /includes/common-minio-external-auth.rst
-            :start-after: start-minio-ad-ldap-console-enable
-            :end-before: end-minio-ad-ldap-console-enable
+         For complete documentation on these variables, see :ref:`minio-server-envvar-external-identity-management-ad-ldap`.
 
 #. Restart the MinIO Deployment
 

source/includes/baremetal/steps-configure-keycloak-identity-management.rst

@@ -33,18 +33,11 @@
 
    MinIO supports multiple methods for configuring Keycloak authentication:
 
-   - Using the MinIO Console
    - Using a terminal/shell and the :mc:`mc idp openid` command
    - Using environment variables set prior to starting MinIO
 
    .. tab-set::
 
-      .. tab-item:: MinIO Console
-
-         .. include:: /includes/common/common-configure-keycloak-identity-management.rst
-            :start-after: start-configure-keycloak-minio-console
-            :end-before: end-configure-keycloak-minio-console
-
       .. tab-item:: CLI
 
          .. include:: /includes/common/common-configure-keycloak-identity-management.rst

source/includes/common/common-configure-keycloak-identity-management.rst

@@ -322,7 +322,7 @@ The following example code sets the minimum required environment variables relat
    :class: copyable
    :substitutions:
 
-   MINIO_IDENTITY_OPENID_CONFIG_URL_PRIMARY_IAM="https://|KEYCLOAK_URL|/.well-known/openid-configuration"
+   MINIO_IDENTITY_OPENID_CONFIG_URL_PRIMARY_IAM="https://|KEYCLOAK_URL|/realms/REALM/.well-known/openid-configuration"
    MINIO_IDENTITY_OPENID_CLIENT_ID_PRIMARY_IAM="MINIO_CLIENT"
    MINIO_IDENTITY_OPENID_CLIENT_SECRET_PRIMARY_IAM="MINIO_CLIENT_SECRET"
    MINIO_IDENTITY_OPENID_DISPLAY_NAME_PRIMARY_IAM="SSO_IDENTIFIER"

source/includes/linux/file-transfer-protocol-not-k8s.rst

@@ -79,97 +79,6 @@
 
          .. code-block:: shell
 
-<<<<<<< HEAD
-.. code-block:: console
-   :class: copyable
-
-   ssh-keygen -s ~/.ssh/ca_user_key -I miniouser -n miniouser -V +1h -z 1 miniouser1.pub
-
--  ``-s`` specifies the path to the certificate authority public key to use for generating this key.
-   The specified public key must have a ``principals`` list that includes this user.
-- ``-I`` specifies the key identity for the public key.
-- ``-n`` creates the ``user principals`` list for which this key is valid. 
-  You must include the user for which this key is valid, and the user must match the username in MinIO.
-- ``-V`` limits the duration for which the generated key is valid. 
-  In this example, the key is valid for one hour.
-  Adjust the duration for your requirements.
-- ``-z`` adds a serial number to the key to distinguish this generated public key from other keys signed by the same certificate authority public key.
-
-MinIO requires specifying the Certificate Authority used to sign the certificates for SFTP access.
-Start or restart the MinIO Server and specify the path to the trusted certificate authority's public key using an ``--sftp="trusted-user-ca-key=PATH"`` flag:
-
-  .. code-block:: console
-     :class: copyable 
-
-     minio server {path-to-server} --sftp="trusted-user-ca-key=/path/to/.ssh/ca_user_key.pub" {...other flags}
-
-When connecting to the MinIO Server with SFTP, the client verifies the MinIO Server's certificate.
-The client then passes its own certificate to the MinIO Server.
-The MinIO Server verifies the key created above by comparing its value to the the known public key from the certificate authority provided at server startup.
-
-Once the MinIO Server verifies the client's certificate, the user can connect to the MinIO server over SFTP:
-
-.. code-block:: bash
-   :class: copyable:
-   
-   sftp -P <SFTP port> <server IP>
-
-
-Procedure
-+++++++++
-
-The following procedure generates two key-value pairs, signs one with the other, then uses the resulting signed key to log in to the SFTP server.
-
-1. Generate a key-value pair for the MinIO Server
-   
-   .. code-block:: bash
-      :class: copyable
-
-      ssh-keygen -f ./ca_user_key
-
-2. Generate a key-value pair for the user
-
-   .. code-block:: bash
-      :class: copyable
-
-      ssh-keygen -f ./minioadmin
-
-   Replace ``minioadmin`` with the user accessing the MinIO Server by SFTP.
-
-3. Sign the user key-value pair key with the MinIO Server key-value pair key
-
-   .. code-block:: bash
-      :class: copyable
-
-      ssh-keygen -s ca_user_key -I minioadmin -n minioadmin -V +30d -z 1 minioadmin.pub
-
-   Move the ``minioadmin.pub`` key to the same directory as ``minioadmin`` key-value pair, such as ``~/.ssh/meaningful-directory``.
-
-4. Start or restart the MinIO Server passing the generated public keys
-
-   .. code-block:: bash
-      :class: copyable
-
-      minio server --sftp="address=:8022" --sftp="ssh-private-key=/path/to/ca_user_key" --sftp="trusted-user-ca-key=/path/to/ca_user_key.pub"
-
-5. Connect to the MinIO Server by sftp
-
-   .. code-block:: bash
-      :class: copyable
-
-      sftp -i ./minioadmin -oPort=8022 minioadmin@localhost
-
-
-Require service account or LDAP for authentication
-~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-
-To force authentication to SFTP using LDAP or service account credentials, append a suffix to the username.
-Valid suffixes are either ``=ldap`` or ``=svc``.
-
-.. code-block:: console
-
-   > sftp -P 8022 my-ldap-user=ldap@[minio@localhost]:/bucket
-=======
             > ftp localhost -P 8021
             Connected to localhost.
             220 Welcome to MinIO FTP Server
@@ -185,7 +94,6 @@ Valid suffixes are either ``=ldap`` or ``=svc``.
             drwxrwxrwx 1 nobody nobody            0 Jan  1 00:00 chunkdocs/
             drwxrwxrwx 1 nobody nobody            0 Jan  1 00:00 testdir/
             ...
->>>>>>> 8da23e1 (Attempting to reduce docs to single platform)
 
 
 4. Download an Object

source/index.rst

@@ -4,7 +4,7 @@ MinIO High Performance Object Storage
 
 .. default-domain:: minio
 
-.. cond:: container
+.. cond:: mindocs
 
    .. container:: extlinks-video
 
@@ -14,40 +14,6 @@ MinIO High Performance Object Storage
 
       - `How to Connect to MinIO with JavaScript <https://www.youtube.com/watch?v=yUR4Fvx0D3E&list=PLFOIsHSSYIK3Dd3Y_x7itJT1NUKT5SxDh&index=5>`__
 
-.. cond:: k8s
-
-   .. container:: extlinks-video
-
-      - `Object Storage Essentials <https://www.youtube.com/playlist?list=PLFOIsHSSYIK3WitnqhqfpeZ6fRFKHxIr7>`__
-
-      - `How to Connect to MinIO with JavaScript <https://www.youtube.com/watch?v=yUR4Fvx0D3E&list=PLFOIsHSSYIK3Dd3Y_x7itJT1NUKT5SxDh&index=5>`__
-
-.. cond:: linux
-
-   .. container:: extlinks-video
-   
-      - `Installing and Running MinIO on Linux <https://www.youtube.com/watch?v=74usXkZpNt8&list=PLFOIsHSSYIK1BnzVY66pCL-iJ30Ht9t1o>`__
-   
-      - `Object Storage Essentials <https://www.youtube.com/playlist?list=PLFOIsHSSYIK3WitnqhqfpeZ6fRFKHxIr7>`__
-      
-      - `How to Connect to MinIO with JavaScript <https://www.youtube.com/watch?v=yUR4Fvx0D3E&list=PLFOIsHSSYIK3Dd3Y_x7itJT1NUKT5SxDh&index=5>`__
-
-.. cond:: macos
-
-   .. container:: extlinks-video
-   
-      - `Object Storage Essentials <https://www.youtube.com/playlist?list=PLFOIsHSSYIK3WitnqhqfpeZ6fRFKHxIr7>`__
-      
-      - `How to Connect to MinIO with JavaScript <https://www.youtube.com/watch?v=yUR4Fvx0D3E&list=PLFOIsHSSYIK3Dd3Y_x7itJT1NUKT5SxDh&index=5>`__
-
-.. cond:: windows
-
-   .. container:: extlinks-video
-
-      - `Object Storage Essentials <https://www.youtube.com/playlist?list=PLFOIsHSSYIK3WitnqhqfpeZ6fRFKHxIr7>`__
-      
-      - `How to Connect to MinIO with JavaScript <https://www.youtube.com/watch?v=yUR4Fvx0D3E&list=PLFOIsHSSYIK3Dd3Y_x7itJT1NUKT5SxDh&index=5>`__
-
 .. contents:: Table of Contents
    :local:
    :depth: 2
@@ -59,15 +25,11 @@ This site documents Operations, Administration, and Development of MinIO Communi
 
 .. todo: More marketing/SEO below?
 
-MinIO officially supports the following platforms:
-
-   This site documents Operations, Administration, and Development of MinIO deployments on Red Hat Kubernetes distributions for the latest stable version of the MinIO Operator: |operator-version-stable|.
-
-   .. important::
+.. important::
 
-      Support for deploying the MinIO Operator via the RedHat Marketplace or OperatorHub was removed in 2024. 
-      MinIO AIStor fully supports installation via the Marketplace and OperatorHub onto enterprise RedHat Kubernetes distributions like OpenShift Container Platform (OCP).
-      |subnet| customers can open an issue for further clarification and instructions on migrating to `AIStor <https://min.io/product/aistor-overview?jmp=docs>`__.
+   Support for deploying the MinIO Operator via the RedHat Marketplace or OperatorHub was removed in 2024. 
+   MinIO AIStor fully supports installation via the Marketplace and OperatorHub onto enterprise RedHat Kubernetes distributions like OpenShift Container Platform (OCP).
+   |subnet| customers can open an issue for further clarification and instructions on migrating to `AIStor <https://min.io/product/aistor-overview?jmp=docs>`__.
 
 Quickstart
 ----------
@@ -103,7 +65,7 @@ Quickstart
 
       1. Download the MinIO Server Process for your Operating System
 
-         Follow the instructions on the `MinIO Download Page <https://min.io/downloads?ref=docs>` for your operating system to download and install the :mc:`minio server` process.
+         Follow the instructions on the `MinIO Download Page <https://min.io/downloads?ref=docs>`__ for your operating system to download and install the :mc:`minio server` process.
 
       2. Create a folder for use with MinIO
 

source/operations/deployments/baremetal-deploy-minio-server.rst

@@ -12,8 +12,6 @@ Install the MinIO Server
 
 MinIO supports deploying onto baremetal infrastructure - physical machines or virtualized hosts - running Linux, MacOS, and Windows.
 
-TODO conceptual information here
-
 .. toctree::
    :titlesonly:
    :hidden: