CASMHMS-5569: Remove private key from SLS docs (#2341)

* CASMHMS-5569: Remove private key from SLS docs

The private key allows one to include the vault passwords in the SLS
dump. This change simplifies the procedure to save SLS's state.
The backup of the data in Vault can be left to the Vault specific
backup procedures.

* Apply suggestions from code review

Linting

Signed-off-by: Mitch Harding <[email protected]>

* Update Dump_SLS_Information.md

Linting

Signed-off-by: Mitch Harding <[email protected]>

* Update Load_SLS_Database_with_Dump_File.md

Linting. Add prerequisite to match other page.

Signed-off-by: Mitch Harding <[email protected]>

* Switched doc to cray cli instead of curl

* Fixed lint errors

* Update operations/system_layout_service/Dump_SLS_Information.md

Signed-off-by: Mitch Harding <[email protected]>

* Apply suggestions from code review

Signed-off-by: Mitch Harding <[email protected]>

Signed-off-by: Mitch Harding <[email protected]>
Co-authored-by: Mitch Harding <[email protected]>

Author: shunr-hpe

operations/system_layout_service/Dump_SLS_Information.md

@@ -1,49 +1,21 @@
 # Dump SLS Information
 
-Perform a dump of the System Layout Service \(SLS\) database and an encrypted dump of the credentials stored in Vault.
+Perform a dump of the System Layout Service \(SLS\) database.
 
-This procedure will create three files in the current directory \(private\_key.pem, public\_key.pem, sls\_dump.json\). These files should be kept in a safe and secure place as the private key can decrypt the encrypted passwords stored in the SLS dump file.
+This procedure will create the file `sls_dump.json` in the current directory.
 
 This procedure preserves the information stored in SLS when backing up or reinstalling the system.
 
-### Prerequisites
+## Prerequisites
 
-This procedure requires administrative privileges.
+- The Cray Command Line Interface is configured. See [Configure the Cray CLI](../configure_cray_cli.md).
+- This procedure requires administrative privileges.
 
-### Procedure
+## Procedure
 
-1.  Use the get\_token function to retrieve a token to validate requests to the API gateway.
-
-    ```bash
-    function get_token () {
-        curl -s -S -d grant_type=client_credentials \
-            -d client_id=admin-client \
-            -d client_secret=`kubectl get secrets admin-client-auth -o jsonpath='{.data.client-secret}' | base64 -d` \
-            https://api-gw-service-nmn.local/keycloak/realms/shasta/protocol/openid-connect/token | jq -r '.access_token'
-    }
-    ```
-
-2.  Generate a private and public key pair.
-
-    Execute the following commands to generate a private and public key to use for the dump.
-
-    ```bash
-    openssl genpkey -out private_key.pem -algorithm RSA -pkeyopt rsa_keygen_bits:2048
-    openssl rsa -in private_key.pem -outform PEM -pubout -out public_key.pem
-    ```
-
-    The above commands will create two files the private key private\_key.pem file and the public key public\_key.pem file.
-
-    Make sure to use a new private and public key pair for each dump operation, and do not reuse an existing private and public key pair. The private key should be treated securely because it will be required to decrypt the SLS dump file when the dump is loaded back into SLS. Once the private key is used to load state back into SLS, it should be considered insecure.
-
-3.  Perform the SLS dump.
-
-    The SLS dump will be stored in the sls\_dump.json file. The sls\_dump.json and private\_key.pem files are required to perform the SLS load state operation.
-
-    ```bash
-    curl -X POST \
-    https://api-gw-service-nmn.local/apis/sls/v1/dumpstate \
-    -H "Authorization: Bearer $(get_token)" \
-    -F public_key=@public_key.pem > sls_dump.json
-    ```
+(`ncn-mw#`) Perform the SLS dump.
+The SLS dump will be stored in the `sls_dump.json` file. The `sls_dump.json` file is required to perform the SLS load state operation.
 
+```bash
+cray sls dumpstate list --format json > sls_dump.json
+```

operations/system_layout_service/Load_SLS_Database_with_Dump_File.md

@@ -1,37 +1,20 @@
 # Load SLS Database with Dump File
 
-Load the contents of the SLS dump file to restore SLS to the state of the system at the time of the dump. This will upload and overwrite the current SLS database with the contents of the SLS dump file, and update Vault with the encrypted credentials.
+Load the contents of the SLS dump file to restore SLS to the state of the system at the time of the dump. This will upload and overwrite the current SLS database with the contents of the SLS dump file.
 
 Use this procedure to restore SLS data after a system re-install.
 
-### Prerequisites
+## Prerequisites
 
-The System Layout Service \(SLS\) database has been dumped. See [Dump SLS Information](Dump_SLS_Information.md) for more information.
+- The System Layout Service \(SLS\) database has been dumped. See [Dump SLS Information](Dump_SLS_Information.md) for more information.
+- The Cray Command Line Interface is configured. See [Configure the Cray CLI](../configure_cray_cli.md).
+- This procedure requires administrative privileges.
 
-### Procedure
+## Procedure
 
-1.  Use the get\_token function to retrieve a token to validate requests to the API gateway.
-
-    ```bash
-    function get_token () {
-        curl -s -S -d grant_type=client_credentials \
-            -d client_id=admin-client \
-            -d client_secret=`kubectl get secrets admin-client-auth -o jsonpath='{.data.client-secret}' | base64 -d` \
-            https://api-gw-service-nmn.local/keycloak/realms/shasta/protocol/openid-connect/token | jq -r '.access_token'
-    }
-    ```
-
-2.  Load the dump file into SLS.
-
-    This will upload and overwrite the current SLS database with the contents of the posted file, as well as update the Vault with the encrypted credentials. The private key that was used to generate the SLS dump file is required.
-
-    ```bash
-    curl -X POST \
-    https://api-gw-service-nmn.local/apis/sls/v1/loadstate \
-    -H "Authorization: Bearer $(get_token)" \
-    -F sls_dump=@sls_dump.json \
-    -F private_key=@private_key.pem
-    ```
-
-    After performing the load state operation, the private key should be considered insecure and should no longer be used.
+(`ncn-mw#`) Load the dump file into SLS.
+This will upload and overwrite the current SLS database with the contents of the posted file.
 
+```bash
+cray sls loadstate create sls_dump.json
+```