Merge "High Security Vulnerability Document Updates (r6, r6ds, r7, r7ds)"

doc/source/backup/kubernetes/restoring-starlingx-system-data-and-storage.rst

@@ -1,3 +1,4 @@
+.. Greg updates required for -High Security Vulnerability Document Updates
 
 .. uzk1552923967458
 .. _restoring-starlingx-system-data-and-storage:

doc/source/backup/kubernetes/running-ansible-backup-playbook-locally-on-the-controller.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. bqg1571264986191
 .. _running-ansible-backup-playbook-locally-on-the-controller:
 
@@ -8,28 +10,28 @@ Run Ansible Backup Playbook Locally on the Controller
 
 In this method the Ansible Backup playbook is run on the active controller.
 
-Use the following command to run the Ansible Backup playbook and back up the
+Use one of the following commands to run the Ansible Backup playbook and back up the
 |prod| configuration, data, and user container images in registry.local data:
 
 .. code-block:: none
 
     ~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/backup.yml -e "ansible_become_pass=<sysadmin password> admin_password=<sysadmin password>" -e "backup_user_local_registry=true"
+    ~(keystone_admin)]$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/backup.yml --ask-vault-pass -e "override_files_dir=$HOME/override_dir"
 
 The <admin_password> and <ansible_become_pass> need to be set  correctly
-using the ``-e`` option on the command line, or an override file, or in the
+using the ``-e`` option on the command line, with an override file secured with
-Ansible secret file.
+ansible-vault (recommended).
 
-An example of override file follows:
+For example, create your override file with the :command:`ansible-vault create $HOME/override_dir/localhost-backup.yaml`
+command and copy the following lines into the file. You will be prompted for a
+password to protect/encrypt the file. Use the :command:`ansible-vault edit $HOME/override_dir/localhost-backup.yaml`
+command if the file needs to be edited after it is created.
 
 .. code-block:: none
 
-   cat << EOF > localhost-backup.yaml
-   ---
    ansible_become_pass: "<admin_password>"
    admin_password: "<admin_password>"
    backup_user_local_registry: "true"
-   ...
-   EOF
 
 The output files will be named:
 
@@ -43,8 +45,8 @@ The output files will be named:
 
 -   inventory_hostname_dc_vault_backup_timestamp.tgz
 
-The variables prefix can be overridden using the ``-e`` option on the command
+The output files' prefixes can be overridden with the following variables
-line or by using an override file.
+using the ``-e`` option on the command line or by using an override file.
 
 .. _running-ansible-backup-playbook-locally-on-the-controller-ul-rdp-gyh-pmb:
 

doc/source/backup/kubernetes/running-ansible-backup-playbook-remotely.rst

@@ -1,5 +1,8 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. kpt1571265015137
+
 .. _running-ansible-backup-playbook-remotely:
 
 ====================================
@@ -59,7 +62,7 @@ and target it at controller-0.
 #.  Switch to the <overrides> directory created previously.
 
 #.  Create a new secret file encrypted with Ansible-Vault using the
-    :command:`ansible-vault create secrets.yml` command.
+    :command:`ansible-vault create $HOME/override_dir/secrets.yml` command.
 
     Set and confirm a new Ansible-Vault password. Ansible will open an editing
     window where you can enter your desired contents.
@@ -82,7 +85,7 @@ and target it at controller-0.
 
     Save your changes and quit the editor. If you need to make additional
     changes, you can use the command :command:`ansible-vault edit
-    override_dir/secrets.yml`.
+    $HOME/override_dir/secrets.yml`.
 
 #.  Run Ansible Backup playbook:
 

doc/source/backup/kubernetes/running-restore-playbook-locally-on-the-controller.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. rmy1571265233932
 .. _running-restore-playbook-locally-on-the-controller:
 

doc/source/backup/kubernetes/system-backup-running-ansible-restore-playbook-remotely.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. quy1571265365123
 .. _system-backup-running-ansible-restore-playbook-remotely:
 

doc/source/deploy_install_guides/r6_release/bare_metal/aio_duplex_install_kubernetes.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _aio_duplex_install_kubernetes_r6:
 
 ================================================
@@ -96,19 +98,30 @@ Bootstrap system on controller-0
    Specify the user configuration override file for the Ansible bootstrap
    playbook using one of the following methods:
 
+   .. note::
+
+      This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
+      contains security sensitive information, use the
+      :command:`ansible-vault create $HOME/localhost.yml` command to create it.
+      You will be prompted for a password to protect/encrypt the file.
+      Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
+      file needs to be edited after it is created.
+
    #. Use a copy of the default.yml file listed above to provide your overrides.
 
       The default.yml file lists all available parameters for bootstrap
       configuration with a brief description for each parameter in the file
       comments.
 
-      To use this method, copy the default.yml file listed above to
+      To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
-      ``$HOME/localhost.yml`` and edit the configurable values as desired.
+      command and copy the contents of the ``default.yml`` file into the
+      ansible-vault editor, and edit the configurable values as required.
 
    #. Create a minimal user configuration override file.
 
-      To use this method, create your override file at ``$HOME/localhost.yml``
+      To use this method, create your override file with
-      and provide the minimum required parameters for the deployment
+      the :command:`ansible-vault create $HOME/localhost.yml`
+      command and provide the minimum required parameters for the deployment
       configuration as shown in the example below. Use the OAM IP SUBNET and IP
       ADDRESSing applicable to your deployment environment.
 
@@ -189,7 +202,7 @@ Bootstrap system on controller-0
 
    ::
 
-      ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
+      ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
 
    Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
    depending on the performance of the host machine.

doc/source/deploy_install_guides/r6_release/bare_metal/aio_simplex_install_kubernetes.rst

@@ -1,6 +1,9 @@
 
+.. Greg updates required for High Security Vulnerability Document Updates
+
 .. _aio_simplex_install_kubernetes_r6:
 
+
 =================================================
 Install Kubernetes Platform on All-in-one Simplex
 =================================================
@@ -96,21 +99,32 @@ Bootstrap system on controller-0
    Specify the user configuration override file for the Ansible bootstrap
    playbook using one of the following methods:
 
+   .. note::
+
+      This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
+      contains security sensitive information, use the
+      :command:`ansible-vault create $HOME/localhost.yml` command to create it.
+      You will be prompted for a password to protect/encrypt the file.
+      Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
+      file needs to be edited after it is created.
+
    #. Use a copy of the default.yml file listed above to provide your overrides.
 
       The default.yml file lists all available parameters for bootstrap
       configuration with a brief description for each parameter in the file
       comments.
 
-      To use this method, copy the default.yml file listed above to
+      To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
-      ``$HOME/localhost.yml`` and edit the configurable values as desired.
+      command and copy the contents of the ``default.yml`` file into the
+      ansible-vault editor, and edit the configurable values as required.
 
    #. Create a minimal user configuration override file.
 
-      To use this method, create your override file at ``$HOME/localhost.yml``
+      To use this method, create your override file with
-      and provide the minimum required parameters for the deployment
+      the :command:`ansible-vault create $HOME/localhost.yml`
-      configuration as shown in the example below. Use the |OAM| IP SUBNET and
+      command and provide the minimum required parameters for the deployment
-      IP ADDRESSing applicable to your deployment environment.
+      configuration as shown in the example below. Use the OAM IP SUBNET and IP
+      ADDRESSing applicable to your deployment environment.
 
       .. include:: /_includes/min-bootstrap-overrides-simplex.rest
 
@@ -190,7 +204,7 @@ Bootstrap system on controller-0
 
    ::
 
-      ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
+      ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
 
    Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
    depending on the performance of the host machine.

doc/source/deploy_install_guides/r6_release/bare_metal/controller_storage_install_kubernetes.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _controller_storage_install_kubernetes_r6:
 
 ===============================================================
@@ -95,19 +97,30 @@ Bootstrap system on controller-0
    Specify the user configuration override file for the Ansible bootstrap
    playbook using one of the following methods:
 
+   .. note::
+
+      This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
+      contains security sensitive information, use the
+      :command:`ansible-vault create $HOME/localhost.yml` command to create it.
+      You will be prompted for a password to protect/encrypt the file.
+      Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
+      file needs to be edited after it is created.
+
    #. Use a copy of the default.yml file listed above to provide your overrides.
 
       The default.yml file lists all available parameters for bootstrap
       configuration with a brief description for each parameter in the file
       comments.
 
-      To use this method, copy the default.yml file listed above to
+      To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
-      ``$HOME/localhost.yml`` and edit the configurable values as desired.
+      command and copy the contents of the ``default.yml`` file into the
+      ansible-vault editor, and edit the configurable values as required.
 
    #. Create a minimal user configuration override file.
 
-      To use this method, create your override file at ``$HOME/localhost.yml``
+      To use this method, create your override file with
-      and provide the minimum required parameters for the deployment
+      the :command:`ansible-vault create $HOME/localhost.yml`
+      command and provide the minimum required parameters for the deployment
       configuration as shown in the example below. Use the OAM IP SUBNET and IP
       ADDRESSing applicable to your deployment environment.
 
@@ -187,7 +200,7 @@ Bootstrap system on controller-0
 
    ::
 
-      ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
+      ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
 
    Wait for Ansible bootstrap playbook to complete.
    This can take 5-10 minutes, depending on the performance of the host machine.

doc/source/deploy_install_guides/r6_release/bare_metal/dedicated_storage_install_kubernetes.rst

@@ -1,4 +1,5 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
 
 .. _dedicated_storage_install_kubernetes_r6:
 

doc/source/deploy_install_guides/r7_release/bare_metal/aio_duplex_install_kubernetes.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _aio_duplex_install_kubernetes_r7:
 
 ================================================
@@ -222,19 +224,30 @@ Bootstrap system on controller-0
    Specify the user configuration override file for the Ansible bootstrap
    playbook using one of the following methods:
 
+   .. note::
+
+      This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
+      contains security sensitive information, use the
+      :command:`ansible-vault create $HOME/localhost.yml` command to create it.
+      You will be prompted for a password to protect/encrypt the file.
+      Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
+      file needs to be edited after it is created.
+
    #. Use a copy of the default.yml file listed above to provide your overrides.
 
       The default.yml file lists all available parameters for bootstrap
       configuration with a brief description for each parameter in the file
       comments.
 
-      To use this method, copy the default.yml file listed above to
+      To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
-      ``$HOME/localhost.yml`` and edit the configurable values as desired.
+      command and copy the contents of the ``default.yml`` file into the
+      ansible-vault editor, and edit the configurable values as required.
 
    #. Create a minimal user configuration override file.
 
-      To use this method, create your override file at ``$HOME/localhost.yml``
+      To use this method, create your override file with
-      and provide the minimum required parameters for the deployment
+      the :command:`ansible-vault create $HOME/localhost.yml`
+      command and provide the minimum required parameters for the deployment
       configuration as shown in the example below. Use the OAM IP SUBNET and IP
       ADDRESSing applicable to your deployment environment.
 
@@ -315,7 +328,7 @@ Bootstrap system on controller-0
 
    ::
 
-      ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
+      ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
 
    Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
    depending on the performance of the host machine.

doc/source/deploy_install_guides/r7_release/bare_metal/aio_simplex_install_kubernetes.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _aio_simplex_install_kubernetes_r7:
 
 =================================================
@@ -117,21 +119,32 @@ Bootstrap system on controller-0
    Specify the user configuration override file for the Ansible bootstrap
    playbook using one of the following methods:
 
+   .. note::
+
+      This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
+      contains security sensitive information, use the
+      :command:`ansible-vault create $HOME/localhost.yml` command to create it.
+      You will be prompted for a password to protect/encrypt the file.
+      Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
+      file needs to be edited after it is created.
+
    #. Use a copy of the default.yml file listed above to provide your overrides.
 
       The default.yml file lists all available parameters for bootstrap
       configuration with a brief description for each parameter in the file
       comments.
 
-      To use this method, copy the default.yml file listed above to
+      To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
-      ``$HOME/localhost.yml`` and edit the configurable values as desired.
+      command and copy the contents of the ``default.yml`` file into the
+      ansible-vault editor, and edit the configurable values as required.
 
    #. Create a minimal user configuration override file.
 
-      To use this method, create your override file at ``$HOME/localhost.yml``
+      To use this method, create your override file with
-      and provide the minimum required parameters for the deployment
+      the :command:`ansible-vault create $HOME/localhost.yml`
-      configuration as shown in the example below. Use the |OAM| IP SUBNET and
+      command and provide the minimum required parameters for the deployment
-      IP ADDRESSing applicable to your deployment environment.
+      configuration as shown in the example below. Use the OAM IP SUBNET and IP
+      ADDRESSing applicable to your deployment environment.
 
       .. include:: /_includes/min-bootstrap-overrides-simplex.rest
 
@@ -211,7 +224,7 @@ Bootstrap system on controller-0
 
    ::
 
-      ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
+      ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
 
    Wait for Ansible bootstrap playbook to complete. This can take 5-10 minutes,
    depending on the performance of the host machine.

doc/source/deploy_install_guides/r7_release/bare_metal/controller_storage_install_kubernetes.rst

@@ -1,5 +1,7 @@
 |hideable|
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _controller_storage_install_kubernetes_r7:
 
 ===============================================================
@@ -182,19 +184,30 @@ Bootstrap system on controller-0
    Specify the user configuration override file for the Ansible bootstrap
    playbook using one of the following methods:
 
+   .. note::
+
+      This Ansible Overrides file for the Bootstrap Playbook ($HOME/localhost.yml)
+      contains security sensitive information, use the
+      :command:`ansible-vault create $HOME/localhost.yml` command to create it.
+      You will be prompted for a password to protect/encrypt the file.
+      Use the :command:`ansible-vault edit $HOME/localhost.yml` command if the
+      file needs to be edited after it is created.
+
    #. Use a copy of the default.yml file listed above to provide your overrides.
 
       The default.yml file lists all available parameters for bootstrap
       configuration with a brief description for each parameter in the file
       comments.
 
-      To use this method, copy the default.yml file listed above to
+      To use this method, run the :command:`ansible-vault create $HOME/localhost.yml`
-      ``$HOME/localhost.yml`` and edit the configurable values as desired.
+      command and copy the contents of the ``default.yml`` file into the
+      ansible-vault editor, and edit the configurable values as required.
 
    #. Create a minimal user configuration override file.
 
-      To use this method, create your override file at ``$HOME/localhost.yml``
+      To use this method, create your override file with
-      and provide the minimum required parameters for the deployment
+      the :command:`ansible-vault create $HOME/localhost.yml`
+      command and provide the minimum required parameters for the deployment
       configuration as shown in the example below. Use the OAM IP SUBNET and IP
       ADDRESSing applicable to your deployment environment.
 
@@ -274,7 +287,7 @@ Bootstrap system on controller-0
 
    ::
 
-      ansible-playbook /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
+      ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/bootstrap.yml
 
    Wait for Ansible bootstrap playbook to complete.
    This can take 5-10 minutes, depending on the performance of the host machine.

doc/source/dist_cloud/kubernetes/changing-the-admin-password-on-distributed-cloud.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. xvn1592596490325
 .. _changing-the-admin-password-on-distributed-cloud:
 

doc/source/dist_cloud/kubernetes/distributed-upgrade-orchestration-process-using-the-cli.rst

@@ -1,3 +1,4 @@
+.. Greg updates required for -High Security Vulnerability Document Updates
 
 .. pek1594745988225
 .. _distributed-upgrade-orchestration-process-using-the-cli:

doc/source/dist_cloud/kubernetes/installing-a-subcloud-using-redfish-platform-management-service.rst

@@ -69,6 +69,8 @@ subcloud, the subcloud installation has these phases:
     files that are referenced in the ``bootstrap.yml`` file must exist on both
     controllers (for example, ``/home/sysadmin/docker-registry-ca-cert.pem``).
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _increase-subcloud-platform-backup-size:
 
 ----------------------------------------------------

doc/source/dist_cloud/kubernetes/installing-a-subcloud-without-redfish-platform-management-service.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. pja1558616715987
 
 |hideable|

doc/source/dist_cloud/kubernetes/migrate-an-aiosx-subcloud-to-an-aiodx-subcloud.rst

@@ -64,6 +64,8 @@ Manually Migrate a Subcloud from AIO-SX to AIO-DX.
 
 .. _use-ansible-playbook-to-migrate-a-subcloud-from-AIO-SX-to-AIO-DX:
 
+.. Updates required for -High Security Vulnerability Document Updates
+
 ================================================================
 Use Ansible Playbook to Migrate a Subcloud from AIO-SX to AIO-DX
 ================================================================
@@ -80,10 +82,10 @@ using the ansible playbook.
 
 .. rubric:: |proc|
 
-#.  Create a configuration file and specify the |OAM| unit IP addresses and
+#.  Use the :command:`ansible-vault create migrate-subcloud1-overrides-EXAMPLE.yml`
-    the ansible ssh password in the **migrate-subcloud1-overrides-EXAMPLE.yml**
+    command to securely specify the |OAM| unit IP addresses and the ansible
-    file. The existing |OAM| IP address of the |AIO-SX| system will be used as
+    ssh password. The existing |OAM| IP address of the |AIO-SX| system will be
-    the |OAM| floating IP address of the new |AIO-DX| system.
+    used as the |OAM| floating IP address of the new |AIO-DX| system.
 
     In the following example, 10.10.10.13 and 10.10.10.14 are the new |OAM| unit
     IP addresses for controller-0 and controller-1 respectively.
@@ -96,6 +98,9 @@ using the ansible playbook.
           "external_oam_node_1_address": "10.10.10.14",
           }
 
+    Use the :command:`ansible-vault edit migrate-subcloud1-overrides-EXAMPLE.yml`
+    command if the file needs to be edited after it is created.
+
 #.  On the system controller, run the ansible playbook to migrate the |AIO-SX|
     subcloud to an |AIO-DX|.
 
@@ -103,7 +108,7 @@ using the ansible playbook.
 
     .. code-block:: none
 
-        ~(keystone_admin)$ ansible-playbook /usr/share/ansible/stx-ansible/playbooks/migrate_sx_to_dx.yml -e @migrate-subcloud1-overrides-EXAMPLE.yml -i subcloud1, -v
+        ~(keystone_admin)$ ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/migrate_sx_to_dx.yml -e @migrate-subcloud1-overrides-EXAMPLE.yml -i subcloud1, -v
 
     The ansible playbook will lock the subcloud's controller-0, if it not
     already locked, apply the configuration changes to convert the subcloud to

doc/source/dist_cloud/kubernetes/prestage-subcloud-orchestration-eb516473582f.rst

@@ -1,3 +1,5 @@
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _prestage-subcloud-orchestration-eb516473582f:
 
 ===============================

doc/source/dist_cloud/kubernetes/rehoming-a-subcloud.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _rehoming-a-subcloud:
 
 =================

doc/source/dist_cloud/kubernetes/reinstalling-a-subcloud-with-redfish-platform-management-service.rst

@@ -1,5 +1,7 @@
 
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _reinstalling-a-subcloud-with-redfish-platform-management-service:
 
 =============================================================

doc/source/dist_cloud/kubernetes/restoring-subclouds-from-backupdata-using-dcmanager.rst

@@ -1,4 +1,6 @@
 
+.. Greg updates required for -High Security Vulnerability Document Updates
+
 .. _restoring-subclouds-from-backupdata-using-dcmanager:
 
 =========================================================

doc/source/dist_cloud/kubernetes/upgrading-the-systemcontroller-using-the-cli.rst

@@ -1,3 +1,4 @@
+.. Greg updates required for -High Security Vulnerability Document Updates
 
 .. vco1593176327490
 .. _upgrading-the-systemcontroller-using-the-cli:

doc/source/security/kubernetes/migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d.rst

@@ -1,3 +1,7 @@
+.. Greg updates required for -High Security Vulnerability Document Updates
+.. Is this the target file that the rest of the updates need to point to??
+
+
 .. _migrate-platform-certificates-to-use-cert-manager-c0b1727e4e5d:
 
 ========================================================

doc/source/storage/kubernetes/configure-an-external-netapp-deployment-as-the-storage-backend.rst

@@ -1,3 +1,4 @@
+.. Greg updates required for -High Security Vulnerability Document Updates
 
 .. rzp1584539804482
 .. _configure-an-external-netapp-deployment-as-the-storage-backend:
@@ -93,8 +94,10 @@ procedure.
 
     You can make changes-in-place to your existing localhost.yml file
     or create another in an alternative location. In either case, you
-    also have the option of using an ansible vault named secrets.yml
+    also have the option of using an ansible vault to secure/encrypt the
-    for sensitive data. The alternative must be named localhost.yaml.
+    localhost.yaml file containing sensitive data, i.e, using
+    :command:`ansible-vault create $HOME/localhost.yml` or :command:`ansible-vault edit $HOME/localhost.yml`
+    commands.
 
     The following parameters are mandatory:
 
@@ -225,7 +228,7 @@ procedure.
 
     .. code-block:: none
 
-        ansible-playbook /usr/share/ansible/stx-ansible/playbooks/install_netapp_backend.yml -e "override_files_dir=</home/sysadmin/mynetappconfig>"
+        ansible-playbook --ask-vault-pass /usr/share/ansible/stx-ansible/playbooks/install_netapp_backend.yml -e "override_files_dir=</home/sysadmin/mynetappconfig>"
 
     Upon successful launch, there will be one Trident pod running on
     each node, plus an extra pod for the REST API running on one of the