simplification of tabs

docs/training/ex362.md

@@ -16,9 +16,11 @@ The list of objectives can be found [here](https://www.redhat.com/en/services/tr
 
 The video series goes over setting up FreeIPA in a lab/VM environment by following the objectives as outlined by Red Hat. The list of objectives can be found [here](https://www.redhat.com/en/services/training/ex362-red-hat-certified-specialist-identity-management-exam).
 
-**On this page, you will see a combination of both "Script or CLI" and "Ansible" methods of working with FreeIPA (or Red Hat IdM). This is because we believe in the user understanding and knowing how to do things by hand first and foremost before ever automating it. Automation cannot be fully achieved without having an understanding of the underlying software and applications.**
+!!! warning "Multi-method"
 
-**In conclusion, we highly recommend that any user studying for their exam reading this guide understands how to do everything by hand first before attempting to redo it via ansible.**
+    Throughout this material, you will see a combination of both "Script or CLI" and "Ansible" methods of working with FreeIPA (or Red Hat IdM), in selectable tabs. This is because we believe in the user understanding and knowing how to do things by hand first and foremost before ever automating it. Automation cannot be fully achieved without having an understanding of the underlying software and applications.
+
+    **In conclusion, we highly recommend that any user studying for their exam reading this guide understands how to do everything by hand first before attempting to redo it via ansible.**
 
 ## Exam Information
 
@@ -71,6 +73,8 @@ Below is a list of expected lab systems to perform the work on this page.
 | utility.example.com     | 192.168.15.12 | Utility Server     |
 | ansible.example.com     | 192.168.15.50 | Ansible controller |
 
+You may want to consider setting up an NTP server, if you do not wish to use the default from chrony. This can be done on the utility server. See [Setup an NTP Server](#setup-an-ntp-server).
+
 ## Setup Ansible Controller and Clients
 
 As the exam may expect familiarity with ansible, setting up an ansible controller may be ideal.
@@ -112,7 +116,7 @@ ansible_managed = EX362 Study
 enable_plugins = host_list, virtualbox, yaml, constructed, script, ini, auto
 ```
 
-Configure the inventory. For the inventory, you should ensure *all* lab systems are listed.
+Configure the base inventory. For the inventory, you should ensure *all* lab systems are listed.
 
 ``` ini
 [ipa:children]
@@ -219,7 +223,7 @@ At this point, you will need to configure all the clients with an ansible user a
 
     In later versions of FreeIPA, there is support to force network manager to ensure resolv.conf is loopback without the need to set it by hand with nmcli.
 
-=== "Script or CLI Method"
+=== "Script or CLI"
 
     ``` bash
     % hostnamectl set-hostname idm1.example.com
@@ -276,7 +280,7 @@ At this point, you will need to configure all the clients with an ansible user a
     % ipa dnsconfig-mod --allow-sync-ptr=True
     ```
 
-=== "Ansible Method"
+=== "Ansible"
 
     Ensure that your ansible controller is setup and install the collections as needed.
 
@@ -343,7 +347,7 @@ At this point, you will need to configure all the clients with an ansible user a
 
 ### Install and configure a replica IdM Server
 
-=== "Script or CLI Method"
+=== "Script or CLI"
 
     ``` bash
     % hostnamectl set-hostname idm2.example.com
@@ -374,7 +378,7 @@ At this point, you will need to configure all the clients with an ansible user a
         --unattended
     ```
 
-=== "Ansible Method"
+=== "Ansible"
 
     . . .
 
@@ -403,7 +407,7 @@ At this point, you will need to configure all the clients with an ansible user a
 |                         | Host enrollment           |
 
 
-=== "Script or CLI Method"
+=== "Script or CLI"
 
     !!! note "Custom UID/GID"
         It is possible to create the users with a custom uid/gid with the switches --uid and --gidnumber which you will see below. It is also possible to set random passwords with --random.
@@ -461,7 +465,7 @@ At this point, you will need to configure all the clients with an ansible user a
     (Press CTRL+D)
     ```
 
-=== "Ansible Method"
+=== "Ansible"
 
     . . .
 
@@ -507,7 +511,7 @@ To setup a very, very simple SSO, you can setup a simple location that requires
 | nfs.example.com         | 192.168.15.11 |
 | utility.example.com     | 192.168.15.12 |
 
-=== "Script or CLI Method"
+=== "Script or CLI"
 
     !!! note
         Depending on your architecture and setup, IdM clients should either be pointing directly at the IdM servers for DNS (at least two of them) or pointing at the DNS server in the environment that is delegating that domain to the IdM domain controllers.
@@ -541,7 +545,7 @@ To setup a very, very simple SSO, you can setup a simple location that requires
     uid=686600000(admin) gid=686600000(admins) groups=686600000(admins)
     ```
 
-=== "Ansible Method"
+=== "Ansible"
 
     . . .
 
@@ -628,7 +632,7 @@ By default, when a certificate request is performed (and succeeds to be signed b
 
 When a domain supports the KRA role, it can hold password vaults or anything that's considered "secret". You can add the KRA role by installing the relevant package and installing the role.
 
-=== "Script or CLI Method"
+=== "Script or CLI"
 
     On each IdM server, you will need to enable the role.
 
@@ -639,7 +643,7 @@ When a domain supports the KRA role, it can hold password vaults or anything tha
 
     (more to come)
 
-=== "Ansible Method"
+=== "Ansible"
 
     If you are following the ansible method, you already have this role installed based on the inventory configuration. Now it's a matter of creating a simple secret.
 
@@ -687,7 +691,7 @@ lrwxrwxrwx. 1 root root  27 Jan 14  2020 system-auth -> /etc/authselect/system-a
 
 On a typical Red Hat system, the most common ones (such as `su`, `sshd`, `sudo`) imports the `system-auth` file, so the login request is processed through those means. When defining HBAC rules, you either must allow "all" services or be selective. For example, if an HBAC rule allows "sshd", a user is allowed to ssh into a system, but wouldn't allow them to login locally on the console, as that goes through `login`. If you want the user to be able to run the `su` and `sudo` commands, you would also need to allow those services. Otherwise, the user is denied, even if sudo policies are available.
 
-=== "Script or CLI Method"
+=== "Script or CLI"
 
     ``` bash
     [label@mgt ~]$ sudo -i
@@ -728,7 +732,7 @@ On a typical Red Hat system, the most common ones (such as `su`, `sshd`, `sudo`)
     % ipa hbactest --rules=corp_access --user=brufus --host=client.example.com --service=sshd
     ```
 
-=== "Ansible Method"
+=== "Ansible"
 
     To do this the ansible way, you can make a playbook like this.
 
@@ -900,37 +904,43 @@ There are multiple ways you can backup IPA.
 * Full backup: Default, shuts down IPA before performing a backup. This backs up with raw files. As such, it must be done offline.
 * Data backup: Backs up a copy of the ldap data and the changelog (the IPA-REALM instance, DogTag, IPA backend). This can be done online.
 
-#### Script or CLI Method
+=== "Script or CLI"
 
-``` bash
-# Turns off IPA completely and perform a backup
-% ipa-backup
-# Backs up and gpg encrypts
-% ipa-backup --gpg --gpg-keyring=/root/keys
-```
+    ``` bash
+    # Turns off IPA completely and perform a backup
+    % ipa-backup
+    # Backs up and gpg encrypts
+    % ipa-backup --gpg --gpg-keyring=/root/keys
+    ```
 
-To restore a backup, the ipa-restore command is available.
+    To restore a backup, the ipa-restore command is available.
 
-``` bash
-% ipa-restore /var/lib/ipa/backup/
-```
+    ``` bash
+    % ipa-restore /var/lib/ipa/backup/
+    ```
 
-#### Ansible Method
+=== "Ansible"
+
+    . . .
 
 ### Perform a backup without interruption of services
 
 It is possible to perform a backup without taking down services. However, not everything will get backed up as a result.
 
-#### Script or CLI Method
+=== "Script or CLI"
 
-The backup command allows you to pass an online flag to ensure a backup taken doesn't down the IPA services. Note that not everything can be backed up online.
+    The backup command allows you to pass an online flag to ensure a backup taken doesn't down the IPA services. Note that not everything can be backed up online.
 
-``` bash
-# Backs up data only and doesn't take down IPA
-% ipa-backup --data --online
-# Backs up data only and gpg encrypts
-% ipa-backup --gpg --gpg-keyring=/root/keys --data --online
-```
+    ``` bash
+    # Backs up data only and doesn't take down IPA
+    % ipa-backup --data --online
+    # Backs up data only and gpg encrypts
+    % ipa-backup --gpg --gpg-keyring=/root/keys --data --online
+    ```
+
+=== "Ansible"
+
+    . . .
 
 ## Value Add