From 8743afa54d4e4ef660ccf8f13d4104d3250e3945 Mon Sep 17 00:00:00 2001
From: keshavprasadms <keshavprasadms@gmail.com>
Date: Sun, 23 May 2021 22:46:18 +0530
Subject: [PATCH] fix: added comments for lms service account roles

---
 private_repo/ansible/inventory/dev/Core/secrets.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/private_repo/ansible/inventory/dev/Core/secrets.yml b/private_repo/ansible/inventory/dev/Core/secrets.yml
index 08a2a1de2..dc1fe4f62 100644
--- a/private_repo/ansible/inventory/dev/Core/secrets.yml
+++ b/private_repo/ansible/inventory/dev/Core/secrets.yml
@@ -23,8 +23,9 @@ core_vault_proxy_site_crt: |+
 core_vault_sunbird_api_auth_token: # Take the jwt token of api-admin consumer from Jenkins job console output after running OnboardConsumers - Use the same value in DP secrets.yml also for the variable sunbird_api_auth_token
 
 core_vault_sunbird_sso_publickey: # Public key of keycloak sunbird realm, update this post keycloak deployment.  See below for steps
-# SSH tunnel to the keycloak VM by running ssh -L 8080:localhost:8080 ops@~Keycloak-VM-IP
-# If you cannot tunnel directly to keycloak VM, then tunnel to Jenkins first and then tunnel to keycloak from jenkins
+# SSH tunnel to the keycloak VM by running ssh -L 8080:localhost:8080 deployer@Keycloak-VM-IP
+# If you cannot tunnel directly to Keycloak VM, then tunnel to Jenkins first and then tunnel to Keycloak VM from jenkins
+# Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/clients -> lms -> service account roles -> Click on client roles drop down -> Select realm-management -> Select manage-users in Available Roles -> Click on Add selected
 # Go to http://localhost:8080/auth/admin/master/console/#/realms/sunbird/keys
 # Click on Public Key and update the variable
 
-- 
GitLab