diff --git a/deploy-guide/source/app.rst b/deploy-guide/source/app.rst index c77d685af7..a5bbef4ccf 100644 --- a/deploy-guide/source/app.rst +++ b/deploy-guide/source/app.rst @@ -6,8 +6,6 @@ Appendices :maxdepth: 2 app-custom-layouts.rst - app-security.rst - app-networking.rst app-limited-connectivity.rst app-advanced-config-sslcertificates.rst app-resources.rst diff --git a/deploy-guide/source/overview-network-arch.rst b/deploy-guide/source/overview-network-arch.rst index 4a6deb39e4..14fba89d8c 100644 --- a/deploy-guide/source/overview-network-arch.rst +++ b/deploy-guide/source/overview-network-arch.rst @@ -9,7 +9,9 @@ hosts requires manual configuration because it varies from one use case to another. This section describes the network configuration that must be implemented on all target hosts. -For more information about how networking works, see :ref:`network-appendix`. +For more information about how networking works, see the +:dev_docs:`OpenStack-Ansible Reference Architecture, section Container +Networking `. Host network bridges ~~~~~~~~~~~~~~~~~~~~ diff --git a/deploy-guide/source/app-networking.rst b/doc/source/reference/architecture/container-networking.rst similarity index 90% rename from deploy-guide/source/app-networking.rst rename to doc/source/reference/architecture/container-networking.rst index 860f415ceb..cc45768cd8 100644 --- a/deploy-guide/source/app-networking.rst +++ b/doc/source/reference/architecture/container-networking.rst @@ -1,8 +1,8 @@ -.. _network-appendix: +.. _container-networking: -================================ -Appendix G: Container networking -================================ +==================== +Container networking +==================== OpenStack-Ansible deploys Linux containers (LXC) and uses Linux bridging between the container and the host interfaces to ensure that @@ -53,7 +53,7 @@ namespaces. The following image demonstrates how the container network interfaces are connected to the host's bridges and physical network interfaces: -.. image:: figures/networkcomponents.png +.. image:: ../figures/networkcomponents.png Network diagrams ~~~~~~~~~~~~~~~~ @@ -64,7 +64,7 @@ Hosts with services running in containers The following diagram shows how all of the interfaces and bridges interconnect to provide network connectivity to the OpenStack deployment: -.. image:: figures/networkarch-container-external.png +.. image:: ../figures/networkarch-container-external.png The interface ``lxcbr0`` provides connectivity for the containers to the outside world, thanks to dnsmasq (dhcp/dns) + NAT. @@ -84,7 +84,7 @@ OpenStack-Ansible deploys the Compute service on the physical host rather than in a container. The following diagram shows how to use bridges for network connectivity: -.. image:: figures/networkarch-bare-external.png +.. image:: ../figures/networkarch-bare-external.png Neutron traffic --------------- @@ -96,12 +96,12 @@ networking-agents container. The diagram shows how DHCP agents provide information (IP addresses and DNS servers) to the instances, and how routing works on the image. -.. image:: figures/networking-neutronagents.png +.. image:: ../figures/networking-neutronagents.png The following diagram shows how virtual machines connect to the ``br-vlan`` and ``br-vxlan`` bridges and send traffic to the network outside the host: -.. image:: figures/networking-compute.png +.. image:: ../figures/networking-compute.png .. _openstack-user-config-reference: @@ -112,7 +112,7 @@ The ``openstack_user_config.yml.example`` file is heavily commented with the details of how to do more advanced container networking configuration. The contents of the file are shown here for reference. -.. literalinclude:: ../../etc/openstack_deploy/openstack_user_config.yml.example +.. literalinclude:: ../../../../etc/openstack_deploy/openstack_user_config.yml.example :language: yaml :start-after: under the License. diff --git a/doc/source/reference/architecture/index.rst b/doc/source/reference/architecture/index.rst new file mode 100644 index 0000000000..b285a07e0a --- /dev/null +++ b/doc/source/reference/architecture/index.rst @@ -0,0 +1,15 @@ +============ +Architecture +============ + +Many operational requirements have been taken into consideration for +the design of the OpenStack-Ansible project. + +In this chapter, you can find details about `why` OpenStack-Ansible +was architected in this way. + +.. toctree:: + :maxdepth: 1 + + security.rst + container-networking.rst diff --git a/deploy-guide/source/app-security.rst b/doc/source/reference/architecture/security.rst similarity index 95% rename from deploy-guide/source/app-security.rst rename to doc/source/reference/architecture/security.rst index 8f83bcffde..34a4ec633a 100644 --- a/deploy-guide/source/app-security.rst +++ b/doc/source/reference/architecture/security.rst @@ -1,15 +1,11 @@ -==================== -Appendix F: Security -==================== +Security +======== Security is one of the top priorities within OpenStack-Ansible (OSA), and many security enhancements for OpenStack clouds are available in deployments by -default. This appendix provides a detailed overview of the most important +default. This section provides a detailed overview of the most important security enhancements. -For more information about configuring security, see -:deploy_guide:`Appendix H `. - .. note:: Every deployer has different security requirements. @@ -33,7 +29,8 @@ certificates, keys, and CA certificates. To learn more about how to customize the deployment of encrypted communications, see -:deploy_guide:`Securing services with SSL certificates `. +:deploy_guide:`Securing services with SSL +certificates `. Host security hardening ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/deploy-guide/source/figures/networkarch-bare-external-example.png b/doc/source/reference/figures/networkarch-bare-external-example.png similarity index 100% rename from deploy-guide/source/figures/networkarch-bare-external-example.png rename to doc/source/reference/figures/networkarch-bare-external-example.png diff --git a/deploy-guide/source/figures/networkarch-bare-external.png b/doc/source/reference/figures/networkarch-bare-external.png similarity index 100% rename from deploy-guide/source/figures/networkarch-bare-external.png rename to doc/source/reference/figures/networkarch-bare-external.png diff --git a/deploy-guide/source/figures/networkarch-container-external-example.png b/doc/source/reference/figures/networkarch-container-external-example.png similarity index 100% rename from deploy-guide/source/figures/networkarch-container-external-example.png rename to doc/source/reference/figures/networkarch-container-external-example.png diff --git a/deploy-guide/source/figures/networkarch-container-external.png b/doc/source/reference/figures/networkarch-container-external.png similarity index 100% rename from deploy-guide/source/figures/networkarch-container-external.png rename to doc/source/reference/figures/networkarch-container-external.png diff --git a/deploy-guide/source/figures/networkcomponents.png b/doc/source/reference/figures/networkcomponents.png similarity index 100% rename from deploy-guide/source/figures/networkcomponents.png rename to doc/source/reference/figures/networkcomponents.png diff --git a/deploy-guide/source/figures/networking-compute.png b/doc/source/reference/figures/networking-compute.png similarity index 100% rename from deploy-guide/source/figures/networking-compute.png rename to doc/source/reference/figures/networking-compute.png diff --git a/deploy-guide/source/figures/networking-neutronagents.png b/doc/source/reference/figures/networking-neutronagents.png similarity index 100% rename from deploy-guide/source/figures/networking-neutronagents.png rename to doc/source/reference/figures/networking-neutronagents.png diff --git a/doc/source/reference/index.rst b/doc/source/reference/index.rst index 60e7f06cfb..6a6bac99ed 100644 --- a/doc/source/reference/index.rst +++ b/doc/source/reference/index.rst @@ -25,5 +25,6 @@ see the :dev_docs:`Contributors Guide `. conventions.rst inventory/inventory.rst configuration/advanced-config.rst + architecture/index.rst commands/reference.rst upgrades/reference.rst