From 99ca16e85e5b81fa111c152f0fae56bd05a5d814 Mon Sep 17 00:00:00 2001 From: Jean-Philippe Evrard Date: Wed, 21 Feb 2018 08:53:00 +0000 Subject: [PATCH] [Docs] Move network architecture into reference Move all the design considerations into reference. Change-Id: I5e5b4e85140b73871f2ba6a4d5264cb21de9f337 --- deploy-guide/source/app.rst | 2 -- deploy-guide/source/overview-network-arch.rst | 4 +++- .../architecture/container-networking.rst | 20 +++++++++--------- doc/source/reference/architecture/index.rst | 15 +++++++++++++ .../reference/architecture/security.rst | 13 +++++------- .../networkarch-bare-external-example.png | Bin .../figures/networkarch-bare-external.png | Bin ...networkarch-container-external-example.png | Bin .../networkarch-container-external.png | Bin .../reference}/figures/networkcomponents.png | Bin .../reference}/figures/networking-compute.png | Bin .../figures/networking-neutronagents.png | Bin doc/source/reference/index.rst | 1 + 13 files changed, 34 insertions(+), 21 deletions(-) rename deploy-guide/source/app-networking.rst => doc/source/reference/architecture/container-networking.rst (90%) create mode 100644 doc/source/reference/architecture/index.rst rename deploy-guide/source/app-security.rst => doc/source/reference/architecture/security.rst (95%) rename {deploy-guide/source => doc/source/reference}/figures/networkarch-bare-external-example.png (100%) rename {deploy-guide/source => doc/source/reference}/figures/networkarch-bare-external.png (100%) rename {deploy-guide/source => doc/source/reference}/figures/networkarch-container-external-example.png (100%) rename {deploy-guide/source => doc/source/reference}/figures/networkarch-container-external.png (100%) rename {deploy-guide/source => doc/source/reference}/figures/networkcomponents.png (100%) rename {deploy-guide/source => doc/source/reference}/figures/networking-compute.png (100%) rename {deploy-guide/source => doc/source/reference}/figures/networking-neutronagents.png (100%) diff --git a/deploy-guide/source/app.rst b/deploy-guide/source/app.rst index c77d685af7..a5bbef4ccf 100644 --- a/deploy-guide/source/app.rst +++ b/deploy-guide/source/app.rst @@ -6,8 +6,6 @@ Appendices :maxdepth: 2 app-custom-layouts.rst - app-security.rst - app-networking.rst app-limited-connectivity.rst app-advanced-config-sslcertificates.rst app-resources.rst diff --git a/deploy-guide/source/overview-network-arch.rst b/deploy-guide/source/overview-network-arch.rst index 4a6deb39e4..14fba89d8c 100644 --- a/deploy-guide/source/overview-network-arch.rst +++ b/deploy-guide/source/overview-network-arch.rst @@ -9,7 +9,9 @@ hosts requires manual configuration because it varies from one use case to another. This section describes the network configuration that must be implemented on all target hosts. -For more information about how networking works, see :ref:`network-appendix`. +For more information about how networking works, see the +:dev_docs:`OpenStack-Ansible Reference Architecture, section Container +Networking `. Host network bridges ~~~~~~~~~~~~~~~~~~~~ diff --git a/deploy-guide/source/app-networking.rst b/doc/source/reference/architecture/container-networking.rst similarity index 90% rename from deploy-guide/source/app-networking.rst rename to doc/source/reference/architecture/container-networking.rst index 860f415ceb..cc45768cd8 100644 --- a/deploy-guide/source/app-networking.rst +++ b/doc/source/reference/architecture/container-networking.rst @@ -1,8 +1,8 @@ -.. _network-appendix: +.. _container-networking: -================================ -Appendix G: Container networking -================================ +==================== +Container networking +==================== OpenStack-Ansible deploys Linux containers (LXC) and uses Linux bridging between the container and the host interfaces to ensure that @@ -53,7 +53,7 @@ namespaces. The following image demonstrates how the container network interfaces are connected to the host's bridges and physical network interfaces: -.. image:: figures/networkcomponents.png +.. image:: ../figures/networkcomponents.png Network diagrams ~~~~~~~~~~~~~~~~ @@ -64,7 +64,7 @@ Hosts with services running in containers The following diagram shows how all of the interfaces and bridges interconnect to provide network connectivity to the OpenStack deployment: -.. image:: figures/networkarch-container-external.png +.. image:: ../figures/networkarch-container-external.png The interface ``lxcbr0`` provides connectivity for the containers to the outside world, thanks to dnsmasq (dhcp/dns) + NAT. @@ -84,7 +84,7 @@ OpenStack-Ansible deploys the Compute service on the physical host rather than in a container. The following diagram shows how to use bridges for network connectivity: -.. image:: figures/networkarch-bare-external.png +.. image:: ../figures/networkarch-bare-external.png Neutron traffic --------------- @@ -96,12 +96,12 @@ networking-agents container. The diagram shows how DHCP agents provide information (IP addresses and DNS servers) to the instances, and how routing works on the image. -.. image:: figures/networking-neutronagents.png +.. image:: ../figures/networking-neutronagents.png The following diagram shows how virtual machines connect to the ``br-vlan`` and ``br-vxlan`` bridges and send traffic to the network outside the host: -.. image:: figures/networking-compute.png +.. image:: ../figures/networking-compute.png .. _openstack-user-config-reference: @@ -112,7 +112,7 @@ The ``openstack_user_config.yml.example`` file is heavily commented with the details of how to do more advanced container networking configuration. The contents of the file are shown here for reference. -.. literalinclude:: ../../etc/openstack_deploy/openstack_user_config.yml.example +.. literalinclude:: ../../../../etc/openstack_deploy/openstack_user_config.yml.example :language: yaml :start-after: under the License. diff --git a/doc/source/reference/architecture/index.rst b/doc/source/reference/architecture/index.rst new file mode 100644 index 0000000000..b285a07e0a --- /dev/null +++ b/doc/source/reference/architecture/index.rst @@ -0,0 +1,15 @@ +============ +Architecture +============ + +Many operational requirements have been taken into consideration for +the design of the OpenStack-Ansible project. + +In this chapter, you can find details about `why` OpenStack-Ansible +was architected in this way. + +.. toctree:: + :maxdepth: 1 + + security.rst + container-networking.rst diff --git a/deploy-guide/source/app-security.rst b/doc/source/reference/architecture/security.rst similarity index 95% rename from deploy-guide/source/app-security.rst rename to doc/source/reference/architecture/security.rst index 8f83bcffde..34a4ec633a 100644 --- a/deploy-guide/source/app-security.rst +++ b/doc/source/reference/architecture/security.rst @@ -1,15 +1,11 @@ -==================== -Appendix F: Security -==================== +Security +======== Security is one of the top priorities within OpenStack-Ansible (OSA), and many security enhancements for OpenStack clouds are available in deployments by -default. This appendix provides a detailed overview of the most important +default. This section provides a detailed overview of the most important security enhancements. -For more information about configuring security, see -:deploy_guide:`Appendix H `. - .. note:: Every deployer has different security requirements. @@ -33,7 +29,8 @@ certificates, keys, and CA certificates. To learn more about how to customize the deployment of encrypted communications, see -:deploy_guide:`Securing services with SSL certificates `. +:deploy_guide:`Securing services with SSL +certificates `. Host security hardening ~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/deploy-guide/source/figures/networkarch-bare-external-example.png b/doc/source/reference/figures/networkarch-bare-external-example.png similarity index 100% rename from deploy-guide/source/figures/networkarch-bare-external-example.png rename to doc/source/reference/figures/networkarch-bare-external-example.png diff --git a/deploy-guide/source/figures/networkarch-bare-external.png b/doc/source/reference/figures/networkarch-bare-external.png similarity index 100% rename from deploy-guide/source/figures/networkarch-bare-external.png rename to doc/source/reference/figures/networkarch-bare-external.png diff --git a/deploy-guide/source/figures/networkarch-container-external-example.png b/doc/source/reference/figures/networkarch-container-external-example.png similarity index 100% rename from deploy-guide/source/figures/networkarch-container-external-example.png rename to doc/source/reference/figures/networkarch-container-external-example.png diff --git a/deploy-guide/source/figures/networkarch-container-external.png b/doc/source/reference/figures/networkarch-container-external.png similarity index 100% rename from deploy-guide/source/figures/networkarch-container-external.png rename to doc/source/reference/figures/networkarch-container-external.png diff --git a/deploy-guide/source/figures/networkcomponents.png b/doc/source/reference/figures/networkcomponents.png similarity index 100% rename from deploy-guide/source/figures/networkcomponents.png rename to doc/source/reference/figures/networkcomponents.png diff --git a/deploy-guide/source/figures/networking-compute.png b/doc/source/reference/figures/networking-compute.png similarity index 100% rename from deploy-guide/source/figures/networking-compute.png rename to doc/source/reference/figures/networking-compute.png diff --git a/deploy-guide/source/figures/networking-neutronagents.png b/doc/source/reference/figures/networking-neutronagents.png similarity index 100% rename from deploy-guide/source/figures/networking-neutronagents.png rename to doc/source/reference/figures/networking-neutronagents.png diff --git a/doc/source/reference/index.rst b/doc/source/reference/index.rst index 60e7f06cfb..6a6bac99ed 100644 --- a/doc/source/reference/index.rst +++ b/doc/source/reference/index.rst @@ -25,5 +25,6 @@ see the :dev_docs:`Contributors Guide `. conventions.rst inventory/inventory.rst configuration/advanced-config.rst + architecture/index.rst commands/reference.rst upgrades/reference.rst