From e6d6e84cadf3c5c1afb5cc632a29a7c6efc40145 Mon Sep 17 00:00:00 2001 From: Adil Date: Fri, 11 Jun 2021 16:16:25 -0300 Subject: [PATCH] Reorganize Content of Guides - Sys Config Guide - Node Management Guide Topic already in Sys Config Guide with different names (deleted). Added links to topics Moved links to other topics according to review. Signed-off-by: Adil Change-Id: Ifb015461a60bedd7b5ddd8cee651ac41fc038c3f --- .../node_management/kubernetes/index.rst | 10 +- ...-mtu-of-an-oam-interface-using-horizon.rst | 2 +- ...-mtu-of-an-oam-interface-using-the-cli.rst | 2 +- ...the-oam-ip-configuration-using-horizon.rst | 8 +- ...the-oam-ip-configuration-using-the-cli.rst | 8 +- .../system_configuration/kubernetes/index.rst | 1 - .../modifying-oam-firewall-rules.rst | 92 ------------------- 7 files changed, 17 insertions(+), 106 deletions(-) delete mode 100644 doc/source/system_configuration/kubernetes/modifying-oam-firewall-rules.rst diff --git a/doc/source/node_management/kubernetes/index.rst b/doc/source/node_management/kubernetes/index.rst index 35576d21b..d26e2d5e7 100644 --- a/doc/source/node_management/kubernetes/index.rst +++ b/doc/source/node_management/kubernetes/index.rst @@ -299,6 +299,7 @@ Common device management tasks hardware_acceleration_devices/removing-a-device-label hardware_acceleration_devices/initiating-a-device-image-update-for-a-host hardware_acceleration_devices/displaying-the-status-of-device-images + cli-commands-for-managing-pci-devices *********************************************** vRAN Accelerator ACC100 Adapter \(Mount Bryce\) @@ -366,12 +367,3 @@ Provision BMC using the CLI provisioning_bmc/provisioning-bmc-when-adding-a-host provisioning_bmc/provisioning-bmc-after-adding-a-host provisioning_bmc/deprovisioning-board-management-control-from-the-cli - -------------------------------------- -CLI commands for managing PCI devices -------------------------------------- - -.. toctree:: - :maxdepth: 1 - - cli-commands-for-managing-pci-devices diff --git a/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-horizon.rst b/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-horizon.rst index cb9c6a24e..88e9a49a9 100644 --- a/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-horizon.rst +++ b/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-horizon.rst @@ -49,4 +49,4 @@ locked. This requires a swact during the procedure. #. Modify the |MTU| of the |OAM| interface on the new standby controller. -#. Unlock the standby controller. \ No newline at end of file +#. Unlock the standby controller. diff --git a/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-the-cli.rst b/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-the-cli.rst index 67b2e3554..d5d15d5d1 100644 --- a/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-the-cli.rst +++ b/doc/source/system_configuration/kubernetes/changing-the-mtu-of-an-oam-interface-using-the-cli.rst @@ -59,4 +59,4 @@ requires a swact. .. code-block:: none - ~(keystone_admin)]$ system host-unlock controller-0 \ No newline at end of file + ~(keystone_admin)]$ system host-unlock controller-0 diff --git a/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-horizon.rst b/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-horizon.rst index f8102cdca..a0e1febd8 100644 --- a/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-horizon.rst +++ b/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-horizon.rst @@ -123,4 +123,10 @@ the system configuration is updated. .. rubric:: |postreq| If alarms are not cleared after a few minutes, lock and unlock the worker -nodes to apply any other incomplete configuration changes. \ No newline at end of file +nodes to apply any other incomplete configuration changes. + +For more information about the default firewall rules, see +:ref:`Default Firewall Rules `. + +For more information about modifying the firewall options, see +:ref:`Modify Firewall Options `. diff --git a/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-the-cli.rst b/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-the-cli.rst index 6fd956128..0f22a094c 100644 --- a/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-the-cli.rst +++ b/doc/source/system_configuration/kubernetes/changing-the-oam-ip-configuration-using-the-cli.rst @@ -71,4 +71,10 @@ resources are available to migrate any running instances. .. note:: On AIO Simplex systems you do not need to lock and unlock the host. The - changes are applied automatically. \ No newline at end of file + changes are applied automatically. + +For more information about the default firewall rules, see +:ref:`Default Firewall Rules `. + +For more information about modifying the firewall options, see +:ref:`Modify Firewall Options `. diff --git a/doc/source/system_configuration/kubernetes/index.rst b/doc/source/system_configuration/kubernetes/index.rst index 1ff8c964c..1fa9a1d6d 100644 --- a/doc/source/system_configuration/kubernetes/index.rst +++ b/doc/source/system_configuration/kubernetes/index.rst @@ -54,7 +54,6 @@ OAM IP Configuration changing-the-oam-ip-configuration-using-horizon changing-the-oam-ip-configuration-using-the-cli - modifying-oam-firewall-rules changing-the-mtu-of-an-oam-interface-using-horizon changing-the-mtu-of-an-oam-interface-using-the-cli diff --git a/doc/source/system_configuration/kubernetes/modifying-oam-firewall-rules.rst b/doc/source/system_configuration/kubernetes/modifying-oam-firewall-rules.rst deleted file mode 100644 index 13db9197a..000000000 --- a/doc/source/system_configuration/kubernetes/modifying-oam-firewall-rules.rst +++ /dev/null @@ -1,92 +0,0 @@ - -.. yqd1552574422118 -.. _modifying-oam-firewall-rules: - -========================== -Modify OAM Firewall Rules -========================== - -|prod| supports custom |OAM| firewall rules using Kubernetes Global Network -Policies. - -These policies are defined using yaml syntax. For example: - -.. code-block:: yaml - - ~(keystone_admin)]$ kubectl get globalnetworkpolicies.crd.projectcalico.org -o yaml - apiVersion: v1 - items: - - apiVersion: crd.projectcalico.org/v1 - kind: GlobalNetworkPolicy - metadata: - creationTimestamp: "2019-06-28T17:06:33Z" - generation: 1 - name: controller-oam-if-gnp - resourceVersion: "1916" - selfLink: /apis/crd.projectcalico.org/v1/globalnetworkpolicies/controller-oam-if-gnp - uid: 146ec9a4-99c7-11e9-b187-0800275484ef - spec: - applyOnForward: false - egress: - - action: Allow - ipVersion: 4 - protocol: TCP - - action: Allow - ipVersion: 4 - protocol: UDP - - action: Allow - protocol: ICMP - ingress: - - action: Allow - destination: - ports: - - 22 - - 18002 - - 4545 - - 15491 - - 6385 - - 7777 - - 6443 - - 7480 - - 9311 - - 5000 - - 8080 - ipVersion: 4 - protocol: TCP - - action: Allow - destination: - ports: - - 2222 - - 2223 - - 123 - - 161 - - 162 - - 319 - - 320 - ipVersion: 4 - protocol: UDP - - action: Allow - protocol: ICMP - order: 100 - selector: has(iftype) && iftype == 'oam' - types: - - Ingress - - Egress - kind: List - metadata: - resourceVersion: "" - selfLink: "" - -For a full description of |GNP| syntax, -see `https://docs.projectcalico.org/v3.6/reference/calicoctl/resources/globalnetworkpolicy -`__. - -Use the following command to edit the globalnetworkpolicy and modify the -|OAM| Firewall according to the above |GNP| syntax: - -.. code-block:: none - - kubectl edit globalnetworkpolicy - -.. xbooklink For more information about the |prod| firewall, - see |sec-doc|: `Firewall Options `.