Add doc
Change-Id: I283cc7f5f40e45632b7e00db18a96af553e84380
|
@ -0,0 +1,181 @@
|
|||
# Makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line.
|
||||
SPHINXOPTS =
|
||||
SPHINXBUILD = sphinx-build
|
||||
PAPER =
|
||||
BUILDDIR = build
|
||||
|
||||
# User-friendly check for sphinx-build
|
||||
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
|
||||
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
|
||||
endif
|
||||
|
||||
# Internal variables.
|
||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||
PAPEROPT_letter = -D latex_paper_size=letter
|
||||
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
# the i18n builder cannot share the environment and doctrees with the others
|
||||
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
|
||||
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext lifehtml
|
||||
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " html to make standalone HTML files"
|
||||
@echo " dirhtml to make HTML files named index.html in directories"
|
||||
@echo " singlehtml to make a single large HTML file"
|
||||
@echo " pickle to make pickle files"
|
||||
@echo " json to make JSON files"
|
||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||
@echo " qthelp to make HTML files and a qthelp project"
|
||||
@echo " devhelp to make HTML files and a Devhelp project"
|
||||
@echo " epub to make an epub"
|
||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
||||
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
|
||||
@echo " text to make text files"
|
||||
@echo " man to make manual pages"
|
||||
@echo " texinfo to make Texinfo files"
|
||||
@echo " info to make Texinfo files and run them through makeinfo"
|
||||
@echo " gettext to make PO message catalogs"
|
||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||
@echo " xml to make Docutils-native XML files"
|
||||
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
|
||||
@echo " linkcheck to check all external links for integrity"
|
||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||
@echo " livehtml to run html server"
|
||||
|
||||
clean:
|
||||
rm -rf $(BUILDDIR)/*
|
||||
|
||||
html:
|
||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||
|
||||
dirhtml:
|
||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||
|
||||
singlehtml:
|
||||
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
||||
|
||||
pickle:
|
||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||
@echo
|
||||
@echo "Build finished; now you can process the pickle files."
|
||||
|
||||
json:
|
||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||
@echo
|
||||
@echo "Build finished; now you can process the JSON files."
|
||||
|
||||
htmlhelp:
|
||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||
|
||||
qthelp:
|
||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/FWaaSPluginforFuel.qhcp"
|
||||
@echo "To view the help file:"
|
||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/FWaaSPluginforFuel.qhc"
|
||||
|
||||
devhelp:
|
||||
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
||||
@echo
|
||||
@echo "Build finished."
|
||||
@echo "To view the help file:"
|
||||
@echo "# mkdir -p $$HOME/.local/share/devhelp/FWaaSPluginforFuel"
|
||||
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/FWaaSPluginforFuel"
|
||||
@echo "# devhelp"
|
||||
|
||||
epub:
|
||||
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
||||
@echo
|
||||
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
||||
|
||||
latex:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo
|
||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
||||
"(use \`make latexpdf' here to do that automatically)."
|
||||
|
||||
latexpdf:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through pdflatex..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
latexpdfja:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through platex and dvipdfmx..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
text:
|
||||
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
||||
@echo
|
||||
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
||||
|
||||
man:
|
||||
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
||||
@echo
|
||||
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
||||
|
||||
texinfo:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo
|
||||
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
||||
@echo "Run \`make' in that directory to run these through makeinfo" \
|
||||
"(use \`make info' here to do that automatically)."
|
||||
|
||||
info:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo "Running Texinfo files through makeinfo..."
|
||||
make -C $(BUILDDIR)/texinfo info
|
||||
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
||||
|
||||
gettext:
|
||||
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
||||
@echo
|
||||
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
||||
|
||||
changes:
|
||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||
@echo
|
||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||
|
||||
linkcheck:
|
||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||
@echo
|
||||
@echo "Link check complete; look for any errors in the above output " \
|
||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||
|
||||
doctest:
|
||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||
@echo "Testing of doctests in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/doctest/output.txt."
|
||||
|
||||
xml:
|
||||
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
|
||||
@echo
|
||||
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
|
||||
|
||||
pseudoxml:
|
||||
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
|
||||
@echo
|
||||
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
|
||||
|
||||
livehtml:
|
||||
sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
After Width: | Height: | Size: 32 KiB |
After Width: | Height: | Size: 25 KiB |
After Width: | Height: | Size: 23 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 17 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 34 KiB |
After Width: | Height: | Size: 32 KiB |
After Width: | Height: | Size: 44 KiB |
After Width: | Height: | Size: 43 KiB |
After Width: | Height: | Size: 34 KiB |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 55 KiB |
After Width: | Height: | Size: 18 KiB |
After Width: | Height: | Size: 21 KiB |
After Width: | Height: | Size: 17 KiB |
After Width: | Height: | Size: 22 KiB |
|
@ -0,0 +1,10 @@
|
|||
Appendix
|
||||
--------
|
||||
|
||||
+----+-----------------------+-------------------------------------------------------------------------------------------------------------------------+
|
||||
| # | Title of resource | Link on resource |
|
||||
+====+=======================+=========================================================================================================================+
|
||||
| 1 | Fuel Plugins CLI | `Link <https://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#fuel-plugins-cli/>`_ |
|
||||
+----+-----------------------+-------------------------------------------------------------------------------------------------------------------------+
|
||||
| 2 | Firewall-as-a-Service | `Link <http://docs.openstack.org/admin-guide-cloud/networking_introduction.html#firewall-as-a-service-fwaas-overview/>`_|
|
||||
+----+-----------------------+-------------------------------------------------------------------------------------------------------------------------+
|
|
@ -0,0 +1,340 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# fuel-plugin-fwaas documentation build configuration file, created by
|
||||
# sphinx-quickstart on Wed Oct 7 12:48:35 2015.
|
||||
#
|
||||
# This file is execfile()d with the current directory set to its
|
||||
# containing dir.
|
||||
#
|
||||
# Note that not all possible configuration values are present in this
|
||||
# autogenerated file.
|
||||
#
|
||||
# All configuration values have a default; values that are commented out
|
||||
# serve to show the default.
|
||||
|
||||
import sys
|
||||
import os
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
#sys.path.insert(0, os.path.abspath('.'))
|
||||
|
||||
# -- General configuration ------------------------------------------------
|
||||
|
||||
# If your documentation needs a minimal Sphinx version, state it here.
|
||||
#needs_sphinx = '1.0'
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
||||
# ones.
|
||||
extensions = [
|
||||
# 'sphinx.ext.todo',
|
||||
# 'sphinx.ext.coverage',
|
||||
]
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
templates_path = ['_templates']
|
||||
|
||||
# The suffix of source filenames.
|
||||
source_suffix = '.rst'
|
||||
|
||||
# The encoding of source files.
|
||||
#source_encoding = 'utf-8-sig'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = u'The FWaaS plugin for Fuel'
|
||||
copyright = u'2015, Mirantis Inc.'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
# built documents.
|
||||
#
|
||||
# The short X.Y version.
|
||||
version = '2.0-2.0.0-2'
|
||||
# The full version, including alpha/beta/rc tags.
|
||||
release = '2.0-2.0.0-2'
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
#language = None
|
||||
|
||||
# There are two options for replacing |today|: either, you set today to some
|
||||
# non-false value, then it is used:
|
||||
#today = ''
|
||||
# Else, today_fmt is used as the format for a strftime call.
|
||||
#today_fmt = '%B %d, %Y'
|
||||
|
||||
# List of patterns, relative to source directory, that match files and
|
||||
# directories to ignore when looking for source files.
|
||||
exclude_patterns = []
|
||||
|
||||
# The reST default role (used for this markup: `text`) to use for all
|
||||
# documents.
|
||||
#default_role = None
|
||||
|
||||
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||
#add_function_parentheses = True
|
||||
|
||||
# If true, the current module name will be prepended to all description
|
||||
# unit titles (such as .. function::).
|
||||
#add_module_names = True
|
||||
|
||||
# If true, sectionauthor and moduleauthor directives will be shown in the
|
||||
# output. They are ignored by default.
|
||||
#show_authors = False
|
||||
|
||||
# The name of the Pygments (syntax highlighting) style to use.
|
||||
pygments_style = 'sphinx'
|
||||
|
||||
# A list of ignored prefixes for module index sorting.
|
||||
#modindex_common_prefix = []
|
||||
|
||||
# If true, keep warnings as "system message" paragraphs in the built documents.
|
||||
#keep_warnings = False
|
||||
|
||||
|
||||
# -- Options for HTML output ----------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
html_theme = 'default'
|
||||
|
||||
# Theme options are theme-specific and customize the look and feel of a theme
|
||||
# further. For a list of options available for each theme, see the
|
||||
# documentation.
|
||||
#html_theme_options = {}
|
||||
|
||||
# Add any paths that contain custom themes here, relative to this directory.
|
||||
#html_theme_path = []
|
||||
|
||||
# The name for this set of Sphinx documents. If None, it defaults to
|
||||
# "<project> v<release> documentation".
|
||||
#html_title = None
|
||||
|
||||
# A shorter title for the navigation bar. Default is the same as html_title.
|
||||
#html_short_title = None
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top
|
||||
# of the sidebar.
|
||||
#html_logo = None
|
||||
|
||||
# The name of an image file (within the static path) to use as favicon of the
|
||||
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
|
||||
# pixels large.
|
||||
#html_favicon = None
|
||||
|
||||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
html_static_path = ['_static']
|
||||
|
||||
# Add any extra paths that contain custom files (such as robots.txt or
|
||||
# .htaccess) here, relative to this directory. These files are copied
|
||||
# directly to the root of the documentation.
|
||||
#html_extra_path = []
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
#html_last_updated_fmt = '%b %d, %Y'
|
||||
|
||||
# If true, SmartyPants will be used to convert quotes and dashes to
|
||||
# typographically correct entities.
|
||||
#html_use_smartypants = True
|
||||
|
||||
# Custom sidebar templates, maps document names to template names.
|
||||
#html_sidebars = {}
|
||||
|
||||
# Additional templates that should be rendered to pages, maps page names to
|
||||
# template names.
|
||||
#html_additional_pages = {}
|
||||
|
||||
# If false, no module index is generated.
|
||||
#html_domain_indices = True
|
||||
|
||||
# If false, no index is generated.
|
||||
#html_use_index = True
|
||||
|
||||
# If true, the index is split into individual pages for each letter.
|
||||
#html_split_index = False
|
||||
|
||||
# If true, links to the reST sources are added to the pages.
|
||||
#html_show_sourcelink = True
|
||||
|
||||
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
|
||||
#html_show_sphinx = True
|
||||
|
||||
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
|
||||
#html_show_copyright = True
|
||||
|
||||
# If true, an OpenSearch description file will be output, and all pages will
|
||||
# contain a <link> tag referring to it. The value of this option must be the
|
||||
# base URL from which the finished HTML is served.
|
||||
#html_use_opensearch = ''
|
||||
|
||||
# This is the file name suffix for HTML files (e.g. ".xhtml").
|
||||
#html_file_suffix = None
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = 'fuel-plugin-fwaasdoc'
|
||||
|
||||
|
||||
# -- Options for LaTeX output ---------------------------------------------
|
||||
|
||||
latex_elements = {
|
||||
# The paper size ('letterpaper' or 'a4paper').
|
||||
#'papersize': 'letterpaper',
|
||||
|
||||
# The font size ('10pt', '11pt' or '12pt').
|
||||
#'pointsize': '10pt',
|
||||
|
||||
# Additional stuff for the LaTeX preamble.
|
||||
#'preamble': '',
|
||||
}
|
||||
|
||||
# Grouping the document tree into LaTeX files. List of tuples
|
||||
# (source start file, target name, title,
|
||||
# author, documentclass [howto, manual, or own class]).
|
||||
latex_documents = [
|
||||
('index', 'fuel-plugin-fwaas.tex', u'The FWaaS Plugin for Fuel Documentation',
|
||||
u'Mirantis Inc.', 'manual'),
|
||||
]
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top of
|
||||
# the title page.
|
||||
#latex_logo = None
|
||||
|
||||
# For "manual" documents, if this is true, then toplevel headings are parts,
|
||||
# not chapters.
|
||||
#latex_use_parts = False
|
||||
|
||||
# If true, show page references after internal links.
|
||||
#latex_show_pagerefs = False
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#latex_show_urls = False
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#latex_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#latex_domain_indices = True
|
||||
|
||||
# make latex stop printing blank pages between sections
|
||||
# http://stackoverflow.com/questions/5422997/sphinx-docs-remove-blank-pages-from-generated-pdfs
|
||||
latex_elements = { 'classoptions': ',openany,oneside', 'babel' : '\\usepackage[english]{babel}' }
|
||||
|
||||
|
||||
# -- Options for manual page output ---------------------------------------
|
||||
|
||||
# One entry per manual page. List of tuples
|
||||
# (source start file, name, description, authors, manual section).
|
||||
man_pages = [
|
||||
('index', 'fuel-plugin-fwaas', u'Guide to the FWaaS Plugin ver. 2.0-2.0.0-2 for Fuel',
|
||||
[u'Mirantis Inc.'], 1)
|
||||
]
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#man_show_urls = False
|
||||
|
||||
|
||||
# -- Options for Texinfo output -------------------------------------------
|
||||
|
||||
# Grouping the document tree into Texinfo files. List of tuples
|
||||
# (source start file, target name, title, author,
|
||||
# dir menu entry, description, category)
|
||||
texinfo_documents = [
|
||||
('index', 'fuel-plugin-fwaas', u'The FWaaS Plugin for Fuel Documentation',
|
||||
u'Mirantis Inc.', 'fuel-plugin-fwaas', 'The FWaaS Plugin for Fuel Documentation',
|
||||
'Miscellaneous'),
|
||||
]
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#texinfo_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#texinfo_domain_indices = True
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
#texinfo_show_urls = 'footnote'
|
||||
|
||||
# If true, do not generate a @detailmenu in the "Top" node's menu.
|
||||
#texinfo_no_detailmenu = False
|
||||
|
||||
# Insert footnotes where they are defined instead of
|
||||
# at the end.
|
||||
pdf_inline_footnotes = True
|
||||
|
||||
|
||||
|
||||
# -- Options for Epub output ----------------------------------------------
|
||||
|
||||
# Bibliographic Dublin Core info.
|
||||
epub_title = u'The FWaaS Plugin for Fuel'
|
||||
epub_author = u'Mirantis Inc.'
|
||||
epub_publisher = u'Mirantis Inc.'
|
||||
epub_copyright = u'2015, Mirantis Inc.'
|
||||
|
||||
# The basename for the epub file. It defaults to the project name.
|
||||
#epub_basename = u'fuel-plugin-openbook'
|
||||
|
||||
# The HTML theme for the epub output. Since the default themes are not optimized
|
||||
# for small screen space, using the same theme for HTML and epub output is
|
||||
# usually not wise. This defaults to 'epub', a theme designed to save visual
|
||||
# space.
|
||||
#epub_theme = 'epub'
|
||||
|
||||
# The language of the text. It defaults to the language option
|
||||
# or en if the language is not set.
|
||||
#epub_language = ''
|
||||
|
||||
# The scheme of the identifier. Typical schemes are ISBN or URL.
|
||||
#epub_scheme = ''
|
||||
|
||||
# The unique identifier of the text. This can be a ISBN number
|
||||
# or the project homepage.
|
||||
#epub_identifier = ''
|
||||
|
||||
# A unique identification for the text.
|
||||
#epub_uid = ''
|
||||
|
||||
# A tuple containing the cover image and cover page html template filenames.
|
||||
#epub_cover = ()
|
||||
|
||||
# A sequence of (type, uri, title) tuples for the guide element of content.opf.
|
||||
#epub_guide = ()
|
||||
|
||||
# HTML files that should be inserted before the pages created by sphinx.
|
||||
# The format is a list of tuples containing the path and title.
|
||||
#epub_pre_files = []
|
||||
|
||||
# HTML files shat should be inserted after the pages created by sphinx.
|
||||
# The format is a list of tuples containing the path and title.
|
||||
#epub_post_files = []
|
||||
|
||||
# A list of files that should not be packed into the epub file.
|
||||
epub_exclude_files = ['search.html']
|
||||
|
||||
# The depth of the table of contents in toc.ncx.
|
||||
#epub_tocdepth = 3
|
||||
|
||||
# Allow duplicate toc entries.
|
||||
#epub_tocdup = True
|
||||
|
||||
# Choose between 'default' and 'includehidden'.
|
||||
#epub_tocscope = 'default'
|
||||
|
||||
# Fix unsupported image types using the PIL.
|
||||
#epub_fix_images = False
|
||||
|
||||
# Scale large images.
|
||||
#epub_max_image_width = 0
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
#epub_show_urls = 'inline'
|
||||
|
||||
# If false, no index is generated.
|
||||
#epub_use_index = True
|
|
@ -0,0 +1,21 @@
|
|||
.. fuel-plugin-fwaas-doc master file, created by
|
||||
sphinx-quickstart on Mon Nov 16 09:11:57 2015.
|
||||
You can adapt this file completely to your liking, but it should at least
|
||||
contain the root `toctree` directive.
|
||||
|
||||
Welcome to FWaaS Plugin for Fuel's documentation!
|
||||
=================================================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 4
|
||||
|
||||
overview
|
||||
installation_guide
|
||||
user_guide
|
||||
appendix
|
||||
|
||||
|
||||
Indices and tables
|
||||
==================
|
||||
|
||||
* :ref:`search`
|
|
@ -0,0 +1,52 @@
|
|||
.. _installation:
|
||||
|
||||
Installation Guide
|
||||
-------------------
|
||||
|
||||
Installing FWaaS plugin
|
||||
+++++++++++++++++++++++
|
||||
|
||||
|
||||
#. Download the plugin from `Fuel Plugins Catalog`_.
|
||||
|
||||
#. Copy the plugin on already installed Fuel Master node::
|
||||
|
||||
[user@home ~]$ scp fwaas-plugin-1.1-1.1.0-1.noarch.rpm root@:/
|
||||
<the_Fuel_Master_node_IP>:~/
|
||||
|
||||
#. Log into the Fuel Master node. Install the plugin::
|
||||
|
||||
[root@fuel ~]# fuel plugins --install fwaas-plugin-1.1-1.1.0-1.noarch.rpm
|
||||
|
||||
#. Verify that the plugin is installed correctly::
|
||||
|
||||
[root@fuel ~]# fuel plugins --list
|
||||
id | name | version | package_version
|
||||
---|--------------|---------|----------------
|
||||
1 | fwaas_plugin | 1.1.0 | 2.0.0
|
||||
|
||||
|
||||
Creating Environment with FWaaS
|
||||
+++++++++++++++++++++++++++++++
|
||||
|
||||
#. After plugin is installed, create a new OpenStack environment with Neutron
|
||||
as a network provider.
|
||||
|
||||
#. `Configure your environment`_.
|
||||
|
||||
#. Open the Settings tab of the Fuel web UI and scroll down the page. Select
|
||||
FWaaS plugin checkbox:
|
||||
|
||||
.. image:: _static/fwaas_in_fuel_ui.png
|
||||
|
||||
#. `Deploy your environment`_.
|
||||
|
||||
|
||||
**********
|
||||
References
|
||||
**********
|
||||
|
||||
.. target-notes::
|
||||
.. _Fuel Plugins Catalog: https://software.mirantis.com/download-mirantis-openstack-fuel-plug-ins
|
||||
.. _Configure your environment: http://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#configure-your-environment
|
||||
.. _Deploy your environment: http://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#deploy-changes
|
|
@ -0,0 +1,75 @@
|
|||
.. _overview:
|
||||
|
||||
Document purpose
|
||||
================
|
||||
|
||||
This document provides instructions for installing, configuring and using
|
||||
Neutron Firewall-as-a-Service plugin for Fuel.
|
||||
|
||||
|
||||
Key terms, acronyms and abbreviations
|
||||
-------------------------------------
|
||||
|
||||
+----------------------------+------------------------------------------------+
|
||||
| Term/abbreviation | Definition |
|
||||
+============================+================================================+
|
||||
| FWaaS | Firewall-as-a-Service |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| IPTables | A user-space application program that allows |
|
||||
| | a system administrator to configure the tables |
|
||||
| | provided by the Linux kernel firewall and the |
|
||||
| | chains and rules it stores. Different kernel |
|
||||
| | modules and programs are currently used for |
|
||||
| | different protocols; IPTables applies to IPv4, |
|
||||
| | ip6tables to IPv6, arptables to ARP, and |
|
||||
| | ebtables to Ethernet frames. |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| VM | Virtual Machine (Instance) |
|
||||
+----------------------------+------------------------------------------------+
|
||||
|
||||
|
||||
FWaaS Plugin
|
||||
------------
|
||||
|
||||
The Firewall-as-a-Service (FWaaS) is a Neutron plugin, which adds perimeter
|
||||
firewall management to Networking. FWaaS uses IPTables to apply firewall policy
|
||||
to the selected router. Whereas security groups operate at the instance-level,
|
||||
FWaaS operates at the router-level.
|
||||
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
+----------------------------+------------------------------------------------+
|
||||
| Requirement | Version/Comment |
|
||||
+============================+================================================+
|
||||
| Fuel | 7.0 release with Maintenance Update 2 |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| OpenStack compatibility | 2015.1 Kilo with Maintenance Update 2 |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| Operating systems | Ubuntu 14.04 LTS |
|
||||
+----------------------------+------------------------------------------------+
|
||||
|
||||
|
||||
Limitations
|
||||
-----------
|
||||
|
||||
FWaaS plugin can be enabled only in environments with Neutron with ML2 plugin
|
||||
with OpenVSwitch Mechanism driver (default configuration) as the networking
|
||||
option and tested only with the IPTables driver.
|
||||
|
||||
|
||||
Known issues
|
||||
------------
|
||||
|
||||
Please make sure that your environment contains maintenance update MU-2 for
|
||||
MOS 7.0 which has a fix for the High bug:
|
||||
`[FWaaS] Error firewall state after updating policy or rule`_
|
||||
|
||||
If your environment doesn't contain MU-2, please apply it:
|
||||
`How to apply Mirantis OpenStack 7.0 Maintenance Update`_
|
||||
|
||||
.. target-notes::
|
||||
.. _[FWaaS] Error firewall state after updating policy or rule: https://bugs.launchpad.net/mos/7.0.x/+bug/1510576
|
||||
.. _How to apply Mirantis OpenStack 7.0 Maintenance Update: https://docs.mirantis.com/openstack/fuel/fuel-7.0/maintenance-updates.html
|
||||
|
|
@ -0,0 +1,177 @@
|
|||
|
||||
.. _user-guide:
|
||||
|
||||
User Guide
|
||||
==========
|
||||
|
||||
Configuring FWaaS service
|
||||
-------------------------
|
||||
|
||||
|
||||
Once OpenStack has been deployed, we can start configuring FWaaS.
|
||||
|
||||
This section provides an example of configuration and step-by-step instructions
|
||||
for configuring the plugin.
|
||||
|
||||
Here is an example task. We will have the following network architecture in our
|
||||
Project:
|
||||
|
||||
.. figure:: _static/net_arch.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
Before we start, we need to be remember that every Project in OpenStack is
|
||||
assigned the default security group for the cluster in its default form, which
|
||||
is usually restrictive. So you’ll probably need to create a few additional
|
||||
rules in each Project’s default security group: like a general ICMP rule,
|
||||
enabling pings, and a port 22 TCP rule, enabling SSH an example task:
|
||||
|
||||
.. figure:: _static/security_groups.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
Let's get started with the testing of connectivity between our VMs (using ping).
|
||||
So, for the current state situation is the following (see the network topology
|
||||
above):
|
||||
|
||||
.. figure:: _static/table_default.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
|
||||
1. Let's create **Firewall**
|
||||
|
||||
Open *Network* menu in the left-hand menu and select *Firewalls* option.
|
||||
|
||||
.. figure:: _static/select_firewalls_menu.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
2. Create **Policy**
|
||||
|
||||
Enter *Firewall Policies* tab and click *Add Policy* button.
|
||||
|
||||
.. figure:: _static/create_policy.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
In this window, we should fill in policy name and description of this
|
||||
policy in the *Name* and *Description* fields. Also, here we can set
|
||||
*Shared* and *Audited flags*:
|
||||
|
||||
* *Shared* - allow to share your policy with all other Projects.
|
||||
* *Audited* - indicate whether the particular firewall policy was
|
||||
audited or not by the creator of the firewall policy.
|
||||
|
||||
And click *Add* button to finish.
|
||||
|
||||
.. figure:: _static/fill_policy_params.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
3. Create **Firewall**
|
||||
|
||||
Enter *Firewalls* tab and click *Create Firewall* button.
|
||||
|
||||
.. figure:: _static/create_firewall.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
In *Add Firewall* tab we should fill in *Name*, *Description* fields and
|
||||
choose our policy that was created in previous step.
|
||||
* *Shared* - allow to share your Firewall with all other Projects.
|
||||
* *Admin State* - option provide an ability to set UP or DOWN the
|
||||
Firewall.
|
||||
|
||||
.. figure:: _static/fill_firewall_params.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
**NOTE**: The firewall remains in *PENDING_CREATE* state until you create
|
||||
a Networking router and attach an interface to it.
|
||||
|
||||
In *Routers* tab we should choose routers from the available routers on
|
||||
which we want to enable our Firewall. Let's apply it only for router **r1**.
|
||||
|
||||
.. figure:: _static/add_firewall_to_r1.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
4. Let’s test connectivity between our VMs with new Firewall which we applied
|
||||
on the router **r1**
|
||||
|
||||
.. figure:: _static/table_fw_r1.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
**WARNING**: Firewall always adds a default rule to **deny** all at the
|
||||
lowest precedence of each policy. Consequently, a firewall policy with no
|
||||
rules blocks all traffic by default.
|
||||
|
||||
Since we applied our Firewall only for the router **r1** we can that **r1**
|
||||
blocks all traffic and router **r2** works as before. For the adding and
|
||||
removing routers to the Firewall we should click drop-down button near the
|
||||
*Edit Firewall* button and select *Add/Remove Router*:
|
||||
|
||||
.. figure:: _static/add_firewall_to_r2.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
5. Create **Rule**
|
||||
|
||||
For the allowing ICMP traffic we need to create a new rule.
|
||||
Enter *Firewall Rules* tab and press *Add Rule* button:
|
||||
|
||||
|
||||
.. figure:: _static/create_rule.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
Here, as usual we should fill in Name and Description fields. And specify
|
||||
the type of traffic, a couple of flags and action for it:
|
||||
|
||||
* *Protocol* - type of protocol (ICMP, TCP, UDP or ANY).
|
||||
* *Source( Destination) IP Address/Subnet* - It might be single IP
|
||||
172.18.161.10 or CIDR like 172.18.161.0/24
|
||||
* *Source(Destination) Port / Port Range* - It might be a single Port 80
|
||||
or range like 100:200.
|
||||
* *Action* - what to do (ALLOW or DENY) with this type traffic.
|
||||
* *Shared* - allow to share your rule with all other Projects.
|
||||
* *Enable* - provide an ability to turn ON or OFF this rule.
|
||||
|
||||
.. figure:: _static/fill_rule_parameters.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
6. Add **Rule** to the **Policy**
|
||||
|
||||
Add the created rule into our policy:
|
||||
|
||||
* Enter Firewall Policies.
|
||||
* In column for our policy, click drop-down button and select Insert
|
||||
Rule.
|
||||
|
||||
.. figure:: _static/add_rule_to_policy.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
* In *Insert Rule to Policy* window, we can choose the necessary rule
|
||||
and specify the order of applying the rules. It's important that the
|
||||
rules are setup in proper order. The first rule that matches the type
|
||||
of traffic will be used.
|
||||
|
||||
.. figure:: _static/insert_rule_into_policy.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
7. And let’s test connectivity again
|
||||
|
||||
.. figure:: _static/table_all_routers_with_fw_and_icmp_rule.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
The situation is the same that we have without a Firewall, but only for the
|
||||
ICMP traffic while for the other types of packets it remained the same as
|
||||
at the beginning.
|
||||
|
||||
|