[Docs] Moves network configuration to admin-guide

Changes: - Restructures and moves Network configuration to the appropriate section of the Admin Guide. - Removes Murano Installation Guide from the Miscellaneous section as it has already been rewritten and moved to the Admin Guide (see sections: Deploying Murano and Prepare a lab for Murano) - No changes in the Policy configuration section. Change-Id: I7d396375a312648ad2f05350b87079601b7c0878 Partial-Bug: #1603950
2016-08-12 14:59:52 +03:00 · 2016-08-12 14:59:52 +03:00 · 603b1c0d4a
commit 603b1c0d4a
parent 5475ac13ad
18 changed files with 224 additions and 1096 deletions
--- a/doc/source/draft/admin-guide/configuration.rst
+++ b/doc/source/draft/admin-guide/configuration.rst
@ -0,0 +1,216 @@
 .. _configuration:
 .. toctree::
   :maxdepth: 2
 =============
 Configuration
 =============
 Network configuration
 ~~~~~~~~~~~~~~~~~~~~~
 Murano may work in various networking environments and is capable of detecting
 the current network configuration and choosing appropriate settings
 automatically. However, some additional actions are required to support
 advanced scenarios.
 Nova-network support
 ^^^^^^^^^^^^^^^^^^^^
 Nova-network is the simplest networking solution, which has limited
 capabilities but is available on any OpenStack deployment without the need to
 deploy any additional components.
 When a new murano environment is created, murano checks if a dedicated
 networking service, for example, neutron, exists in the current OpenStack
 deployment. It relies on the Identity service catalog for that. If such a
 service is not present, murano automatically falls back to nova-network. No
 further configuration is needed in this case, all the VMs spawned by Murano
 will be joining the same network.
 Neutron support
 ^^^^^^^^^^^^^^^
 If neutron is installed, murano enables its advanced networking features that
 give you the ability to avoid configuring networks for your application.
 By default, it creates an isolated network for each environment and joins
 all VMs needed by your application to that network. To install and configure
 the application in a newly spawned virtual machine, murano also requires a
 router to be connected to the external network.
 Automatic neutron configuration
 +++++++++++++++++++++++++++++++
 To create the router automatically, provide the following parameters in the
 configuration file:
 .. code-block:: ini
   [networking]
   external_network = %EXTERNAL_NETWORK_NAME%
   router_name = %MURANO_ROUTER_NAME%
   create_router = true
 To figure out the name of the external network, run
 :command:`openstack network list --external`.
 During the first deployment, the required networks and router with a specified
 name will be created and set up.
 Manual neutron configuration
 ++++++++++++++++++++++++++++
 To configure neutron manually, follow the steps below.
 #. Create a public network.
   #. Log in to the OpenStack dashboard as an administrator.
   #. Verify the existence of external networks. For this, navigate to
      :menuselection:`Project > Network > Network Topology`.
   #. Check the network type in network details. For this, navigate to
      :menuselection:`Admin > Networks` and see the :guilabel:`Network name`
      section.
      Alternatively, run the :command:`openstack network list --external`
      command using CLI.
   #. Create a new external network as described in the `OpenStack documentation <http://docs.openstack.org/cli-reference/openstack.html#openstack-network-create>`_.
   .. image:: figures/network-topology-1.png
      :alt: Network Topology page
      :width: 630 px
 #. Create a local network.
   #. Navigate to :menuselection:`Project > Network > Networks`.
   #. Click :guilabel:`Create Network` and fill in the form.
 #. Create a router.
   #. Navigate to :menuselection:`Project > Network > Routers`.
   #. Click :guilabel:`Create Router`.
   #. In the :guilabel:`Router Name` field, enter *murano-default-router*.
      If you specify a name other than *murano-default-router*, change the
      following settings in the configuration file:
      .. code-block:: ini
         [networking]
         router_name = %SPECIFIED_NAME%
         create_router = false
   #. Click :guilabel:`Create router`.
   #. Click the newly created router name.
   #. In the :guilabel:`Interfaces` tab, click :guilabel:`Add Interface`.
   #. Specify the subnet and IP address.
      .. image:: figures/add-interface.png
         :alt: Add Interface dialog
         :width: 630 px
   #. Verify the result in
      :menuselection:`Project > Network > Network Topology`.
      .. image:: figures/network-topology-2.png
         :alt: Network Topology page
         :width: 630 px
 Policy configuration
 ~~~~~~~~~~~~~~~~~~~~
 Like each service in OpenStack, murano has its own role-based access policies
 that determine who and how can access objects. These policies are defined
 in the service's :file:`policy.json` file.
 On each API call corresponding policy check is performed.
 :file:`policy.json` file can be changed whiteout interrupting the API service.
 For detailed information on :file:`policy.json` syntax, please refer to the
 `OpenStack official documentation <http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html>`_
 With this file you can set who may upload packages and perform other operations.
 The :file:`policy.json` example is:
 .. code-block:: json
    {
       // Rule declaration
       "context_is_admin": "role:admin",
       "admin_api": "is_admin:True",
       "default": "",
       // Package operations
       "get_package": "rule:default",
       "upload_package": "rule:default",
       "modify_package": "rule:default",
       "publicize_package": "rule:admin_api",
       "manage_public_package": "rule:default",
       "delete_package": "rule:default",
       "download_package": "rule:default",
       // Category operations
       "get_category": "rule:default",
       "delete_category": "rule:admin_api",
       "add_category": "rule:admin_api",
       // Deployment read operations
       "list_deployments": "rule:default",
       "statuses_deployments": "rule:default",
       // Environment operations
       "list_environments": "rule:default",
       "list_environments_all_tenants": "rule:admin_api",
       "show_environment": "rule:default",
       "update_environment": "rule:default",
       "create_environment": "rule:default",
       "delete_environment": "rule:default",
       // Environment template operations
       "list_env_templates": "rule:default",
       "create_env_template": "rule:default",
       "show_env_template": "rule:default",
       "update_env_template": "rule:default",
       "delete_env_template": "rule:default",
       // Control on executing actions on deployment environments
       "execute_action": "rule:default"
    }
 So, changing ``"upload_package": "rule:default"`` to ``"rule:admin_api"``
 will forbid regular users to upload packages.
 For reference:
 - ``"get_package"`` is checked whenever a user accesses a package
  from the catalog. default: anyone
 - ``"upload_package"`` is checked whenever a user uploads a package
  to the catalog.  default: anyone
 - ``"modify_package"`` is checked whenever a user modifies a package
  in the catalog. default: anyone
 - ``"publicize_package"`` is checked whenever a user is trying to
  make a murano package public (both when creating a new package or
  modifying an existing one). default: admin users
 - ``"manage_public_package"`` is checked whenever a user attempts to
  modify parameters of a public package. default: admin users
 - ``"delete_package"`` is checked whenever a user attempts to
  delete a package from the catalog. default: anyone
 - ``"download_package"`` is checked whenever a user attempts to
  download a package from the catalog. default: anyone
 - ``"list_environments_all_tenants"`` is checked whenever a request
  to list environments of all tenants is made. default: admin users
 - ``"execute_action"`` is checked whenever a user attempts to execute
  an action on deployment environments. default: anyone
 Uploading package wizard in murano dashboard consists of several steps.
 Upload package API call requested from the first form and modify from
 the second one. It provides modifying package parameters on time of
 uploading. So, please modify both configuration together. Otherwise it
 will not be possible to browse package details on the second step
 of the wizard.
--- a/doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst
+++ b/doc/source/draft/admin-guide/deploy_murano/configure_ssl.rst
@ -93,6 +93,7 @@ set ``ssl = True`` in the  ``[rabbitmq]`` section of
   [rabbitmq]
   ...
   ssl = True
   insecure = False
 If you want to configure the murano agent differently, you need to change
 the `default template <http://git.openstack.org/cgit/openstack/murano/tree/meta/io.murano/Resources/Agent-v1.template>`_ located in the murano core library.
--- a/doc/source/draft/admin-guide/figures/add-interface.png
+++ b/doc/source/draft/admin-guide/figures/add-interface.png
--- a/doc/source/draft/admin-guide/figures/network-topology-1.png
+++ b/doc/source/draft/admin-guide/figures/network-topology-1.png
--- a/doc/source/draft/admin-guide/figures/network-topology-2.png
+++ b/doc/source/draft/admin-guide/figures/network-topology-2.png
--- a/doc/source/draft/admin-guide/installation.rst
+++ b/doc/source/draft/admin-guide/installation.rst
@ -1,105 +0,0 @@
 .. _installation:
 .. toctree::
   :maxdepth: 2
 ============
 Installation
 ============
 Network configuration
 ~~~~~~~~~~~~~~~~~~~~~
 Policy configuration
 ~~~~~~~~~~~~~~~~~~~~
 Like each service in OpenStack, murano has its own role-based access policies
 that determine who and how can access objects. These policies are defined
 in the service's :file:`policy.json` file.
 On each API call corresponding policy check is performed.
 :file:`policy.json` file can be changed whiteout interrupting the API service.
 For detailed information on :file:`policy.json` syntax, please refer to the
 `OpenStack official documentation <http://docs.openstack.org/kilo/config-reference/content/policy-json-file.html>`_
 With this file you can set who may upload packages and perform other operations.
 The :file:`policy.json` example is:
 .. code-block:: javascript
    {
       // Rule declaration
       "context_is_admin": "role:admin",
       "admin_api": "is_admin:True",
       "default": "",
       // Package operations
       "get_package": "rule:default",
       "upload_package": "rule:default",
       "modify_package": "rule:default",
       "publicize_package": "rule:admin_api",
       "manage_public_package": "rule:default",
       "delete_package": "rule:default",
       "download_package": "rule:default",
       // Category operations
       "get_category": "rule:default",
       "delete_category": "rule:admin_api",
       "add_category": "rule:admin_api",
       // Deployment read operations
       "list_deployments": "rule:default",
       "statuses_deployments": "rule:default",
       // Environment operations
       "list_environments": "rule:default",
       "list_environments_all_tenants": "rule:admin_api",
       "show_environment": "rule:default",
       "update_environment": "rule:default",
       "create_environment": "rule:default",
       "delete_environment": "rule:default",
       // Environment template operations
       "list_env_templates": "rule:default",
       "create_env_template": "rule:default",
       "show_env_template": "rule:default",
       "update_env_template": "rule:default",
       "delete_env_template": "rule:default",
       // Control on executing actions on deployment environments
       "execute_action": "rule:default"
    }
 So, changing ``"upload_package": "rule:default"`` to ``"rule:admin_api"``
 will forbid regular users to upload packages.
 For reference:
 - ``"get_package"`` is checked whenever a user accesses a package
  from the catalog. default: anyone
 - ``"upload_package"`` is checked whenever a user uploads a package
  to the catalog.  default: anyone
 - ``"modify_package"`` is checked whenever a user modifies a package
  in the catalog. default: anyone
 - ``"publicize_package"`` is checked whenever a user is trying to
  make a murano package public (both when creating a new package or
  modifying an existing one). default: admin users
 - ``"manage_public_package"`` is checked whenever a user attempts to
  modify parameters of a public package. default: admin users
 - ``"delete_package"`` is checked whenever a user attempts to
  delete a package from the catalog. default: anyone
 - ``"download_package"`` is checked whenever a user attempts to
  download a package from the catalog. default: anyone
 - ``"list_environments_all_tenants"`` is checked whenever a request
  to list environments of all tenants is made. default: admin users
 - ``"execute_action"`` is checked whenever a user attempts to execute
  an action on deployment environments. default: anyone
 Uploading package wizard in murano dashboard consists of several steps.
 Upload package API call requested from the first form and modify from
 the second one. It provides modifying package parameters on time of
 uploading. So, please modify both configuration together. Otherwise it
 will not be possible to browse package details on the second step
 of the wizard.
--- a/doc/source/draft/admin-guide/prepare_lab.rst
+++ b/doc/source/draft/admin-guide/prepare_lab.rst
@ -14,7 +14,7 @@
      under the License.
 ========================
-Prepare A Lab For Murano
+Prepare a lab for murano
 ========================
 This section provides basic information about lab's system requirements.
 It also contains a description of a test which you may use to check if
@ -27,7 +27,7 @@ compare the results with baseline data provided.
 System prerequisites
 ~~~~~~~~~~~~~~~~~~~~
-Supported Operating Systems
+Supported operating systems
 ---------------------------
 * Ubuntu Server 12.04 LTS
@ -89,7 +89,7 @@ Install all the requirements on CentOS by running::
 .. _lab_requirements:
-Lab Requirements
+Lab requirements
 ----------------
 +------------+--------------------------------+-----------------------+
@ -119,7 +119,7 @@ All of them were tested and were working well.
 * 1x HDD (15000 rpm) 500+ GB
-Test Your Lab Host Performance
+Test your lab host performance
 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 We have measured time required to boot 1 to 5 instances of Windows
@ -189,7 +189,7 @@ Steps to reproduce test:
       sudo killall kvm
-Baseline Data
+Baseline data
 ~~~~~~~~~~~~~
 The table below provides baseline data which we've got in our
@ -207,7 +207,7 @@ environment.
 while ``Max. Time`` refers to minimal hardware configuration.
-Host Optimizations
+Host optimizations
 ~~~~~~~~~~~~~~~~~~
 Default KVM installation could be improved to provide better
--- a/doc/source/draft/index.rst
+++ b/doc/source/draft/index.rst
@ -37,7 +37,7 @@ Deploying Murano
   admin-guide/deploy_murano
   admin-guide/prepare_lab
-   admin-guide/installation
+   admin-guide/configuration
   admin-guide/manage_packages
   admin-guide/manage_images
   admin-guide/manage_categories
--- a/doc/source/index.rst
+++ b/doc/source/index.rst
@ -118,13 +118,6 @@ Developing Applications
 Miscellaneous
 ~~~~~~~~~~~~~
 **Installation**
 .. toctree::
   :maxdepth: 1
   install/index
 **Background Concepts for Murano**
 .. toctree::
--- a/doc/source/install/2.png
+++ b/doc/source/install/2.png
--- a/doc/source/install/3.png
+++ b/doc/source/install/3.png
--- a/doc/source/install/4_1.png
+++ b/doc/source/install/4_1.png
--- a/doc/source/install/configure_network.rst
+++ b/doc/source/install/configure_network.rst
@ -1,129 +0,0 @@
 ..
    Copyleft 2014 Mirantis, Inc.
    Licensed under the Apache License, Version 2.0 (the "License"); you may
    not use this file except in compliance with the License. You may obtain
    a copy of the License at
        http://www.apache.org/licenses/LICENSE-2.0
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
    License for the specific language governing permissions and limitations
    under the License.
 ..
 Network Configuration
 ---------------------
 Murano may work in various networking environments and is capable of
 detecting the current network configuration and choosing appropriate
 settings automatically. However, some additional actions are required to
 support advanced scenarios.
 Nova network support
 ^^^^^^^^^^^^^^^^^^^^
 Nova Network is simplest networking solution, which has limited capabilities
 but is available on any OpenStack deployment without the need to deploy any
 additional components.
 When a new Murano Environment is created, Murano checks if a dedicated
 networking service (i.e. Neutron) exists in the current OpenStack deployment.
 It relies on Keystone's service catalog for that.
 If such a service is not present, Murano automatically falls back to Nova
 Network. No further configuration is needed in this case, all the VMs spawned
 by Murano will be joining the same Network.
 Neutron support
 ^^^^^^^^^^^^^^^
 If neutron is installed, murano enables its advanced networking features that
 give you the ability to avoid configuring networks for your application.
 By default it will create an isolated network for each environment and join
 all VMs needed by your application to that network. To install and configure
 the application in a newly spawned virtual machine, murano also requires
 a router to be connected to the external network.
 Automatic neutron network configuration
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 To create the router automatically, provide the following parameters
 in the config file:
 .. code-block:: ini
    [networking]
    external_network = %EXTERNAL_NETWORK_NAME%
    router_name = %MURANO_ROUTER_NAME%
    create_router = true
 ..
 To figure out the name of the external network, perform the following command:
 .. code-block:: console
    openstack network list --external
 During the first deployment, the required networks and router with a specified name
 will be created and set up.
 Manual neutron network configuration
 ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
 * Step 1. Create public network
 * First, you need to check for existence of external networks. Login as admin and go to
   *Project -> Network -> Network Topology*. And check network type in network details at *Admin -> Networks -> Network name* page.
   The same action can be done via CLI by running `openstack network list --external`. To create new external network examine `OpenStack documentation <http://docs.openstack.org/cli-reference/openstack.html#openstack-network-create>`_.
  .. image:: 1.png
     :align: left
     :scale: 70 %
 * Step 2. Create local network
 * Go to *Project -> Network -> Networks*.
 * Click *Create Network* and fill the form.
  .. image:: 2.png
  .. image:: 3.png
 * Step 3. Create router
 * Go to *Project -> Network -> Routers*
 * Click "Create Router"
 * In the "Router Name" field, enter the *murano-default-router*
  .. image:: 4_1.png
  If you specify a name other than *murano-default-router*, it will be necessary
  to change the following settings in the config file:
  .. code-block:: ini
     [networking]
     router_name = %SPECIFIED_NAME%
     create_router = false
 * Click on the specified router name
 * In the opened view click “Add interface”
 * Specify the subnet and IP address
  .. image:: 4_2.png
  And check the result in `Network Topology` tab.
  .. image:: 5.png
--- a/doc/source/install/development.rst
+++ b/doc/source/install/development.rst
@ -1,29 +0,0 @@
 ..
      Copyright 2014 2014 Mirantis, Inc.
      Licensed under the Apache License, Version 2.0 (the "License"); you may
      not use this file except in compliance with the License. You may obtain
      a copy of the License at
          http://www.apache.org/licenses/LICENSE-2.0
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
      WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
      License for the specific language governing permissions and limitations
      under the License.
 ==============================================
 Installing and Running the Development Version
 ==============================================
 The `devstack`_ directory contains the files necessary to integrate
 Murano with `Devstack`_.
 .. include:: ../../../devstack/README.rst
 .. _Devstack: http://docs.openstack.org/developer/devstack/
 .. _contrib/devstack: https://git.openstack.org/cgit/openstack/murano/tree/contrib/devstack
--- a/doc/source/install/index.rst
+++ b/doc/source/install/index.rst
@ -1,31 +0,0 @@
 ..
      Copyright 2014 Mirantis, Inc.
      Licensed under the Apache License, Version 2.0 (the "License"); you may
      not use this file except in compliance with the License. You may obtain
      a copy of the License at
          http://www.apache.org/licenses/LICENSE-2.0
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
      WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
      License for the specific language governing permissions and limitations
      under the License.
 .. _install:
 =========================
 Murano Installation Guide
 =========================
 Content
 =======
 .. toctree::
   :maxdepth: 2
   prepare
   development
   manual
   ssl
--- a/doc/source/install/manual.rst
+++ b/doc/source/install/manual.rst
@ -1,452 +0,0 @@
 ..
    Copyright 2014 Mirantis, Inc.
    Licensed under the Apache License, Version 2.0 (the "License"); you may
    not use this file except in compliance with the License. You may obtain
    a copy of the License at
        http://www.apache.org/licenses/LICENSE-2.0
    Unless required by applicable law or agreed to in writing, software
    distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
    WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
    License for the specific language governing permissions and limitations
    under the License.
 ..
 .. _installing_manually:
 ===============================
 Installing and Running Manually
 ===============================
 Prepare Environment
 ===================
 Install Prerequisites
 ---------------------
 First you need to install a number of packages with your OS package manager.
 The list of packages depends on the OS you use.
 Ubuntu
 ^^^^^^
 .. code-block:: console
    sudo apt-get install python-pip python-dev \
      libmysqlclient-dev libpq-dev \
      libxml2-dev libxslt1-dev \
      libffi-dev
 ..
 Fedora
 ^^^^^^
 .. note::
    Fedora support wasn't thoroughly tested. We do not guarantee that murano
    will work on Fedora.
 ..
 .. code-block:: console
    sudo yum install gcc python-setuptools python-devel python-pip
 ..
 CentOS
 ^^^^^^
 .. code-block:: console
    sudo yum install gcc python-setuptools python-devel
    sudo easy_install pip
 ..
 Install tox
 -----------
 .. code-block:: console
    sudo pip install tox
 ..
 Install And Configure Database
 ------------------------------
 Murano can use various database types on the back end. For development purposes
 SQLite is enough in most cases. For production installations you should use
 MySQL or PostgreSQL databases.
 .. warning::
    Although murano could use a PostgreSQL database on the back end, it wasn't
    thoroughly tested and should be used with caution.
 ..
 To use a MySQL database you should install it and create an empty database first:
 .. code-block:: console
    apt-get install python-mysqldb mysql-server
 ..
 .. code-block:: console
    mysql -u root -p
    mysql> CREATE DATABASE murano;
    mysql> GRANT ALL PRIVILEGES ON murano.* TO 'murano'@'localhost' \
        IDENTIFIED BY 'MURANO_DBPASS';
    mysql> exit;
 ..
 Install the API service and Engine
 ==================================
 #.  Create a folder which will hold all Murano components.
    .. code-block:: console
        mkdir ~/murano
    ..
 #.  Clone the murano git repository to the management server.
    .. code-block:: console
        cd ~/murano
        git clone git://git.openstack.org/openstack/murano
    ..
 #.  Set up the murano config file
    Murano has a common config file for API and Engine services.
    First, generate a sample configuration file, using tox
    .. code-block:: console
        cd ~/murano/murano
        tox -e genconfig
    ..
    And make a copy of it for further modifications
    .. code-block:: console
        cd ~/murano/murano/etc/murano
        ln -s murano.conf.sample murano.conf
    ..
 #.  Edit ``murano.conf`` with your favorite editor. Below is an example
    which contains basic settings your are likely need to configure.
    .. note::
        The example below uses SQLite database. Edit **[database]** section
        if you want to use other database type.
    ..
    .. code-block:: ini
        [DEFAULT]
        debug = true
        verbose = true
        rabbit_host = %RABBITMQ_SERVER_IP%
        rabbit_userid = %RABBITMQ_USER%
        rabbit_password = %RABBITMQ_PASSWORD%
        rabbit_virtual_host = %RABBITMQ_SERVER_VIRTUAL_HOST%
        ...
        [oslo_messaging_notifications]
        driver = messagingv2
        ...
        [database]
        backend = sqlalchemy
        connection = sqlite:///murano.sqlite
        ...
        [keystone]
        auth_url = 'http://%OPENSTACK_HOST_IP%:5000/v2.0'
        ...
        [keystone_authtoken]
        auth_uri = 'http://%OPENSTACK_HOST_IP%:5000/v2.0'
        auth_host = '%OPENSTACK_HOST_IP%'
        auth_port = 5000
        auth_protocol = http
        admin_tenant_name = %OPENSTACK_ADMIN_TENANT%
        admin_user = %OPENSTACK_ADMIN_USER%
        admin_password = %OPENSTACK_ADMIN_PASSWORD%
        ...
        [murano]
        url = http://%YOUR_HOST_IP%:8082
        [rabbitmq]
        host = %RABBITMQ_SERVER_IP%
        login = %RABBITMQ_USER%
        password = %RABBITMQ_PASSWORD%
        virtual_host = %RABBITMQ_SERVER_VIRTUAL_HOST%
        [networking]
        default_dns = 8.8.8.8 # In case openstack neutron has no default
                              # DNS configured
    ..
 #.  Create a virtual environment and install Murano prerequisites. We will use
    *tox* for that. Virtual environment will be created under *.tox* directory.
    .. code-block:: console
        cd ~/murano/murano
        tox
    ..
 #.  Create database tables for Murano.
    .. code-block:: console
        cd ~/murano/murano
        tox -e venv -- murano-db-manage \
          --config-file ./etc/murano/murano.conf upgrade
    ..
 #.  Launch the murano API in a separate terminal:
    .. code-block:: console
        cd ~/murano/murano
        tox -e venv -- murano-api --config-file ./etc/murano/murano.conf
    ..
    .. note::
        Run the command in a new terminal as the process will be running in
        the terminal until you terminate it, therefore, blocking the current
        terminal.
 #.  Leaving the API process running, return to the previous console and
    import murano core library:
    .. code-block:: console
        cd ~/murano/murano
        pushd ./meta/io.murano
        zip -r ../../io.murano.zip *
        popd
        tox -e venv -- murano --murano-url http://localhost:8082 \
          package-import --is-public io.murano.zip
    ..
 #.  Launch the murano engine in a separate terminal:
    .. code-block:: console
        cd ~/murano/murano
        tox -e venv -- murano-engine --config-file ./etc/murano/murano.conf
    ..
    .. note::
        Run the command in a new terminal as the process will be running in
        the terminal until you terminate it, therefore, blocking the current
        terminal.
 Register in Keystone
 --------------------
 To make the murano API available to all OpenStack users, you need to register the
 Application Catalog service within the Identity service.
 #. Add ``application-catalog`` service:
   .. code-block:: console
     openstack service create --name murano --description "Application Catalog for OpenStack" application-catalog
 #. Provide an endpoint for that service:
   .. code-block:: console
      openstack endpoint create --region RegionOne --publicurl http://<murano-ip>:8082 --internalurl http://<murano-ip>:8082 --adminurl http://<murano-ip>:8082 <MURANO-SERVICE-ID>
   where ``MURANO-SERVICE-ID`` is the unique service number that you can find
   in the :command:`openstack service create` output.
 .. note:: URLs (publicurl, internalurl and adminurl) may be different
          depending on your environment.
 Install Murano Dashboard
 ========================
 Murano API & Engine services provide the core of Murano. However, your need a
 control plane to use it. This section describes how to install and run Murano
 Dashboard.
 #.  Clone the repository with Murano Dashboard.
    .. code-block:: console
        cd ~/murano
        git clone git://git.openstack.org/openstack/murano-dashboard
    ..
 #.  Clone horizon repository
    .. code-block:: console
        git clone git://git.openstack.org/openstack/horizon
    ..
 #.  Create venv and install muranodashboard as editable module.
    .. code-block:: console
        cd horizon
        tox -e venv -- pip install -e ../murano-dashboard
    ..
 #.  Copy muranodashboard plugin file.
    This step enables murano panel in horizon dashboard.
    * For the OpenStack installations prior to the Newton release, run::
      .. code-block:: console
          cp ../murano-dashboard/muranodashboard/local/_50_murano.py openstack_dashboard/local/enabled/
      ..
    * For the Newton (and later) OpenStack installations, run::
      .. code-block:: console
          cp ../murano-dashboard/muranodashboard/local/enabled/_50_murano.py openstack_dashboard/local/enabled/
      ..
 #.  Prepare horizon local settings.
    To get more information, check out official
    `horizon documentation <http://docs.openstack.org/developer/horizon/topics/settings.html#openstack-settings-partial>`_.
    .. code-block:: console
        cp openstack_dashboard/local/local_settings.py.example openstack_dashboard/local/local_settings.py
 #.  Customize local settings according to OpenStack installation.
    .. code-block:: python
        ...
        ALLOWED_HOSTS = '*'
        # Provide OpenStack Lab credentials
        OPENSTACK_HOST = '%OPENSTACK_HOST_IP%'
        ...
        # Set secret key to prevent it's generation
        SECRET_KEY = 'random_string'
        ...
        DEBUG_PROPAGATE_EXCEPTIONS = DEBUG
    ..
    * For the OpenStack installations prior to the Newton release:
      Also, it's better to change default session backend from browser cookies
      to database to avoid issues with forms during creating applications:
      .. code-block:: python
          ...
          DATABASES = {
              'default': {
              'ENGINE': 'django.db.backends.sqlite3',
              'NAME': 'murano-dashboard.sqlite',
              }
          }
          SESSION_ENGINE = 'django.contrib.sessions.backends.db'
      ..
    * For the OpenStack installations of the Newton (and later) version:
      Copy murano dashboard specific settings file to horizon dashboard.
      .. code-block:: console
          cp ../murano-dashboard/muranodashboard/local/local_settings.d/_50_murano.py openstack_dashboard/local/local_settings.d/
      ..
    If you do not plan to get murano service from keystone application catalog,
    provide where murano-api service is running:
    .. code-block:: python
        ...
        MURANO_API_URL = 'http://localhost:8082'
    ..
 #.  Perform database synchronization.
    Optional step. Needed in case you set up database as a session backend.
    .. code-block:: console
        tox -e venv -- python manage.py migrate --noinput
    ..
    You can reply 'no' since for development purpose separate user is not needed.
 #.  Run Django server at 127.0.0.1:8000 or provide different IP and PORT parameters.
    .. code-block:: console
        tox -e venv -- python manage.py runserver <IP:PORT>
    ..
    Development server will be restarted automatically on every code change.
 #.  Open dashboard using url http://localhost:8000
 Import Murano Applications
 ==========================
 Applications need to be imported
 to fill the catalog. This can be done via the dashboard, and via CLI:
 1.  Clone the murano apps repository.
    .. code-block:: console
        cd ~/murano
        git clone git://git.openstack.org/openstack/murano-apps
    ..
 2.  Import every package you need from this repository, using the command
    below.
    .. code-block:: console
        cd ~/murano/murano
        pushd ../murano-apps/Docker/Applications/%APP-NAME%/package
        zip -r ~/murano/murano/app.zip *
        popd
        tox -e venv -- murano --murano-url http://localhost:8082 package-import app.zip
 .. include:: configure_network.rst
--- a/doc/source/install/prepare.rst
+++ b/doc/source/install/prepare.rst
@ -1,199 +0,0 @@
 ..
      Copyright 2014 2014 Mirantis, Inc.
      Licensed under the Apache License, Version 2.0 (the "License"); you may
      not use this file except in compliance with the License. You may obtain
      a copy of the License at
          http://www.apache.org/licenses/LICENSE-2.0
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
      WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
      License for the specific language governing permissions and limitations
      under the License.
 ========================
 Prepare A Lab For Murano
 ========================
 This section provides basic information about lab's system requirements.
 It also contains a description of a test which you may use to check if
 your hardware fits the requirements. To do this, run the test and
 compare the results with baseline data provided.
 System prerequisites
 =====================
 **Supported Operating Systems**
 * Ubuntu Server 12.04 LTS
 * RHEL/CentOS 6.4
 **System packages are required for Murano**
 *Ubuntu*
 * gcc
 * python-pip
 * python-dev
 * libxml2-dev
 * libxslt-dev
 * libffi-dev
 * libpq-dev
 * python-openssl
 * mysql-client
 *CentOS*
 * gcc
 * python-pip
 * python-devel
 * libxml2-devel
 * libxslt-devel
 * libffi-devel
 * postgresql-devel
 * pyOpenSSL
 * mysql
 Lab Requirements
 ================
 +------------+--------------------------------+----------------------+
 | Criteria   | Minimal                        | Recommended          |
 +============+================================+======================+
 | CPU        | 4 core @ 2.4 GHz               | 24 core @ 2.67 GHz   |
 +------------+--------------------------------+----------------------+
 | RAM        | 8 GB                           | 24 GB or more        |
 +------------+--------------------------------+----------------------+
 | HDD        | 2 x 500 GB (7200 rpm)          | 4 x 500 GB (7200 rpm |
 +------------+--------------------------------+----------------------+
 | RAID       | Software RAID-1 (use mdadm as  | Hardware RAID-10     |
 |            | it will improve read           |                      |
 |            | performance almost two times)  |                      |
 +------------+--------------------------------+----------------------+
 Table: Hardware requirements
 There are a few possible storage configurations except the shown above.
 All of them were tested and were working well.
 * 1x SSD 500+ GB
 * 1x HDD (7200 rpm) 500+ GB and 1x SSD 250+ GB (install the system onto
   the HDD and mount the SSD drive to folder where VM images are)
 * 1x HDD (15000 rpm) 500+ GB
 Test Your Lab Host Performance
 ==============================
 We have measured time required to boot 1 to 5 instances of Windows
 system simultaneously. You can use this data as the baseline to check if
 your system is fast enough.
 You should use sysprepped images for this test, to simulate VM first
 boot.
 Steps to reproduce test:
 1. Prepare Windows 2012 Standard (with GUI) image in QCOW2 format. Let's
   assume that its name is ws-2012-std.qcow2
 2. Ensure that there is NO KVM PROCESSES on the host. To do this, run
   command:
   ::
       ps aux | grep kvm
 3. Make 5 copies of Windows image file:
   ::
       for i in $(seq 5); do \
       cp ws-2012-std.qcow2 ws-2012-std-$i.qcow2; done
 4. Create script start-vm.sh in the folder with .qcow2 files:
   ::
       #!/bin/bash
       [ -z $1 ] || echo "VM count not provided!"; exit 1
       for i in $(seq $1); do
       echo "Starting VM $i ..."
       kvm -m 1024 -drive file=ws-2012-std-$i.qcow2,if=virtio -net user -net nic,model=virtio -nographic -usbdevice tablet -vnc :$i & done
 5. Start ONE instance with command below (as root) and measure time
   between VM’s launch and the moment when Server Manager window
   appears. To view VM’s desktop, connect with VNC viewer to your host
   to VNC screen :1 (port 5901):
   ::
       sudo ./start-vm.sh 1
 6. Turn VM off. You may simply kill all KVM processes by
   ::
       sudo killall kvm
 7. Start FIVE instances with command below (as root) and measure time
   interval between ALL VM’s launch and the moment when LAST Server Manager
   window appears. To view VM’s desktops, connect with VNC viewer to your
   host to VNC screens :1 thru :5 (ports 5901-5905):
   ::
       sudo ./start-vm.sh 5
 8. Turn VMs off. You may simply kill all KVM processes by
   ::
       sudo killall kvm
 Baseline Data
 =============
 The table below provides baseline data which we've got in our
 environment.
 **Avg. Time** refers to the lab with recommended hardware configuration,
 while **Max. Time** refers to minimal hardware configuration.
 +--------------------------+--------------------------+---------------------+
 |                          | Boot ONE instance        | Boot FIVE instances |
 +==========================+==========================+=====================+
 | Avg. Time                | 3m:40s                   | 8m                  |
 +--------------------------+--------------------------+---------------------+
 | Max. Time                | 5m                       | 20m                 |
 +--------------------------+--------------------------+---------------------+
 Host Optimizations
 ==================
 Default KVM installation could be improved to provide better
 performance.
 The following optimizations may improve host performance up to 30%:
 * change default scheduler from **CFQ** to **Deadline**
 * use **ksm**
 * use **vhost-net**
--- a/doc/source/install/ssl.rst
+++ b/doc/source/install/ssl.rst
@ -1,137 +0,0 @@
 ..
      Copyright 2014 2014 Mirantis, Inc.
      Licensed under the Apache License, Version 2.0 (the "License"); you may
      not use this file except in compliance with the License. You may obtain
      a copy of the License at
          http://www.apache.org/licenses/LICENSE-2.0
      Unless required by applicable law or agreed to in writing, software
      distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
      WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
      License for the specific language governing permissions and limitations
      under the License.
 =================
 SSL configuration
 =================
 Murano components are able to work with SSL. This chapter will help you
 to make proper settings with SSL configuration.
 HTTPS for Murano API
 ====================
 SSL for Murano API service can be configured in *ssl* section in
 ``/etc/murano/murano.conf``. Just point to a valid SSL certificate.
 See the example below:
 ::
    [ssl]
    cert_file = PATH
    key_file = PATH
    ca_file = PATH
 - *cert\_file*    Path to the certificate file the server should use when binding to an SSL-wrapped socket.
 - *key\_file*     Path to the private key file the server should use when binding to an SSL-wrapped socket.
 - *ca\_file*      Path to the CA certificate file the server should use to validate client certificates provided during an SSL handshake. This is ignored if cert\_file and "key\_file" are not set.
 The use of SSL is automatically started after point to HTTPS protocol
 instead of HTTP during registration Murano API service in endpoints
 (Change publicurl argument to start with \https://).
 SSL for Murano API is implemented like in any other OpenStack component.
 This realization is based on ssl python module so more information about
 it can be found `here`_.
 .. _`here`: https://docs.python.org/2/library/ssl.html
 SSL for RabbitMQ
 ================
 All Murano components communicate with each other by RabbitMQ. This
 interaction can be encrypted with SSL. By default all messages in Rabbit
 MQ are not encrypted. Each RabbitMQ Exchange should be configured
 separately.
 **Murano API <-> Rabbit MQ exchange <-> Murano Engine**
 Edit ssl parameters in default section of ``/etc/murano/murano.conf``. Set ``rabbit_use_ssl`` option to *true* and configure ssl kombu parameters.
 Specify the path to the SSL keyfile and SSL CA certificate in a regular format: /path/to/file without quotes or leave it empty to
 allow self-signed certificates.
 ::
   # connect over SSL for RabbitMQ (boolean value)
   #rabbit_use_ssl=false
   # SSL version to use (valid only if SSL enabled). valid values
   # are TLSv1, SSLv23 and SSLv3. SSLv2 may be available on some
   # distributions (string value)
   #kombu_ssl_version=
   # SSL key file (valid only if SSL enabled) (string value)
   #kombu_ssl_keyfile=
   # SSL cert file (valid only if SSL enabled) (string value)
   #kombu_ssl_certfile=
   # SSL certification authority file (valid only if SSL enabled)
   # (string value)
   #kombu_ssl_ca_certs=
 **Murano Agent -> Rabbit MQ exchange**
 In main murano configuration file there is a section ,named *rabbitmq*, that is responsible for set up communication between Murano Agent and Rabbit MQ.
 Just set *ssl* parameter to True to enable ssl.
 ::
    [rabbitmq]
    host = localhost
    port = 5672
    login = guest
    password = guest
    virtual_host = /
    ssl = True
    insecure = False
 If you want to configure Murano Agent in a different way change
 the default template. It can be found in Murano Core Library, located at *http://git.openstack.org/cgit/openstack/murano/tree/meta/io.murano/Resources/Agent-v1.template*. Take
 a look at appSettings section:
 ::
    <appSettings>
            <add key="rabbitmq.host" value="%RABBITMQ_HOST%"/>
            <add key="rabbitmq.port" value="%RABBITMQ_PORT%"/>
            <add key="rabbitmq.user" value="%RABBITMQ_USER%"/>
            <add key="rabbitmq.password" value="%RABBITMQ_PASSWORD%"/>
            <add key="rabbitmq.vhost" value="%RABBITMQ_VHOST%"/>
            <add key="rabbitmq.inputQueue" value="%RABBITMQ_INPUT_QUEUE%"/>
            <add key="rabbitmq.resultExchange" value=""/>
            <add key="rabbitmq.resultRoutingKey" value="%RESULT_QUEUE%"/>
            <add key="rabbitmq.durableMessages" value="true"/>
            <add key="rabbitmq.ssl" value="%RABBITMQ_SSL%"/>
            <add key="rabbitmq.allowInvalidCA" value="true"/>
            <add key="rabbitmq.sslServerName" value=""/>
        </appSettings>
 Desired parameter should be set directly to the value of the key that
 you want to change. Quotes are need to be kept. Thus you can change
 "rabbitmq.ssl" and "rabbitmq.port" values to make Rabbit MQ work with
 this exchange in a different from Murano-Engine way.
 After modification, don't forget to zip and re-upload core library.
 SSL for Murano Dashboard
 ========================
 If you are going not to use self-signed certificates additional
 configuration do not need to be done. Just point https in the URL.
 Otherwise, set *MURANO_API_INSECURE = True* on horizon config. You can
 find it in ``/etc/openstack-dashboard/local_settings.py.``.