Created working directory for Cloud Admin Guide RST conversion

1. Added config files and edited scripts to build the RST Cloud Admin Guide
2. Converted the identity management chapter to RST

Change-Id: I9ee53d5ad0d4b4ffaf228c7229364d6a84076721

doc-tools-check-languages.conf

@@ -35,4 +35,6 @@ declare -A SPECIAL_BOOKS=(
     ["user-guide"]="RST"
     ["user-guide-admin"]="RST"
     ["networking-guide"]="RST"
+    # Skip guide while it's moved to RST.
+    ["admin-guide-cloud-rst"]="skip"
 )

doc/admin-guide-cloud-rst/setup.cfg

@@ -0,0 +1,36 @@
+[metadata]
+name = openstackcloudadminguide
+summary = OpenStack Cloud Administrator Guide
+author = OpenStack
+author-email = openstack-docs@lists.openstack.org
+home-page = http://docs.openstack.org/
+classifier =
+Environment :: OpenStack
+Intended Audience :: Information Technology
+Intended Audience :: System Administrators
+License :: OSI Approved :: Apache Software License
+Operating System :: POSIX :: Linux
+Programming Language :: Python
+Programming Language :: Python :: 2
+Programming Language :: Python :: 2.6
+Programming Language :: Python :: 2.7
+Programming Language :: Python :: 3
+Programming Language :: Python :: 3.3
+Topic :: Documentation
+
+[global]
+setup-hooks =
+    pbr.hooks.setup_hook
+
+[files]
+
+[build_sphinx]
+all_files = 1
+build-dir = build
+source-dir = source
+
+[wheel]
+universal = 1
+
+[pbr]
+warnerrors = True

doc/admin-guide-cloud-rst/setup.py

@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
+import setuptools
+
+# In python < 2.7.4, a lazy loading of package `pbr` will break
+# setuptools if some other modules registered functions in `atexit`.
+# solution from: http://bugs.python.org/issue15881#msg170215
+try:
+    import multiprocessing  # noqa
+except ImportError:
+    pass
+
+setuptools.setup(
+    setup_requires=['pbr'],
+    pbr=True)

doc/admin-guide-cloud-rst/source/common

@@ -0,0 +1 @@
+../../common-rst

doc/admin-guide-cloud-rst/source/conf.py

@@ -0,0 +1,299 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+#    http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import os
+# import sys
+
+
+import openstackdocstheme
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+# sys.path.insert(0, os.path.abspath('.'))
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+# TODO(ajaeger): enable PDF building, for example add 'rst2pdf.pdfbuilder'
+# extensions =
+
+# Add any paths that contain templates here, relative to this directory.
+# templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+# source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'Cloud Administrator Guide'
+
+copyright = u'2015, OpenStack contributors'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = '1.0.0'
+# The full version, including alpha/beta/rc tags.
+release = '1.0.0'
+
+# We ask git for the SHA checksum
+# The git SHA checksum is used by "log-a-bug"
+git_cmd = "/usr/bin/git log | head -n1 | cut -f2 -d' '"
+gitsha = os.popen(git_cmd).read().strip('\n')
+# source tree
+pwd = os.popen("pwd").read().strip('\n')
+# html_context allows us to pass arbitrary values into the html template
+html_context = {"pwd": pwd, "gitsha": gitsha}
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+# language = None
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+# today = ''
+# Else, today_fmt is used as the format for a strftime call.
+# today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['common/cli*', 'common/log_in_dashboard.rst']
+
+# The reST default role (used for this markup: `text`) to use for all
+# documents.
+# default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+# add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+# add_module_names = True
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+# show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+# modindex_common_prefix = []
+
+# If true, keep warnings as "system message" paragraphs in the built documents.
+# keep_warnings = False
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages.  See the documentation for
+# a list of builtin themes.
+html_theme = 'openstackdocs'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further.  For a list of options available for each theme, see the
+# documentation.
+# html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+html_theme_path = [openstackdocstheme.get_html_theme_path()]
+
+# The name for this set of Sphinx documents.  If None, it defaults to
+# "<project> v<release> documentation".
+# html_title = None
+
+# A shorter title for the navigation bar.  Default is the same as html_title.
+# html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+# html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs.  This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+# html_favicon = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+# html_static_path = []
+
+# Add any extra paths that contain custom files (such as robots.txt or
+# .htaccess) here, relative to this directory. These files are copied
+# directly to the root of the documentation.
+# html_extra_path = []
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+# So that we can enable "log-a-bug" links from each output HTML page, this
+# variable must be set to a format that includes year, month, day, hours and
+# minutes.
+html_last_updated_fmt = '%Y-%m-%d %H:%M'
+
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+# html_use_smartypants = True
+
+# Custom sidebar templates, maps document names to template names.
+# html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+# html_additional_pages = {}
+
+# If false, no module index is generated.
+# html_domain_indices = True
+
+# If false, no index is generated.
+html_use_index = False
+
+# If true, the index is split into individual pages for each letter.
+# html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+# This one is needed for "Report a bug".
+# html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+# html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+# html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a <link> tag referring to it.  The value of this option must be the
+# base URL from which the finished HTML is served.
+# html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+# html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'admin-guide-cloud'
+
+# If true, publish source files
+# html_copy_source = True
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+    # The paper size ('letterpaper' or 'a4paper').
+    # 'papersize': 'letterpaper',
+
+    # The font size ('10pt', '11pt' or '12pt').
+    # 'pointsize': '10pt',
+
+    # Additional stuff for the LaTeX preamble.
+    # 'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+#  author, documentclass [howto, manual, or own class]).
+latex_documents = [
+    ('index', 'CloudAdminGuide.tex', u'Cloud Administrator Guide',
+     u'OpenStack contributors', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+# latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+# latex_use_parts = False
+
+# If true, show page references after internal links.
+# latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+# latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+# latex_appendices = []
+
+# If false, no module index is generated.
+# latex_domain_indices = True
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+    ('index', 'cloudadminguide', u'Cloud Administrator Guide',
+     [u'OpenStack contributors'], 1)
+]
+
+# If true, show URL addresses after external links.
+# man_show_urls = False
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+#  dir menu entry, description, category)
+texinfo_documents = [
+    ('index', 'CloudAdminGuide', u'Cloud Administrator Guide',
+     u'OpenStack contributors', 'CloudAdminGuide',
+     'This guide shows OpenStack end users how to create and manage resources '
+     'in an OpenStack cloud with the OpenStack dashboard and OpenStack client '
+     'commands.', 'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+# texinfo_appendices = []
+
+# If false, no module index is generated.
+# texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+# texinfo_show_urls = 'footnote'
+
+# If true, do not generate a @detailmenu in the "Top" node's menu.
+# texinfo_no_detailmenu = False
+
+# -- Options for Internationalization output ------------------------------
+locale_dirs = ['locale/']
+
+# -- Options for PDF output --------------------------------------------------
+
+pdf_documents = [
+    ('index', u'CloudAdminGuide', u'Cloud Adminstrator Guide',
+     u'OpenStack contributors')
+]

doc/admin-guide-cloud-rst/source/identity_management.rst

@@ -0,0 +1,341 @@
+===================
+Identity management
+===================
+
+OpenStack Identity, code-named keystone, is the default identity
+management system for OpenStack. After you install Identity, you
+configure it through the :file:`etc/keystone.conf` configuration file and,
+possibly, a separate logging configuration file. You initialize data
+into Identity by using the ``keystone`` command-line client.
+
+Identity concepts
+~~~~~~~~~~~~~~~~~
+
+.. TODO (DC) Convert the following common files and include(?) them under the
+   identity concepts section:
+   /common/section_keystone-concepts-user-management.xml
+   /common/section_keystone-concepts-service-management.xml
+   /common/section_keystone-concepts-group-management.xml
+
+.. TODO (DC) Convert the following common files and include(?) them as
+   sections:
+   /common/section_keystone_certificates-for-pki.xml
+   /common/section_keystone-ssl-config.xml
+   /common/section_keystone-external-auth.xml
+   /common/section_keystone_config_ldap.xml
+   identity/section_keystone-token-binding.xml
+   identity/section_keystone-trusts.xml
+   identity/section_caching-layer.xml
+
+User CRUD
+~~~~~~~~~
+
+Identity provides a user CRUD (Create, Read, Update, and Delete) filter
+that can be added to the ``public_api`` pipeline. The user CRUD filter
+enables users to use a HTTP PATCH to change their own password. To
+enable this extension you should define a :code:`user_crud_extension`
+filter, insert it after the "option:`*_body` middleware and before the
+``public_service`` application in the ``public_api`` WSGI pipeline in
+:file:`keystone-paste.ini`. For example:
+
+.. code-block:: ini
+   :linenos:
+
+    [filter:user_crud_extension]
+    paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
+
+    [pipeline:public_api]
+    pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
+
+Each user can then change their own password with a HTTP PATCH::
+
+    $ curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/USERID -H "Content-type: application/json"  \
+      -H "X_Auth_Token: AUTHTOKENID" -d '{"user": {"password": "ABCD", "original_password": "DCBA"}}'
+
+In addition to changing their password, all current tokens for the user
+are invalidated.
+
+.. note::
+
+    Only use a KVS back end for tokens when testing.
+
+Logging
+~~~~~~~
+
+You configure logging externally to the rest of Identity. The name of
+the file specifying the logging configuration is set using the
+``log_config`` option in the ``[DEFAULT]`` section of the
+:file:`keystone.conf` file. To route logging through syslog, set
+``use_syslog=true`` in the ``[DEFAULT]`` section.
+
+A sample logging configuration file is available with the project in
+:file:`etc/logging.conf.sample`. Like other OpenStack projects, Identity
+uses the Python logging module, which provides extensive configuration
+options that let you define the output levels and formats.
+
+Start the Identity services
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To start the services for Identity, run the following command:
+
+.. code::
+
+    $ keystone-all
+
+This command starts two wsgi.Server instances configured by the
+:file:`keystone.conf` file as described previously. One of these wsgi
+servers is :code:`admin` (the administration API) and the other is :code:`main` (the primary/public API interface). Both run in a single
+process.
+
+Example usage
+~~~~~~~~~~~~~
+
+The ``keystone`` client is set up to expect commands in the general
+form of ``keystone command argument``, followed by flag-like keyword
+arguments to provide additional (often optional) information. For
+example, the :command:`user-list` and :command:`tenant-create`
+commands can be invoked as follows:
+
+.. code-block:: bash
+   :linenos:
+
+    # Using token auth env variables
+    export OS_SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
+    export OS_SERVICE_TOKEN=secrete_token
+    keystone user-list
+    keystone tenant-create --name demo
+
+    # Using token auth flags
+    keystone --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ user-list
+    keystone --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ tenant-create --name=demo
+
+    # Using user + password + project_name env variables
+    export OS_USERNAME=admin
+    export OS_PASSWORD=secrete
+    export OS_PROJECT_NAME=admin
+    openstack user list
+    openstack project create demo
+
+    # Using user + password + project-name flags
+    openstack --os-username admin --os-password secrete --os-project-name admin user list
+    openstack --os-username admin --os-password secrete --os-project-name admin project create demo
+
+Authentication middleware with user name and password
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can also configure Identity authentication middleware using the
+:code:`admin_user` and :code:`admin_password` options.
+
+.. note::
+
+    The :code:`admin_token` option is deprecated and no longer used for
+    configuring auth_token middleware.
+
+For services that have a separate paste-deploy :file:`.ini` file, you can
+configure the authentication middleware in the ``[keystone_authtoken]``
+section of the main configuration file, such as :file:`nova.conf`. In
+Compute, for example, you can remove the middleware parameters from
+:file:`api-paste.ini`, as follows:
+
+.. code:: ini
+
+    [filter:authtoken]
+    paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+.. note::
+
+    Prior to the Juno release, ``the auth_token`` middleware was in
+    ``python-keystoneclient``. The ``filter_factory`` must be set to
+    ``keystoneclient.middleware.auth_token:filter_factory`` in those
+    releases.
+
+And set the following values in :file:`nova.conf` as follows:
+
+.. code:: ini
+
+    [DEFAULT]
+    ...
+    auth_strategy=keystone
+
+    [keystone_authtoken]
+    auth_uri = http://controller:5000/v2.0
+    identity_uri = http://controller:35357
+    admin_user = admin
+    admin_password = SuperSekretPassword
+    admin_tenant_name = service
+
+.. note::
+
+    The middleware parameters in the paste config take priority. You
+    must remove them to use the values in the ``[keystone_authtoken]``
+    section.
+
+.. note::
+
+    Comment out any :code:`auth_host`, :code:`auth_port`, and
+    :code:`auth_protocol` options because the :code:`identity_uri` option
+    replaces them.
+
+This sample paste config filter makes use of the :code:`admin_user` and
+:code:`admin_password` options:
+
+.. code:: ini
+
+    [filter:authtoken]
+    paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+    auth_uri = http://controller:5000/v2.0
+    identity_uri = http://controller:35357
+    auth_token = 012345SECRET99TOKEN012345
+    admin_user = admin
+    admin_password = keystone123
+
+.. note::
+
+    Using this option requires an admin tenant/role relationship. The
+    admin user is granted access to the admin role on the admin tenant.
+
+.. note::
+
+    Comment out any ``auth_host``, ``auth_port``, and
+    ``auth_protocol`` options because the ``identity_uri`` option
+    replaces them.
+
+.. note::
+
+    Prior to the Juno release, the ``auth_token middleware`` was in
+    ``python-keystoneclient``. The ``filter_factory`` must be set to
+    ``keystoneclient.middleware.auth_token:filter_factory`` in those
+    releases.
+
+Identity API protection with role-based access control (RBAC)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Like most OpenStack projects, Identity supports the protection of its
+APIs by defining policy rules based on an RBAC approach. Identity stores
+a reference to a policy JSON file in the main Identity configuration
+file, :file:`keystone.conf`. Typically this file is named ``policy.json``,
+and contains the rules for which roles have access to certain actions
+in defined services.
+
+Each Identity API v3 call has a line in the policy file that dictates
+which level of governance of access applies.
+
+.. code:: ini
+
+    API_NAME: RULE_STATEMENT or MATCH_STATEMENT
+
+Where:
+
+``RULE_STATEMENT`` can contain ``RULE_STATEMENT`` or
+``MATCH_STATEMENT``.
+
+``MATCH_STATEMENT`` is a set of identifiers that must match between the
+token provided by the caller of the API and the parameters or target
+entities of the API call in question. For example:
+
+.. code:: ini
+
+    "identity:create_user": [["role:admin", "domain_id:%(user.domain_id)s"]]
+
+Indicates that to create a user, you must have the admin role in your
+token. The :code:`domain_id` in your token must match the
+:code:`domain_id` in the user object that you are trying
+to create, which implies this must be a domain-scoped token.
+In other words, you must have the admin role on the domain
+in which you are creating the user, and the token that you use
+must be scoped to that domain.
+
+Each component of a match statement uses this format:
+
+.. code:: ini
+
+    ATTRIB_FROM_TOKEN:CONSTANT or ATTRIB_RELATED_TO_API_CALL
+
+The Identity service expects these attributes:
+
+Attributes from token:
+
+- ``user_id``
+- ``domain_id``
+- ``project_id``
+
+The ``project_id`` attribute requirement depends on the scope, and the
+list of roles you have within that scope.
+
+Attributes related to API call:
+
+- ``user.domain_id``
+- Any parameters passed into the API call
+- Any filters specified in the query string
+
+You reference attributes of objects passed with an object.attribute
+syntax (such as, ``user.domain_id``). The target objects of an API are
+also available using a target.object.attribute syntax. For instance:
+
+.. code:: ini
+
+    "identity:delete_user": [["role:admin", "domain_id:%(target.user.domain_id)s"]]
+
+would ensure that Identity only deletes the user object in the same
+domain as the provided token.
+
+Every target object has an ``id`` and a ``name`` available as
+``target.OBJECT.id`` and ``target.OBJECT.name``. Identity retrieves
+other attributes from the database, and the attributes vary between
+object types. The Identity service filters out some database fields,
+such as user passwords.
+
+List of object attributes:
+
+.. code-block:: ini
+   :linenos:
+
+    role:
+         target.role.id
+         target.role.name
+
+     user:
+         target.user.default_project_id
+         target.user.description
+         target.user.domain_id
+         target.user.enabled
+         target.user.id
+         target.user.name
+
+     group:
+         target.group.description
+         target.group.domain_id
+         target.group.id
+         target.group.name
+
+     domain:
+         target.domain.enabled
+         target.domain.id
+         target.domain.name
+
+     project:
+         target.project.description
+         target.project.domain_id
+         target.project.enabled
+         target.project.id
+         target.project.name
+
+The default :file:`policy.json` file supplied provides a somewhat
+basic example of API protection, and does not assume any particular
+use of domains. Refer to :file:`policy.v3cloudsample.json` as an
+example of multi-domain configuration installations where a cloud
+provider wants to delegate administration of the contents of a domain
+to a particular :code:`admin domain`. This example policy file also
+shows the use of an :code:`admin_domain` to allow a cloud provider to
+enable cloud administrators to have wider access across the APIs.
+
+A clean installation could start with the standard policy file, to
+allow creation of the :code:`admin_domain` with the first users within
+it. You could then obtain the :code:`domain_id` of the admin domain,
+paste the ID into a modified version of
+:file:`policy.v3cloudsample.json`, and then enable it as the main
+policy file.
+
+.. TODO (DC) Convert the following file and include(?) it as
+   a section:
+   /common/section_identity-troubleshooting.xml

doc/admin-guide-cloud-rst/source/index.rst

@@ -0,0 +1,31 @@
+===================================
+OpenStack Cloud Administrator Guide
+===================================
+
+Abstract
+~~~~~~~~
+
+OpenStack offers open source software for cloud administrators to manage and troubleshoot an OpenStack cloud.
+
+This guide documents OpenStack Kilo, OpenStack Juno, and OpenStack
+Icehouse releases.
+
+Contents
+~~~~~~~~
+
+.. toctree::
+   :maxdepth: 2
+
+   identity_management.rst
+   common/app_support.rst
+   common/glossary.rst
+
+.. TODO (DC)
+   Add get_started_with_openstack.rst and format the table :/
+   Add preface.rst
+   Add chapter files
+
+Search in this guide
+~~~~~~~~~~~~~~~~~~~~
+
+* :ref:`search`

tools/build-user-guides.sh

@@ -3,3 +3,4 @@
 tools/build-rst.sh doc/user-guide --glossary --build build
 # No need to build the glossary again here.
 tools/build-rst.sh doc/user-guide-admin --build build
+tools/build-rst.sh doc/admin-guide-cloud-rst --build build

tools/publishdocs.sh

@@ -51,6 +51,12 @@ for guide in user-guide user-guide-admin networking-guide; do
     GLOSSARY=""
 done
 
+# Draft guides
+for guide in admin-guide-cloud-rst; do
+    tools/build-rst.sh doc/$guide --build build \
+        --target "draft/$guide"
+done
+
 # Build the www pages so that openstack-doc-test creates a link to
 # www/www-index.html.
 if [ "$PUBLISH" = "build" ] ; then