Merge "Add doc"
|
@ -0,0 +1,181 @@
|
|||
# Makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line.
|
||||
SPHINXOPTS =
|
||||
SPHINXBUILD = sphinx-build
|
||||
PAPER =
|
||||
BUILDDIR = build
|
||||
|
||||
# User-friendly check for sphinx-build
|
||||
ifeq ($(shell which $(SPHINXBUILD) >/dev/null 2>&1; echo $$?), 1)
|
||||
$(error The '$(SPHINXBUILD)' command was not found. Make sure you have Sphinx installed, then set the SPHINXBUILD environment variable to point to the full path of the '$(SPHINXBUILD)' executable. Alternatively you can add the directory with the executable to your PATH. If you don't have Sphinx installed, grab it from http://sphinx-doc.org/)
|
||||
endif
|
||||
|
||||
# Internal variables.
|
||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||
PAPEROPT_letter = -D latex_paper_size=letter
|
||||
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
# the i18n builder cannot share the environment and doctrees with the others
|
||||
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
|
||||
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext lifehtml
|
||||
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " html to make standalone HTML files"
|
||||
@echo " dirhtml to make HTML files named index.html in directories"
|
||||
@echo " singlehtml to make a single large HTML file"
|
||||
@echo " pickle to make pickle files"
|
||||
@echo " json to make JSON files"
|
||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||
@echo " qthelp to make HTML files and a qthelp project"
|
||||
@echo " devhelp to make HTML files and a Devhelp project"
|
||||
@echo " epub to make an epub"
|
||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
||||
@echo " latexpdfja to make LaTeX files and run them through platex/dvipdfmx"
|
||||
@echo " text to make text files"
|
||||
@echo " man to make manual pages"
|
||||
@echo " texinfo to make Texinfo files"
|
||||
@echo " info to make Texinfo files and run them through makeinfo"
|
||||
@echo " gettext to make PO message catalogs"
|
||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||
@echo " xml to make Docutils-native XML files"
|
||||
@echo " pseudoxml to make pseudoxml-XML files for display purposes"
|
||||
@echo " linkcheck to check all external links for integrity"
|
||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||
@echo " livehtml to run html server"
|
||||
|
||||
clean:
|
||||
rm -rf $(BUILDDIR)/*
|
||||
|
||||
html:
|
||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||
|
||||
dirhtml:
|
||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||
|
||||
singlehtml:
|
||||
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
||||
|
||||
pickle:
|
||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||
@echo
|
||||
@echo "Build finished; now you can process the pickle files."
|
||||
|
||||
json:
|
||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||
@echo
|
||||
@echo "Build finished; now you can process the JSON files."
|
||||
|
||||
htmlhelp:
|
||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||
|
||||
qthelp:
|
||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/VPNaaSPluginforFuel.qhcp"
|
||||
@echo "To view the help file:"
|
||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/VPNaaSPluginforFuel.qhc"
|
||||
|
||||
devhelp:
|
||||
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
||||
@echo
|
||||
@echo "Build finished."
|
||||
@echo "To view the help file:"
|
||||
@echo "# mkdir -p $$HOME/.local/share/devhelp/VPNaaSPluginforFuel"
|
||||
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/VPNaaSPluginforFuel"
|
||||
@echo "# devhelp"
|
||||
|
||||
epub:
|
||||
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
||||
@echo
|
||||
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
||||
|
||||
latex:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo
|
||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
||||
"(use \`make latexpdf' here to do that automatically)."
|
||||
|
||||
latexpdf:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through pdflatex..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
latexpdfja:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through platex and dvipdfmx..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf-ja
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
text:
|
||||
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
||||
@echo
|
||||
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
||||
|
||||
man:
|
||||
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
||||
@echo
|
||||
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
||||
|
||||
texinfo:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo
|
||||
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
||||
@echo "Run \`make' in that directory to run these through makeinfo" \
|
||||
"(use \`make info' here to do that automatically)."
|
||||
|
||||
info:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo "Running Texinfo files through makeinfo..."
|
||||
make -C $(BUILDDIR)/texinfo info
|
||||
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
||||
|
||||
gettext:
|
||||
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
||||
@echo
|
||||
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
||||
|
||||
changes:
|
||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||
@echo
|
||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||
|
||||
linkcheck:
|
||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||
@echo
|
||||
@echo "Link check complete; look for any errors in the above output " \
|
||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||
|
||||
doctest:
|
||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||
@echo "Testing of doctests in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/doctest/output.txt."
|
||||
|
||||
xml:
|
||||
$(SPHINXBUILD) -b xml $(ALLSPHINXOPTS) $(BUILDDIR)/xml
|
||||
@echo
|
||||
@echo "Build finished. The XML files are in $(BUILDDIR)/xml."
|
||||
|
||||
pseudoxml:
|
||||
$(SPHINXBUILD) -b pseudoxml $(ALLSPHINXOPTS) $(BUILDDIR)/pseudoxml
|
||||
@echo
|
||||
@echo "Build finished. The pseudo-XML files are in $(BUILDDIR)/pseudoxml."
|
||||
|
||||
livehtml:
|
||||
sphinx-autobuild -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
After Width: | Height: | Size: 90 KiB |
After Width: | Height: | Size: 17 KiB |
After Width: | Height: | Size: 27 KiB |
After Width: | Height: | Size: 48 KiB |
After Width: | Height: | Size: 125 KiB |
After Width: | Height: | Size: 20 KiB |
After Width: | Height: | Size: 27 KiB |
After Width: | Height: | Size: 33 KiB |
After Width: | Height: | Size: 28 KiB |
After Width: | Height: | Size: 38 KiB |
After Width: | Height: | Size: 26 KiB |
After Width: | Height: | Size: 89 KiB |
After Width: | Height: | Size: 29 KiB |
After Width: | Height: | Size: 24 KiB |
After Width: | Height: | Size: 32 KiB |
After Width: | Height: | Size: 34 KiB |
After Width: | Height: | Size: 91 KiB |
After Width: | Height: | Size: 29 KiB |
After Width: | Height: | Size: 234 KiB |
After Width: | Height: | Size: 50 KiB |
After Width: | Height: | Size: 93 KiB |
|
@ -0,0 +1,12 @@
|
|||
Appendix
|
||||
--------
|
||||
|
||||
+----+----------------------------+-------------------------------------------------------------------------------------------------+
|
||||
| # | Title of resource | Link on resource |
|
||||
+====+============================+=================================================================================================+
|
||||
| 1 | Fuel Plugins CLI | `Link <https://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#fuel-plugins-cli/>`_ |
|
||||
+----+----------------------------+-------------------------------------------------------------------------------------------------+
|
||||
| 2 | Mirantis OpenStack Express | `Link <https://www.mirantis.com/blog/mirantis-openstack-express-vpn-service-vpnaas-step-step/>`_|
|
||||
| | VPN-as-a-Service (VPNaaS) | |
|
||||
| | Step-By-Step | |
|
||||
+----+----------------------------+-------------------------------------------------------------------------------------------------+
|
|
@ -0,0 +1,340 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
#
|
||||
# fuel-plugin-vpnaas documentation build configuration file, created by
|
||||
# sphinx-quickstart on Wed Oct 7 12:48:35 2015.
|
||||
#
|
||||
# This file is execfile()d with the current directory set to its
|
||||
# containing dir.
|
||||
#
|
||||
# Note that not all possible configuration values are present in this
|
||||
# autogenerated file.
|
||||
#
|
||||
# All configuration values have a default; values that are commented out
|
||||
# serve to show the default.
|
||||
|
||||
import sys
|
||||
import os
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
#sys.path.insert(0, os.path.abspath('.'))
|
||||
|
||||
# -- General configuration ------------------------------------------------
|
||||
|
||||
# If your documentation needs a minimal Sphinx version, state it here.
|
||||
#needs_sphinx = '1.0'
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
|
||||
# ones.
|
||||
extensions = [
|
||||
# 'sphinx.ext.todo',
|
||||
# 'sphinx.ext.coverage',
|
||||
]
|
||||
|
||||
# Add any paths that contain templates here, relative to this directory.
|
||||
templates_path = ['_templates']
|
||||
|
||||
# The suffix of source filenames.
|
||||
source_suffix = '.rst'
|
||||
|
||||
# The encoding of source files.
|
||||
#source_encoding = 'utf-8-sig'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = u'The VPNaaS plugin for Fuel'
|
||||
copyright = u'2015, Mirantis Inc.'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
# built documents.
|
||||
#
|
||||
# The short X.Y version.
|
||||
version = '2.0-2.0.0-2'
|
||||
# The full version, including alpha/beta/rc tags.
|
||||
release = '2.0-2.0.0-2'
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
#language = None
|
||||
|
||||
# There are two options for replacing |today|: either, you set today to some
|
||||
# non-false value, then it is used:
|
||||
#today = ''
|
||||
# Else, today_fmt is used as the format for a strftime call.
|
||||
#today_fmt = '%B %d, %Y'
|
||||
|
||||
# List of patterns, relative to source directory, that match files and
|
||||
# directories to ignore when looking for source files.
|
||||
exclude_patterns = []
|
||||
|
||||
# The reST default role (used for this markup: `text`) to use for all
|
||||
# documents.
|
||||
#default_role = None
|
||||
|
||||
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||
#add_function_parentheses = True
|
||||
|
||||
# If true, the current module name will be prepended to all description
|
||||
# unit titles (such as .. function::).
|
||||
#add_module_names = True
|
||||
|
||||
# If true, sectionauthor and moduleauthor directives will be shown in the
|
||||
# output. They are ignored by default.
|
||||
#show_authors = False
|
||||
|
||||
# The name of the Pygments (syntax highlighting) style to use.
|
||||
pygments_style = 'sphinx'
|
||||
|
||||
# A list of ignored prefixes for module index sorting.
|
||||
#modindex_common_prefix = []
|
||||
|
||||
# If true, keep warnings as "system message" paragraphs in the built documents.
|
||||
#keep_warnings = False
|
||||
|
||||
|
||||
# -- Options for HTML output ----------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
html_theme = 'default'
|
||||
|
||||
# Theme options are theme-specific and customize the look and feel of a theme
|
||||
# further. For a list of options available for each theme, see the
|
||||
# documentation.
|
||||
#html_theme_options = {}
|
||||
|
||||
# Add any paths that contain custom themes here, relative to this directory.
|
||||
#html_theme_path = []
|
||||
|
||||
# The name for this set of Sphinx documents. If None, it defaults to
|
||||
# "<project> v<release> documentation".
|
||||
#html_title = None
|
||||
|
||||
# A shorter title for the navigation bar. Default is the same as html_title.
|
||||
#html_short_title = None
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top
|
||||
# of the sidebar.
|
||||
#html_logo = None
|
||||
|
||||
# The name of an image file (within the static path) to use as favicon of the
|
||||
# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
|
||||
# pixels large.
|
||||
#html_favicon = None
|
||||
|
||||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
html_static_path = ['_static']
|
||||
|
||||
# Add any extra paths that contain custom files (such as robots.txt or
|
||||
# .htaccess) here, relative to this directory. These files are copied
|
||||
# directly to the root of the documentation.
|
||||
#html_extra_path = []
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
#html_last_updated_fmt = '%b %d, %Y'
|
||||
|
||||
# If true, SmartyPants will be used to convert quotes and dashes to
|
||||
# typographically correct entities.
|
||||
#html_use_smartypants = True
|
||||
|
||||
# Custom sidebar templates, maps document names to template names.
|
||||
#html_sidebars = {}
|
||||
|
||||
# Additional templates that should be rendered to pages, maps page names to
|
||||
# template names.
|
||||
#html_additional_pages = {}
|
||||
|
||||
# If false, no module index is generated.
|
||||
#html_domain_indices = True
|
||||
|
||||
# If false, no index is generated.
|
||||
#html_use_index = True
|
||||
|
||||
# If true, the index is split into individual pages for each letter.
|
||||
#html_split_index = False
|
||||
|
||||
# If true, links to the reST sources are added to the pages.
|
||||
#html_show_sourcelink = True
|
||||
|
||||
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
|
||||
#html_show_sphinx = True
|
||||
|
||||
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
|
||||
#html_show_copyright = True
|
||||
|
||||
# If true, an OpenSearch description file will be output, and all pages will
|
||||
# contain a <link> tag referring to it. The value of this option must be the
|
||||
# base URL from which the finished HTML is served.
|
||||
#html_use_opensearch = ''
|
||||
|
||||
# This is the file name suffix for HTML files (e.g. ".xhtml").
|
||||
#html_file_suffix = None
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = 'fuel-plugin-vpnaas-doc'
|
||||
|
||||
|
||||
# -- Options for LaTeX output ---------------------------------------------
|
||||
|
||||
latex_elements = {
|
||||
# The paper size ('letterpaper' or 'a4paper').
|
||||
#'papersize': 'letterpaper',
|
||||
|
||||
# The font size ('10pt', '11pt' or '12pt').
|
||||
#'pointsize': '10pt',
|
||||
|
||||
# Additional stuff for the LaTeX preamble.
|
||||
#'preamble': '',
|
||||
}
|
||||
|
||||
# Grouping the document tree into LaTeX files. List of tuples
|
||||
# (source start file, target name, title,
|
||||
# author, documentclass [howto, manual, or own class]).
|
||||
latex_documents = [
|
||||
('index', 'fuel-plugin-vpnaas.tex', u'The VPNaaS Plugin for Fuel Documentation',
|
||||
u'Mirantis Inc.', 'manual'),
|
||||
]
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top of
|
||||
# the title page.
|
||||
#latex_logo = None
|
||||
|
||||
# For "manual" documents, if this is true, then toplevel headings are parts,
|
||||
# not chapters.
|
||||
#latex_use_parts = False
|
||||
|
||||
# If true, show page references after internal links.
|
||||
#latex_show_pagerefs = False
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#latex_show_urls = False
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#latex_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#latex_domain_indices = True
|
||||
|
||||
# make latex stop printing blank pages between sections
|
||||
# http://stackoverflow.com/questions/5422997/sphinx-docs-remove-blank-pages-from-generated-pdfs
|
||||
latex_elements = { 'classoptions': ',openany,oneside', 'babel' : '\\usepackage[english]{babel}' }
|
||||
|
||||
|
||||
# -- Options for manual page output ---------------------------------------
|
||||
|
||||
# One entry per manual page. List of tuples
|
||||
# (source start file, name, description, authors, manual section).
|
||||
man_pages = [
|
||||
('index', 'fuel-plugin-vpnaas', u'Guide to the VPNaaS Plugin ver. 2.0-2.0.0-2 for Fuel',
|
||||
[u'Mirantis Inc.'], 1)
|
||||
]
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#man_show_urls = False
|
||||
|
||||
|
||||
# -- Options for Texinfo output -------------------------------------------
|
||||
|
||||
# Grouping the document tree into Texinfo files. List of tuples
|
||||
# (source start file, target name, title, author,
|
||||
# dir menu entry, description, category)
|
||||
texinfo_documents = [
|
||||
('index', 'fuel-plugin-vpnaas', u'The VPNaaS Plugin for Fuel Documentation',
|
||||
u'Mirantis Inc.', 'fuel-plugin-vpnaas', 'The VPNaaS Plugin for Fuel Documentation',
|
||||
'Miscellaneous'),
|
||||
]
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#texinfo_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#texinfo_domain_indices = True
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
#texinfo_show_urls = 'footnote'
|
||||
|
||||
# If true, do not generate a @detailmenu in the "Top" node's menu.
|
||||
#texinfo_no_detailmenu = False
|
||||
|
||||
# Insert footnotes where they are defined instead of
|
||||
# at the end.
|
||||
pdf_inline_footnotes = True
|
||||
|
||||
|
||||
|
||||
# -- Options for Epub output ----------------------------------------------
|
||||
|
||||
# Bibliographic Dublin Core info.
|
||||
epub_title = u'The VPNaaS Plugin for Fuel'
|
||||
epub_author = u'Mirantis Inc.'
|
||||
epub_publisher = u'Mirantis Inc.'
|
||||
epub_copyright = u'2015, Mirantis Inc.'
|
||||
|
||||
# The basename for the epub file. It defaults to the project name.
|
||||
#epub_basename = u'fuel-plugin-openbook'
|
||||
|
||||
# The HTML theme for the epub output. Since the default themes are not optimized
|
||||
# for small screen space, using the same theme for HTML and epub output is
|
||||
# usually not wise. This defaults to 'epub', a theme designed to save visual
|
||||
# space.
|
||||
#epub_theme = 'epub'
|
||||
|
||||
# The language of the text. It defaults to the language option
|
||||
# or en if the language is not set.
|
||||
#epub_language = ''
|
||||
|
||||
# The scheme of the identifier. Typical schemes are ISBN or URL.
|
||||
#epub_scheme = ''
|
||||
|
||||
# The unique identifier of the text. This can be a ISBN number
|
||||
# or the project homepage.
|
||||
#epub_identifier = ''
|
||||
|
||||
# A unique identification for the text.
|
||||
#epub_uid = ''
|
||||
|
||||
# A tuple containing the cover image and cover page html template filenames.
|
||||
#epub_cover = ()
|
||||
|
||||
# A sequence of (type, uri, title) tuples for the guide element of content.opf.
|
||||
#epub_guide = ()
|
||||
|
||||
# HTML files that should be inserted before the pages created by sphinx.
|
||||
# The format is a list of tuples containing the path and title.
|
||||
#epub_pre_files = []
|
||||
|
||||
# HTML files shat should be inserted after the pages created by sphinx.
|
||||
# The format is a list of tuples containing the path and title.
|
||||
#epub_post_files = []
|
||||
|
||||
# A list of files that should not be packed into the epub file.
|
||||
epub_exclude_files = ['search.html']
|
||||
|
||||
# The depth of the table of contents in toc.ncx.
|
||||
#epub_tocdepth = 3
|
||||
|
||||
# Allow duplicate toc entries.
|
||||
#epub_tocdup = True
|
||||
|
||||
# Choose between 'default' and 'includehidden'.
|
||||
#epub_tocscope = 'default'
|
||||
|
||||
# Fix unsupported image types using the PIL.
|
||||
#epub_fix_images = False
|
||||
|
||||
# Scale large images.
|
||||
#epub_max_image_width = 0
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
#epub_show_urls = 'inline'
|
||||
|
||||
# If false, no index is generated.
|
||||
#epub_use_index = True
|
|
@ -0,0 +1,21 @@
|
|||
.. fuel-plugin-vpnaas-doc master file, created by
|
||||
sphinx-quickstart on Mon Nov 16 09:11:57 2015.
|
||||
You can adapt this file completely to your liking, but it should at least
|
||||
contain the root `toctree` directive.
|
||||
|
||||
Welcome to VPNaaS Plugin for Fuel's documentation!
|
||||
=================================================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 4
|
||||
|
||||
overview
|
||||
installation_guide
|
||||
user_guide
|
||||
appendix
|
||||
|
||||
|
||||
Indices and tables
|
||||
==================
|
||||
|
||||
* :ref:`search`
|
|
@ -0,0 +1,51 @@
|
|||
.. _installation:
|
||||
|
||||
Installation Guide
|
||||
-------------------
|
||||
|
||||
Installing VPNaaS plugin
|
||||
++++++++++++++++++++++++
|
||||
|
||||
|
||||
#. Download the plugin from `Fuel Plugins Catalog`_.
|
||||
|
||||
#. Copy the plugin on already installed Fuel Master node::
|
||||
|
||||
[user@home ~]$ scp vpnaas-plugin-1.2-1.2.0-1.noarch.rpm root@:/
|
||||
<the_Fuel_Master_node_IP>:~/
|
||||
|
||||
#. Log into the Fuel Master node. Install the plugin::
|
||||
|
||||
[root@fuel ~]# fuel plugins --install vpnaas-plugin-1.2-1.2.0-1.noarch.rpm
|
||||
|
||||
#. Verify that the plugin is installed correctly::
|
||||
|
||||
[root@fuel ~]# fuel plugins --list
|
||||
id | name | version | package_version
|
||||
---|---------------|---------|----------------
|
||||
1 | vpnaas_plugin | 1.2.0 | 2.0.0
|
||||
|
||||
|
||||
Creating Environment with VPNaaS
|
||||
++++++++++++++++++++++++++++++++
|
||||
|
||||
#. After plugin is installed, create a new OpenStack environment with Neutron.
|
||||
|
||||
#. `Configure your environment`_.
|
||||
|
||||
#. Open the Settings tab of the Fuel web UI and scroll down the page. Select
|
||||
VPNaaS plugin checkbox:
|
||||
|
||||
.. image:: _static/vpnaas_in_fuel_ui.png
|
||||
|
||||
#. `Deploy your environment`_.
|
||||
|
||||
|
||||
**********
|
||||
References
|
||||
**********
|
||||
|
||||
.. target-notes::
|
||||
.. _Fuel Plugins Catalog: https://software.mirantis.com/download-mirantis-openstack-fuel-plug-ins
|
||||
.. _Configure your environment: http://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#configure-your-environment
|
||||
.. _Deploy your environment: http://docs.mirantis.com/openstack/fuel/fuel-7.0/user-guide.html#deploy-changes
|
|
@ -0,0 +1,84 @@
|
|||
.. _overview:
|
||||
|
||||
Document purpose
|
||||
================
|
||||
|
||||
This document provides instructions for installing, configuring and using
|
||||
Neutron Firewall-as-a-Service plugin for Fuel.
|
||||
|
||||
|
||||
Key terms, acronyms and abbreviations
|
||||
-------------------------------------
|
||||
|
||||
+----------------------------+------------------------------------------------+
|
||||
| Term/abbreviation | Definition |
|
||||
+============================+================================================+
|
||||
| VPNaaS | VPN-as-a-Service. Neutron extension used to |
|
||||
| | connect 2 private networks via Internet. |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| IPSec | Internet Protocol Security (IPsec) is a |
|
||||
| | protocol suite for securing Internet Protocol |
|
||||
| | (IP) communications by authenticating and |
|
||||
| | encrypting each IP packet of a communication |
|
||||
| | session. |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| OpenSwan | An IPsec implementation for Linux. It has |
|
||||
| | support for most of the extensions (RFC + IETF |
|
||||
| | drafts) related to IPsec, including IKEv2, |
|
||||
| | X.509 Digital Certificates, NAT Traversal, and |
|
||||
| | many others. |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| IKE | Internet Key Exchange is the protocol used to |
|
||||
| | set up a security association (SA) in the IPsec|
|
||||
| | protocol suit. |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| VM | Virtual Machine (Instance) |
|
||||
+----------------------------+------------------------------------------------+
|
||||
|
||||
|
||||
VPNaaS Plugin
|
||||
-------------
|
||||
|
||||
VPNaaS (VPN-as-a-Service) Fuel plugin provides an opportunity to deploy and
|
||||
configure a VPNaaS Neutron extension. VPNaaS Neutron extension introduces VPN
|
||||
feature set in Neutron which is based on Openswan (opensource IPSec
|
||||
implementation). The main goal is to provide VPN connection as a service
|
||||
between 2 private networks over the public network (in general via Internet).
|
||||
|
||||
That means, you can build a VPN connection between 2 private subnets, which can
|
||||
be placed in 2 different tenants and separate OpenStack clouds — for example,
|
||||
premise and hosted clouds in a hybrid application.
|
||||
|
||||
|
||||
Requirements
|
||||
------------
|
||||
|
||||
|
||||
+----------------------------+------------------------------------------------+
|
||||
| Requirement | Version/Comment |
|
||||
+============================+================================================+
|
||||
| Fuel | 7.0 release |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| OpenStack compatibility | 2015.1 Kilo |
|
||||
+----------------------------+------------------------------------------------+
|
||||
| Operating systems | Ubuntu 14.04 LTS |
|
||||
+----------------------------+------------------------------------------------+
|
||||
|
||||
|
||||
Limitations
|
||||
-----------
|
||||
|
||||
VPNaaS plugin can be enabled only in environments with Neutron with ML2 plugin
|
||||
with OpenVSwitch Mechanism driver (default configuration) as the networking
|
||||
option and tested only with the OpenSwan driver.
|
||||
|
||||
|
||||
Known issues
|
||||
------------
|
||||
|
||||
* `[VPNaaS] Active VPN connection goes down after controller shutdown/start`_
|
||||
|
||||
|
||||
.. target-notes::
|
||||
.. _[VPNaaS] Active VPN connection goes down after controller shutdown/start: https://bugs.launchpad.net/mos/+bug/1500876
|
||||
|
|
@ -0,0 +1,244 @@
|
|||
|
||||
.. _user-guide:
|
||||
|
||||
User Guide
|
||||
==========
|
||||
|
||||
Configuring VPNaaS service
|
||||
-------------------------
|
||||
|
||||
|
||||
Once OpenStack has been deployed, we can start configuring VPNaaS.
|
||||
|
||||
This section provides an example of configuration and step-by-step instructions
|
||||
for configuring the plugin.
|
||||
|
||||
Here is an example task. Let’s imagine that we have 2 Clouds, Public and Private
|
||||
(Cloud A and B). Each cloud has a Project with a private network which is
|
||||
connected to the Internet via router. In real life, Private networks are very
|
||||
often placed behind the NAT just like in our case.
|
||||
|
||||
Project:
|
||||
|
||||
.. figure:: _static/net_arch.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
In this network topology, we have a public Cloud A, directly connected to the
|
||||
real public network and private Cloud B, connected to the corporate private
|
||||
network and placed behind NAT (Bastion router).
|
||||
|
||||
Let’s get started.
|
||||
|
||||
Please, note the following when configuring VPNaaS plugin:
|
||||
|
||||
1. This is important for setting up VPNaaS, since router gateway IP addresses
|
||||
and other settings made to configure the VPN connection are only visible to
|
||||
the user who has an admin role.
|
||||
|
||||
.. figure:: _static/admin_role.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
2. Once your VPN is connected, you’ll probably want to use a range of apps and
|
||||
methods to communicate across it. So, you need to be aware that every Project
|
||||
in OpenStack is assigned the default security group for the cluster in its
|
||||
default form, which is usually restrictive. So you’ll probably need to create
|
||||
a few additional rules in each Project’s default security group: like a
|
||||
general ICMP rule, enabling pings, and a port 22 TCP rule, enabling SSH.
|
||||
|
||||
.. figure:: _static/security_groups.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
Configure VPNaaS on Cloud A
|
||||
+++++++++++++++++++++++++++
|
||||
|
||||
1. Let’s configure VPN. To do that, please select *Network* option in the
|
||||
left-hand menu and click *VPN*.
|
||||
|
||||
.. figure:: _static/a_select_vpn.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
2. Create **IKE Policy**
|
||||
|
||||
#. Enter *KE Policies* tab and click *Add IKE Policy* button (see the
|
||||
screenshot above).
|
||||
#. We would recommend that you changed the Encryption algorithm, which should
|
||||
be set to **aes-256** and IKE version which should be **v2**.
|
||||
|
||||
.. figure:: _static/a_create_ike_policy.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
3. Create **IPsec Policy**
|
||||
|
||||
#. Enter *IPSec Policies* tab and click *Add IPSec Policy* button (see the
|
||||
screenshot in step 1 of this section).
|
||||
#. The defaults are fine, though it’s recommended to use **aes-256** encryption.
|
||||
Please pay attention that we should keep **tunnel** *Encapsulation mode*,
|
||||
because this mode allows to build tunnel between 2 private networks over
|
||||
public (**transport** is used only for the host-to-host VPN connection)
|
||||
and **esp** *Transform protocol* which provides encryption for the payload
|
||||
data.
|
||||
|
||||
.. figure:: _static/a_create_ipsec_policy.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
4. Create the **VPN Service**.
|
||||
#. Enter *VPN Service* tab and click *Add VPN Service* button (see the
|
||||
screenshot in step 1 of this section).
|
||||
#. Here select a router that will work as our VPN gateway — that’s the
|
||||
local router; You should also pick up a subnet to make visible at the
|
||||
other end: that’s our local subnet. As noted, the main thing to
|
||||
**remember is that VPN will not work if the subnets at both ends
|
||||
overlap**
|
||||
|
||||
.. figure:: _static/a_create_vpn_service.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
5. Create **IPSec Site Connection**.
|
||||
|
||||
#. Enter *IPSec Site Connection* tab and click *Add IPSec Site Connection*
|
||||
button.
|
||||
#. This is the only mildly-tricky thing about setting up a VPN using VPNaaS.
|
||||
We start by identifying our **VPN Service**, our **IKE Policy** and our
|
||||
**IPSec Policy**, defined just a moment before — that’s easy.
|
||||
|
||||
.. figure:: _static/a_create_ipsec_site_connection.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
#. To finish, however, we’ll need to get some information about the
|
||||
**network architecture** in **Cloud_B**. Cloud_B has the **Bastion**,
|
||||
which is connected to the public network and also is used as NAT for
|
||||
the corporate network. For the building VPN connection through the NAT,
|
||||
IPSec has NAT-Traversal mechanism which is enabled by default.
|
||||
|
||||
.. figure:: _static/a_bastion_arch.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
#. So let’s flip to Project_B’s Horizon, making sure we’re logged in as the
|
||||
admin, so we can see the info we need to know. Here we need to specify
|
||||
**Bastion’s public IP address** in *Peer gateway public IPv4/IPv6 Address
|
||||
or FQDN* slot (see step 5):
|
||||
|
||||
.. figure:: _static/a_fill_bastion_parameters.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
#. Further we specify Peer gateway public IPV4 address or fully-qualified
|
||||
domain name for Project_B’s router. This can be found by going to
|
||||
Project_B’s *Network* tab, clicking on Router_B, the router name, and
|
||||
copying the **IP address shown for the External gateway interface:** in
|
||||
our case, it’s 172.24.4.45. This is the thing you won’t be able to see
|
||||
if you’re not in the admin role for this project.
|
||||
|
||||
.. figure:: _static/a_router_b_details.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
#. This IP address goes into *Peer router identity for authentication
|
||||
*(Peer ID)* slots in the *IPSec Site Connection* edit dialog for
|
||||
Project_A (see step 5):
|
||||
|
||||
.. figure:: _static/a_fill_router_b_parameters.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
#. The second piece of info is the *CIDR range* for Project_B’s subnet.
|
||||
Again, go to Project_B’s Horizon, click the *Network* tab, click on
|
||||
network, and copy the subnet CIDR range, which is 22.0.0.0/24.
|
||||
|
||||
.. figure:: _static/a_get_b_network_parameters.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
#. We’ll put that into the *Remote Peer Subnet* slot on Project_A’s *IPSec
|
||||
Site Connection* dialog. Then to finish setting up Project_A’s IPSec
|
||||
Site Connection, we’ll provide a **pre-shared key password** — same on
|
||||
both sides — for authentication. The rest of the parameters can be left
|
||||
as defaults — if you change them, they should match on both sides of the
|
||||
connection (see step 5):
|
||||
|
||||
.. figure:: _static/a_fill_subnet_and_key.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
|
||||
Configure VPNaaS on Cloud B
|
||||
+++++++++++++++++++++++++++
|
||||
|
||||
Now let’s quickly set up the other end of the VPNaaS connection, over on
|
||||
Project_B. We’ll make sure protocol details and policies match.
|
||||
|
||||
1. On Project_B’s *PSec Site Connection* tab, we’ll provide — in two places —
|
||||
the peer **gateway public IP address** for Project_A’s router and **subnet
|
||||
IP address range**.
|
||||
|
||||
2. Now we set up the same components on Project_B. Setting up **IKE Policy**,
|
||||
**IPSec Policy** and **VPN Service** are simple. For the IPSec Site
|
||||
Connection, we’ll need the same two pieces of info from Project_A that we
|
||||
needed for Project_B. Here, we’re grabbing Project_A’s **external router IP**
|
||||
address.
|
||||
|
||||
.. figure:: _static/b_router_a_details.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
3. And here, we’re grabbing Project_A’s **local network IP address range**.
|
||||
|
||||
.. figure:: _static/b_subnet_a_details.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
4. Create **Sec Site Connection**
|
||||
|
||||
* Since Cloud_A is connected to the public network directly we just drop the
|
||||
**router IP** into two slots of Project_B’s *IPSec Site Connection*
|
||||
dialog, and supply the **Pre-shared password**.
|
||||
* Then we click Add, and the VPN sets itself up.
|
||||
|
||||
.. figure:: _static/b_add_ipsec_site_connection.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
5. Once you click *Add* on the *IPSec Site Connection* tab, you’ll have to wait
|
||||
a little bit for your VPN to go to **Active** status (see *Status* column in
|
||||
the *IPSec Site Connections* tab). If that doesn’t happen within a few
|
||||
minutes, there’s probably something wrong with your settings. If this
|
||||
happens, check to make sure that protocol details on both sides match, that
|
||||
correct router gateway and subnet address range info for each side has been
|
||||
provided in the other side’s *IPSec Site Connection* tab, that PSK passwords
|
||||
match, and that subnet IP address ranges don’t overlap. We’re connected!
|
||||
The IPSec Site Connection shows as **Active** at both ends.
|
||||
|
||||
.. figure:: _static/b_vpn_is_active.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
|
||||
Testing connectivity
|
||||
++++++++++++++++++++
|
||||
|
||||
Let’s open console of VM A on the Cloud_A,log into and try to ping VM B
|
||||
using their internal (not public) IP addresses.
|
||||
|
||||
.. figure:: _static/a_test_vpn.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
Then do the same from console of VM B.
|
||||
|
||||
.. figure:: _static/b_test_vpn.png
|
||||
:scale: 100 %
|
||||
:align: center
|
||||
|
||||
So it works!!! Now we have VPN connection between 2 private networks Net_70
|
||||
(placed in Cloud_A/Project_A) and Net_22 (placed in Cloud_B/Project_B) and the
|
||||
virtual machines connected to these networks have secure direct connectivity.
|
||||
|