From 51a65a7286ee1e8c1ab69b2ef809dacde88cd508 Mon Sep 17 00:00:00 2001
From: Thomas Duval <thomas.duval@orange.com>
Date: Fri, 12 Aug 2016 15:28:34 +0200
Subject: Add documentation for OPNFV

Change-Id: I38c136308610bd414d73ca98faa71e9202d6361a
---
 docs/configurationguide/index.rst | 198 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 198 insertions(+)
 create mode 100644 docs/configurationguide/index.rst

(limited to 'docs/configurationguide/index.rst')

diff --git a/docs/configurationguide/index.rst b/docs/configurationguide/index.rst
new file mode 100644
index 00000000..4001a63e
--- /dev/null
+++ b/docs/configurationguide/index.rst
@@ -0,0 +1,198 @@
+.. This work is licensed under a Creative Commons Attribution 4.0 International License.
+.. http://creativecommons.org/licenses/by/4.0
+.. (c) ruan.he@orange.com & thomas.duval@orange.com
+
+******************************
+OPNFV MOON configuration guide
+******************************
+
+.. toctree::
+   :numbered:
+   :maxdepth: 2
+
+
+============
+Introduction
+============
+
+Moon must be configured through the standard Keystone configuration files and the standard KeystoneMiddleware configuration files:
+* /etc/keystone/keystone-paste.ini
+* /etc/keystone/keystone.conf
+* /etc/nova/api-paste.ini
+* /etc/swift/proxy-server.conf
+
+There is no other custom configuration file.
+
+=============
+Configuration
+=============
+
+Keystone
+========
+
+For Keystone, the following files must be configured, some modifications may be needed, specially passwords:
+
+/etc/keystone/keystone-paste.ini
+
+.. code-block:: bash
+
+    sudo cp /etc/keystone/keystone-paste.ini /etc/keystone/keystone-paste.ini.bak
+    sudo sed "3i[pipeline:moon_pipeline]\npipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension_v3 s3_extension moon_service\n\n[app:moon_service]\nuse = egg:keystone#moon_service\n" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini
+    sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini
+    sudo sed "s/use = egg:Paste#urlmap/use = egg:Paste#urlmap\n\/moon = moon_pipeline/" /etc/keystone/keystone-paste.ini > /tmp/keystone-paste.ini
+    sudo cp /tmp/keystone-paste.ini /etc/keystone/keystone-paste.ini
+
+/etc/keystone/keystone.conf
+
+.. code-block:: bash
+
+    cat << EOF | sudo tee -a /etc/keystone/keystone.conf
+    [moon]
+
+    # Configuration backend driver
+    configuration_driver = keystone.contrib.moon.backends.memory.ConfigurationConnector
+
+    # Tenant backend driver
+    tenant_driver = keystone.contrib.moon.backends.sql.TenantConnector
+
+    # Authorisation backend driver
+    authz_driver = keystone.contrib.moon.backends.flat.SuperExtensionConnector
+
+    # IntraExtension backend driver
+    intraextension_driver = keystone.contrib.moon.backends.sql.IntraExtensionConnector
+
+    # InterExtension backend driver
+    interextension_driver = keystone.contrib.moon.backends.sql.InterExtensionConnector
+
+    # Logs backend driver
+    log_driver = keystone.contrib.moon.backends.flat.LogConnector
+
+    # Local directory where all policies are stored
+    policy_directory = /etc/keystone/policies
+
+    # Local directory where Root IntraExtension configuration is stored
+    root_policy_directory = policy_root
+
+    # URL of the Moon master
+    master = 'http://localhost:35357/'
+
+    # Login of the Moon master
+    master_login = 'admin'
+
+    # Password of the Moon master
+    master_password = 'nomoresecrete'
+    EOF
+
+
+The logging system must be configured :
+
+.. code-block:: bash
+
+    sudo mkdir /var/log/moon/
+    sudo chown keystone /var/log/moon/
+
+    sudo addgroup moonlog
+
+    sudo chgrp moonlog /var/log/moon/
+
+    sudo touch /var/log/moon/keystonemiddleware.log
+    sudo touch /var/log/moon/system.log
+
+    sudo chgrp moonlog /var/log/moon/keystonemiddleware.log
+    sudo chgrp moonlog /var/log/moon/system.log
+    sudo chmod g+rw /var/log/moon
+    sudo chmod g+rw /var/log/moon/keystonemiddleware.log
+    sudo chmod g+rw /var/log/moon/system.log
+
+    sudo adduser keystone moonlog
+    sudo adduser swift moonlog
+    sudo adduser nova moonlog
+
+The Keystone database must be updated:
+
+.. code-block:: bash
+
+    sudo /usr/bin/keystone-manage db_sync
+    sudo /usr/bin/keystone-manage db_sync --extension moon
+
+And, Apache must be restarted:
+
+.. code-block:: bash
+
+    sudo systemctl restart apache.service
+
+Nova
+====
+
+In order to Nova to be able to communicate with Keystone-Moon, you must update the Nova KeystoneMiddleware configuration file.
+To achieve this, a new filter must be added in `/etc/nova/api-paste.ini` and this filter must be added to the composite data.
+The filter is:
+
+.. code-block:: bash
+
+    [filter:moon]
+    paste.filter_factory = keystonemiddleware.moon_agent:filter_factory
+    authz_login=admin
+    authz_password=password
+    logfile=/var/log/moon/keystonemiddleware.log
+
+Here is some bash lines to insert this into the Nova configuration file:
+
+.. code-block:: bash
+
+    sudo cp /etc/nova/api-paste.ini /etc/nova/api-paste.ini.bak2
+    sudo sed "/^keystone = / s/keystonecontext/keystonecontext moon/" /etc/nova/api-paste.ini > /tmp/api-paste.ini
+    sudo cp /tmp/api-paste.ini /etc/nova/api-paste.ini
+
+    echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/nova/api-paste.ini
+
+Nova can then be restarted:
+
+.. code-block:: bash
+
+    for service in nova-compute nova-api nova-cert nova-conductor nova-consoleauth nova-scheduler ; do
+        sudo service ${service} restart
+    done
+
+Swift
+=====
+
+In order to Swift to be able to communicate with Keystone-Moon, you must update the Swift KeystoneMiddleware configuration file.
+To achieve this, a new filter must be added in `/etc/swift/proxy-server.conf` and this filter must be added to the composite data.
+The filter is (exactly the same as Nova):
+
+.. code-block:: bash
+
+    [filter:moon]
+    paste.filter_factory = keystonemiddleware.moon_agent:filter_factory
+    authz_login=admin
+    authz_password=password
+    logfile=/var/log/moon/keystonemiddleware.log
+
+Here is some bash lines to insert this into the Nova configuration file:
+
+.. code-block:: bash
+
+    sudo cp /etc/swift/proxy-server.conf /etc/swift/proxy-server.conf.bak2
+    sudo sed "/^pipeline = / s/proxy-server/moon proxy-server/" /etc/swift/proxy-server.conf > /tmp/proxy-server.conf
+    sudo cp /tmp/proxy-server.conf /etc/swift/proxy-server.conf
+
+    echo -e "\n[filter:moon]\npaste.filter_factory = keystonemiddleware.moon_agent:filter_factory\nauthz_login=admin\nauthz_password=password\nlogfile=/var/log/moon/keystonemiddleware.log\n" | sudo tee -a /etc/swift/proxy-server.conf
+
+Swift can then be restarted:
+
+.. code-block:: bash
+
+    for service in swift-account swift-account-replicator \
+                    swift-container-replicator  swift-object swift-object-updater \
+                    swift-account-auditor swift-container swift-container-sync \
+                    swift-object-auditor swift-proxy swift-account-reaper swift-container-auditor \
+                    swift-container-updater swift-object-replicator ; do
+        sudo service ${service} status
+    done
+
+
+
+Revision: _sha1_
+
+Build date: |today|
\ No newline at end of file
-- 
cgit 1.2.3-korg