wip architecture, a few auth formatting fixes, binaries, and overview

doc/source/architecture.rst

@@ -1,6 +1,6 @@
 ..
       Copyright 2010 United States Government as represented by the
-      Administrator of the National Aeronautics and Space Administration. 
+      Administrator of the National Aeronautics and Space Administration.
       All Rights Reserved.
 
       Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -30,14 +30,16 @@ Below you will find a helpful explanation.
 
 ::
 
-              [ User Manager ] ---- ( LDAP )
-                        |  
-                        |                / [ Storage ] - ( ATAoE )
-  [ API server ] -> [ Cloud ]  < AMQP >   
-                        |                \ [ Nodes ]   - ( libvirt/kvm )
-                    < HTTP >
-                        |
-                     [ S3  ]
+                    [ Auth  Manager ] ---- ( LDAP )
+                            |
+                            |
+                            |
+                            |                / [ Storage ] - ( ATAoE/iSCSI )
+  [ Web Dashboard ] -> [ nova-api ]  < AMQP > -
+                            |                \ [ Nodes ]   - ( libvirt/kvm )
+                         < HTTP >
+                            |
+                    [ nova-objectstore ]
 
 
 * API: receives http requests from boto, converts commands to/from API format, and sending requests to cloud controller

doc/source/auth.rst

@@ -24,7 +24,7 @@ from etherpad todo
 ------------------
 
 ::
-  * FIX RST IMPORT ERRORS
+
   * Manager
   * Driver
     * ldap
@@ -65,46 +65,47 @@ Roles
 
 AWS API calls are traditionally secured via Access and Secret Keys, which are used to sign API calls, along with traditional timestamps to prevent replay attacks. The APIs can be logically grouped into sets that align with five typical roles:
 
-*	System User
-*	System Administrator
+*	Base User
+*	System Administrator/Developer (currently have the same permissions)
 *	Network Administrator
 *	Project Manager
-*	Cloud Administrator
-*	IT-Security
+*	Cloud Administrator/IT-Security (currently have the same permissions)
 
 There is an additional, conceptual end-user that may or may not have API access:
 
 *	(EXTERNAL) End-user / Third-party User
 
-Basic operations are available to any System User:
+Basic operations are available to any :
 
-*	Launch Instance
-*	Terminate Instance (their own)
-*	Create keypair
-*	Delete keypair
-*	Create, Upload, Delete: Buckets and Keys (Object Store) – their own
-*	Create, Attach, Delete Volume (Block Store) – their own
+*	Describe Instances
+*	Describe Images
+*	Describe Volumes
+*	Describe Keypairs
+*	Create Keypair
+*	Delete Keypair
+*	Create, Upload, Delete: Buckets and Keys (Object Store)
 
-System Administrators:
+System Administrators/Developers/Project Manager:
 
+*	Create, Attach, Delete Volume (Block Store)
+*	Launch, Reboot, Terminate Instance
 *	Register/Unregister Machine Image (project-wide)
-*	Change Machine Image properties (public / private)
 *	Request / Review CloudAudit Scans
 
-Network Administrator:
-
-*	Change Firewall Rules, define Security Groups
-*	Allocate, Associate, Deassociate Public IP addresses
-
 Project Manager:
 
-*	Launch and Terminate Instances (project-wide)
-*	CRUD of Object and Block store (project-wide)
+*	Add and remove other users (currently no api)
+*	Set roles (currently no api)
 
-Cloud Administrator:
+Network Administrator:
 
-*	Register / Unregister Kernel and Ramdisk Images
-*	Register / Unregister Machine Image (any)
+*	Change Machine Image properties (public / private)
+*	Change Firewall Rules, define Security Groups
+*	Allocate, Associate, Deassociate Public IP addresses
+
+Cloud Administrator/IT-Security:
+
+*	All permissions
 
 Enhancements
 ------------

doc/source/binaries.rst

@@ -1,6 +1,6 @@
 ..
       Copyright 2010 United States Government as represented by the
-      Administrator of the National Aeronautics and Space Administration. 
+      Administrator of the National Aeronautics and Space Administration.
       All Rights Reserved.
 
       Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -18,14 +18,43 @@
 Nova Binaries
 ===============
 
-* nova-api
-* nova-compute
-* nova-manage
-* nova-objectstore
-* nova-volume
+The configuration of these binaries relies on "flagfiles" using the google
+gflags package::
 
-The configuration of these binaries relies on "flagfiles" using the google 
-gflags package. If present, the nova.conf file will be used as the flagfile 
-- otherwise, it must be specified on the command line::
-   
-   $ python node_worker.py --flagfile flagfile
+   $ nova-xxxxx --flagfile flagfile
+
+The binaries can all run on the same machine or be spread out amongst multiple boxes in a large deployment.
+
+nova-manage
+-----------
+
+Nova manage is a command line utility to administer the system.  It will autmatically try to load a flagfile from /etc/nova/nova-manage.conf to save you having to type it. Info on the commands can be found :ref:`here <manage_usage>`.
+
+nova-api
+--------
+
+Nova api receives xml requests and sends them to the rest of the system.  It is a wsgi app that routes and authenticate requests.  It supports the ec2 and openstack apis.
+
+nova-objectstore
+----------------
+
+Nova objectstore is an ultra simple file-based storage system for images that replicates most of the S3 Api.  It will soon be replaced with glance and a simple image manager.
+
+nova-compute
+------------
+
+Nova compute is responsible for managing virtual machines.  It loads a Service object  which exposes the public methods on ComputeManager via rpc.
+
+nova-volume
+-----------
+
+Nova volume is responsible for managing attachable block storage devices. It loads a Service object which exposes the public methods on VolumeManager via rpc.
+
+nova-network
+------------
+
+Nova network is responsible for managing floating and fixed ips, dhcp, bridging and vlans.  It loads a Service object which exposes the public methods on one of the subclasses of NetworkManager.  Different networking strategies are as simple as changing the network_manager flag::
+
+   $ nova-network --network_manager=nova.network.manager.FlatManager
+
+IMPORTANT: Make sure that you also set the network_manager on nova-api and nova_compute, since make some calls to network manager in process instead of through rpc.  More information on the interactions between services, managers, and drivers can be found :ref:`here <service_manager_driver>`

doc/source/concepts.and.introduction.rst

@@ -135,6 +135,9 @@ Concept: Services
 * nova-network
 * nova-instancemonitor
 
+
+.. _manage_usage:
+
 Concept: nova-manage
 --------------------
 

doc/source/services.rst

@@ -1,6 +1,6 @@
 ..
       Copyright 2010 United States Government as represented by the
-      Administrator of the National Aeronautics and Space Administration. 
+      Administrator of the National Aeronautics and Space Administration.
       All Rights Reserved.
 
       Licensed under the Apache License, Version 2.0 (the "License"); you may
@@ -15,17 +15,18 @@
       License for the specific language governing permissions and limitations
       under the License.
 
-Services
-========
+.. _service_manager_driver:
 
-Admin guide should go beyoned concepts & introduction by talking about how
-each service interacts with each other, what requirements for deployment are,
-monotoring, logging, etc
+Services Managers and Drivers
+=============================
 
+Describe division of responsibilities for each component.
 
-* nova-api
-* nova-scheduler
-* nova-compute
-* nova-volume
-* nova-network
-* nova-instancemonitor
+Service
+-------
+
+Manager
+-------
+
+Driver
+------