summaryrefslogtreecommitdiff
path: root/doc/source/template_guide/multi-clouds.rst
diff options
context:
space:
mode:
Diffstat (limited to 'doc/source/template_guide/multi-clouds.rst')
-rw-r--r--doc/source/template_guide/multi-clouds.rst52
1 files changed, 25 insertions, 27 deletions
diff --git a/doc/source/template_guide/multi-clouds.rst b/doc/source/template_guide/multi-clouds.rst
index 6509d1a08..e6266db46 100644
--- a/doc/source/template_guide/multi-clouds.rst
+++ b/doc/source/template_guide/multi-clouds.rst
@@ -13,10 +13,10 @@ multi-clouds features, and what's the environment requirement.
.. note:: If you like to create a stack in multi-region environment,
you don't need this feature at all. all you need to do is provide
- `region_name` under `context` property for `OS::Heat::Stack`_.
+ `region_name` under `context` property for :ref:`OS::Heat::Stack`.
If you like to see information on how to provide SSL support for
your multi-region environment, you can jump to `Use CA
- cert(Optional)`_ .
+ cert (Optional)`_ .
Requirements
~~~~~~~~~~~~
@@ -58,17 +58,23 @@ Gathering credential information
Before we start generating secret, let's talk about what credential format we
need. credential is a JSON format string contains two keys ``auth_type``, and
``auth``. ``auth_type``, and ``auth`` following auth plugin loader rules from
-Keystone. You can find `plugin options`_ and `authentication plugins`_ in
-keystoneauth documents.
+Keystone. You can find :keystoneauth-doc:`plugin options
+<plugin-options.html>` and :keystoneauth-doc:`authentication plugins
+<authentication-plugins.html#loading-plugins-by-name>` in keystoneauth
+documents.
* **auth_type** - ``auth_type`` is a string for plugin name. Allows value like
`v3applicationcredential`, `password`, `v3oidcclientcredentials`, etc. You
- need to provide `available plugins`_.
+ need to provide `available plugins
+ <plugin-options.html#available-plugins>`.
* **auth** - auth is a dictionary contains all parameters for plugins to
perform authentication. You can find all valid parameter references from
- `available plugins`_ or get to all class path from `plugin names`_ for more
- detail allowed value or trace plugin class from there.
+ :keystoneauth-doc:`available plugins
+ <plugin-options.html#available-plugins>` or get to all class path from
+ :keystoneauth-doc:`plugin names
+ <authentication-plugins.html#loading-plugins-by-name>` for more detail
+ allowed value or trace plugin class from there.
As you can tell, all allowed authentication plugins for credentials follows
plugins keystoneauth rules. So once new change in keystoneauth, it will also
@@ -81,15 +87,18 @@ Validate your credential
------------------------
Now you have all your credential information ready, try to validate first if
-you can. You can either directly test them `via config`_, `via CLI`_, or
-`via keystoneauth sessions`_.
+you can. You can either directly test them :keystoneauth-doc:`via config
+<plugin-options.html#using-plugins-via-config-file>`,
+:keystoneauth-doc:`via CLI <plugin-options.html#using-plugins-via-cli>`,
+or :keystoneauth-doc:`via keystoneauth sessions <using-sessions.html>`.
build credential secret
-----------------------
-Once you're sure it's valid, we can start building the secret out.
-To build a secret you just have to follow standard Barbican CLI_ or API to
-store your secret.
+Once you're sure it's valid, we can start building the secret out. To build a
+secret you just have to follow the standard
+:python-barbicanclient-doc:`Barbican CLI <cli/cli_usage.html#secret-create>` or
+API to store your secret.
The local site will read this secret to perform stack actions in remote site.
Let's give a quick example here:
@@ -111,9 +120,8 @@ Create remote stacks
Now, you have a secret id generated for your Barbican secret. Use that id as
input for template.
-To create a remote stack, you can simply use `OS::Heat::Stack`_ resource, as
-child stack in your template (we also referring this structure as
-`nested stack`).
+To create a remote stack, you can simply use an :ref:`OS::Heat::Stack` resource
+in your template.
In resource properties, provide `credential_secret_id` (Barbican secret ID
from the secret we just builded for credential) under `context` property.
@@ -146,8 +154,8 @@ won't affect resources/stacks in remote site. So do such actions with super
care.
-Use CA cert(Optional)
----------------------
+Use CA cert (Optional)
+----------------------
For production clouds, it's very important to have SSL support. Here we
provide CA cert method for your SSL access. If you wish to use that, use
@@ -174,13 +182,3 @@ Here is an example for you:
template: { get_file: "remote-app.yaml" }
.. note:: If insecure flag is on, ca_cert will be ignored.
-
-.. _`plugin options`: https://docs.openstack.org/keystoneauth/latest/plugin-options.html
-.. _`authentication plugins`: https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html#loading-plugins-by-name
-.. _`plugin names`: https://docs.openstack.org/keystoneauth/latest/authentication-plugins.html#loading-plugins-by-name
-.. _`available plugins`: https://docs.openstack.org/keystoneauth/latest/plugin-options.html#available-plugins
-.. _`via keystoneauth sessions`: https://docs.openstack.org/keystoneauth/latest/using-sessions.html
-.. _`via config`: https://docs.openstack.org/keystoneauth/latest/plugin-options.html#using-plugins-via-config-file
-.. _`via CLI`: https://docs.openstack.org/keystoneauth/latest/plugin-options.html#using-plugins-via-cli
-.. _CLI: https://docs.openstack.org/python-barbicanclient/latest/cli/cli_usage.html#secret-create
-.. _`OS::Heat::Stack`: https://docs.openstack.org/heat/rocky/template_guide/openstack.html#OS::Heat::Stack
View Lorry Controller Status