diff --git a/doc-tools-check-languages.conf b/doc-tools-check-languages.conf
index 9027a27e06..5120f053ec 100644
--- a/doc-tools-check-languages.conf
+++ b/doc-tools-check-languages.conf
@@ -35,4 +35,6 @@ declare -A SPECIAL_BOOKS=(
["user-guide"]="RST"
["user-guide-admin"]="RST"
["networking-guide"]="RST"
+ # Skip guide while it's moved to RST.
+ ["admin-guide-cloud-rst"]="skip"
)
diff --git a/doc/admin-guide-cloud-rst/setup.cfg b/doc/admin-guide-cloud-rst/setup.cfg
new file mode 100644
index 0000000000..5931598771
--- /dev/null
+++ b/doc/admin-guide-cloud-rst/setup.cfg
@@ -0,0 +1,36 @@
+[metadata]
+name = openstackcloudadminguide
+summary = OpenStack Cloud Administrator Guide
+author = OpenStack
+author-email = openstack-docs@lists.openstack.org
+home-page = http://docs.openstack.org/
+classifier =
+Environment :: OpenStack
+Intended Audience :: Information Technology
+Intended Audience :: System Administrators
+License :: OSI Approved :: Apache Software License
+Operating System :: POSIX :: Linux
+Programming Language :: Python
+Programming Language :: Python :: 2
+Programming Language :: Python :: 2.6
+Programming Language :: Python :: 2.7
+Programming Language :: Python :: 3
+Programming Language :: Python :: 3.3
+Topic :: Documentation
+
+[global]
+setup-hooks =
+ pbr.hooks.setup_hook
+
+[files]
+
+[build_sphinx]
+all_files = 1
+build-dir = build
+source-dir = source
+
+[wheel]
+universal = 1
+
+[pbr]
+warnerrors = True
diff --git a/doc/admin-guide-cloud-rst/setup.py b/doc/admin-guide-cloud-rst/setup.py
new file mode 100644
index 0000000000..736375744d
--- /dev/null
+++ b/doc/admin-guide-cloud-rst/setup.py
@@ -0,0 +1,30 @@
+#!/usr/bin/env python
+# Copyright (c) 2013 Hewlett-Packard Development Company, L.P.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# THIS FILE IS MANAGED BY THE GLOBAL REQUIREMENTS REPO - DO NOT EDIT
+import setuptools
+
+# In python < 2.7.4, a lazy loading of package `pbr` will break
+# setuptools if some other modules registered functions in `atexit`.
+# solution from: http://bugs.python.org/issue15881#msg170215
+try:
+ import multiprocessing # noqa
+except ImportError:
+ pass
+
+setuptools.setup(
+ setup_requires=['pbr'],
+ pbr=True)
diff --git a/doc/admin-guide-cloud-rst/source/common b/doc/admin-guide-cloud-rst/source/common
new file mode 120000
index 0000000000..70c1930ee7
--- /dev/null
+++ b/doc/admin-guide-cloud-rst/source/common
@@ -0,0 +1 @@
+../../common-rst
\ No newline at end of file
diff --git a/doc/admin-guide-cloud-rst/source/conf.py b/doc/admin-guide-cloud-rst/source/conf.py
new file mode 100644
index 0000000000..9ebd1f04b7
--- /dev/null
+++ b/doc/admin-guide-cloud-rst/source/conf.py
@@ -0,0 +1,299 @@
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
+# implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+# This file is execfile()d with the current directory set to its
+# containing dir.
+#
+# Note that not all possible configuration values are present in this
+# autogenerated file.
+#
+# All configuration values have a default; values that are commented out
+# serve to show the default.
+
+import os
+# import sys
+
+
+import openstackdocstheme
+
+# If extensions (or modules to document with autodoc) are in another directory,
+# add these directories to sys.path here. If the directory is relative to the
+# documentation root, use os.path.abspath to make it absolute, like shown here.
+# sys.path.insert(0, os.path.abspath('.'))
+
+# -- General configuration ------------------------------------------------
+
+# If your documentation needs a minimal Sphinx version, state it here.
+# needs_sphinx = '1.0'
+
+# Add any Sphinx extension module names here, as strings. They can be
+# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom
+# ones.
+# TODO(ajaeger): enable PDF building, for example add 'rst2pdf.pdfbuilder'
+# extensions =
+
+# Add any paths that contain templates here, relative to this directory.
+# templates_path = ['_templates']
+
+# The suffix of source filenames.
+source_suffix = '.rst'
+
+# The encoding of source files.
+# source_encoding = 'utf-8-sig'
+
+# The master toctree document.
+master_doc = 'index'
+
+# General information about the project.
+project = u'Cloud Administrator Guide'
+
+copyright = u'2015, OpenStack contributors'
+
+# The version info for the project you're documenting, acts as replacement for
+# |version| and |release|, also used in various other places throughout the
+# built documents.
+#
+# The short X.Y version.
+version = '1.0.0'
+# The full version, including alpha/beta/rc tags.
+release = '1.0.0'
+
+# We ask git for the SHA checksum
+# The git SHA checksum is used by "log-a-bug"
+git_cmd = "/usr/bin/git log | head -n1 | cut -f2 -d' '"
+gitsha = os.popen(git_cmd).read().strip('\n')
+# source tree
+pwd = os.popen("pwd").read().strip('\n')
+# html_context allows us to pass arbitrary values into the html template
+html_context = {"pwd": pwd, "gitsha": gitsha}
+
+# The language for content autogenerated by Sphinx. Refer to documentation
+# for a list of supported languages.
+# language = None
+
+# There are two options for replacing |today|: either, you set today to some
+# non-false value, then it is used:
+# today = ''
+# Else, today_fmt is used as the format for a strftime call.
+# today_fmt = '%B %d, %Y'
+
+# List of patterns, relative to source directory, that match files and
+# directories to ignore when looking for source files.
+exclude_patterns = ['common/cli*', 'common/log_in_dashboard.rst']
+
+# The reST default role (used for this markup: `text`) to use for all
+# documents.
+# default_role = None
+
+# If true, '()' will be appended to :func: etc. cross-reference text.
+# add_function_parentheses = True
+
+# If true, the current module name will be prepended to all description
+# unit titles (such as .. function::).
+# add_module_names = True
+
+# If true, sectionauthor and moduleauthor directives will be shown in the
+# output. They are ignored by default.
+# show_authors = False
+
+# The name of the Pygments (syntax highlighting) style to use.
+pygments_style = 'sphinx'
+
+# A list of ignored prefixes for module index sorting.
+# modindex_common_prefix = []
+
+# If true, keep warnings as "system message" paragraphs in the built documents.
+# keep_warnings = False
+
+
+# -- Options for HTML output ----------------------------------------------
+
+# The theme to use for HTML and HTML Help pages. See the documentation for
+# a list of builtin themes.
+html_theme = 'openstackdocs'
+
+# Theme options are theme-specific and customize the look and feel of a theme
+# further. For a list of options available for each theme, see the
+# documentation.
+# html_theme_options = {}
+
+# Add any paths that contain custom themes here, relative to this directory.
+html_theme_path = [openstackdocstheme.get_html_theme_path()]
+
+# The name for this set of Sphinx documents. If None, it defaults to
+# "<project> v<release> documentation".
+# html_title = None
+
+# A shorter title for the navigation bar. Default is the same as html_title.
+# html_short_title = None
+
+# The name of an image file (relative to this directory) to place at the top
+# of the sidebar.
+# html_logo = None
+
+# The name of an image file (within the static path) to use as favicon of the
+# docs. This file should be a Windows icon file (.ico) being 16x16 or 32x32
+# pixels large.
+# html_favicon = None
+
+# Add any paths that contain custom static files (such as style sheets) here,
+# relative to this directory. They are copied after the builtin static files,
+# so a file named "default.css" will overwrite the builtin "default.css".
+# html_static_path = []
+
+# Add any extra paths that contain custom files (such as robots.txt or
+# .htaccess) here, relative to this directory. These files are copied
+# directly to the root of the documentation.
+# html_extra_path = []
+
+# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
+# using the given strftime format.
+# So that we can enable "log-a-bug" links from each output HTML page, this
+# variable must be set to a format that includes year, month, day, hours and
+# minutes.
+html_last_updated_fmt = '%Y-%m-%d %H:%M'
+
+
+# If true, SmartyPants will be used to convert quotes and dashes to
+# typographically correct entities.
+# html_use_smartypants = True
+
+# Custom sidebar templates, maps document names to template names.
+# html_sidebars = {}
+
+# Additional templates that should be rendered to pages, maps page names to
+# template names.
+# html_additional_pages = {}
+
+# If false, no module index is generated.
+# html_domain_indices = True
+
+# If false, no index is generated.
+html_use_index = False
+
+# If true, the index is split into individual pages for each letter.
+# html_split_index = False
+
+# If true, links to the reST sources are added to the pages.
+# This one is needed for "Report a bug".
+# html_show_sourcelink = True
+
+# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
+# html_show_sphinx = True
+
+# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
+# html_show_copyright = True
+
+# If true, an OpenSearch description file will be output, and all pages will
+# contain a <link> tag referring to it. The value of this option must be the
+# base URL from which the finished HTML is served.
+# html_use_opensearch = ''
+
+# This is the file name suffix for HTML files (e.g. ".xhtml").
+# html_file_suffix = None
+
+# Output file base name for HTML help builder.
+htmlhelp_basename = 'admin-guide-cloud'
+
+# If true, publish source files
+# html_copy_source = True
+
+# -- Options for LaTeX output ---------------------------------------------
+
+latex_elements = {
+ # The paper size ('letterpaper' or 'a4paper').
+ # 'papersize': 'letterpaper',
+
+ # The font size ('10pt', '11pt' or '12pt').
+ # 'pointsize': '10pt',
+
+ # Additional stuff for the LaTeX preamble.
+ # 'preamble': '',
+}
+
+# Grouping the document tree into LaTeX files. List of tuples
+# (source start file, target name, title,
+# author, documentclass [howto, manual, or own class]).
+latex_documents = [
+ ('index', 'CloudAdminGuide.tex', u'Cloud Administrator Guide',
+ u'OpenStack contributors', 'manual'),
+]
+
+# The name of an image file (relative to this directory) to place at the top of
+# the title page.
+# latex_logo = None
+
+# For "manual" documents, if this is true, then toplevel headings are parts,
+# not chapters.
+# latex_use_parts = False
+
+# If true, show page references after internal links.
+# latex_show_pagerefs = False
+
+# If true, show URL addresses after external links.
+# latex_show_urls = False
+
+# Documents to append as an appendix to all manuals.
+# latex_appendices = []
+
+# If false, no module index is generated.
+# latex_domain_indices = True
+
+
+# -- Options for manual page output ---------------------------------------
+
+# One entry per manual page. List of tuples
+# (source start file, name, description, authors, manual section).
+man_pages = [
+ ('index', 'cloudadminguide', u'Cloud Administrator Guide',
+ [u'OpenStack contributors'], 1)
+]
+
+# If true, show URL addresses after external links.
+# man_show_urls = False
+
+
+# -- Options for Texinfo output -------------------------------------------
+
+# Grouping the document tree into Texinfo files. List of tuples
+# (source start file, target name, title, author,
+# dir menu entry, description, category)
+texinfo_documents = [
+ ('index', 'CloudAdminGuide', u'Cloud Administrator Guide',
+ u'OpenStack contributors', 'CloudAdminGuide',
+ 'This guide shows OpenStack end users how to create and manage resources '
+ 'in an OpenStack cloud with the OpenStack dashboard and OpenStack client '
+ 'commands.', 'Miscellaneous'),
+]
+
+# Documents to append as an appendix to all manuals.
+# texinfo_appendices = []
+
+# If false, no module index is generated.
+# texinfo_domain_indices = True
+
+# How to display URL addresses: 'footnote', 'no', or 'inline'.
+# texinfo_show_urls = 'footnote'
+
+# If true, do not generate a @detailmenu in the "Top" node's menu.
+# texinfo_no_detailmenu = False
+
+# -- Options for Internationalization output ------------------------------
+locale_dirs = ['locale/']
+
+# -- Options for PDF output --------------------------------------------------
+
+pdf_documents = [
+ ('index', u'CloudAdminGuide', u'Cloud Adminstrator Guide',
+ u'OpenStack contributors')
+]
diff --git a/doc/admin-guide-cloud-rst/source/identity_management.rst b/doc/admin-guide-cloud-rst/source/identity_management.rst
new file mode 100644
index 0000000000..256edf469a
--- /dev/null
+++ b/doc/admin-guide-cloud-rst/source/identity_management.rst
@@ -0,0 +1,341 @@
+===================
+Identity management
+===================
+
+OpenStack Identity, code-named keystone, is the default identity
+management system for OpenStack. After you install Identity, you
+configure it through the :file:`etc/keystone.conf` configuration file and,
+possibly, a separate logging configuration file. You initialize data
+into Identity by using the ``keystone`` command-line client.
+
+Identity concepts
+~~~~~~~~~~~~~~~~~
+
+.. TODO (DC) Convert the following common files and include(?) them under the
+ identity concepts section:
+ /common/section_keystone-concepts-user-management.xml
+ /common/section_keystone-concepts-service-management.xml
+ /common/section_keystone-concepts-group-management.xml
+
+.. TODO (DC) Convert the following common files and include(?) them as
+ sections:
+ /common/section_keystone_certificates-for-pki.xml
+ /common/section_keystone-ssl-config.xml
+ /common/section_keystone-external-auth.xml
+ /common/section_keystone_config_ldap.xml
+ identity/section_keystone-token-binding.xml
+ identity/section_keystone-trusts.xml
+ identity/section_caching-layer.xml
+
+User CRUD
+~~~~~~~~~
+
+Identity provides a user CRUD (Create, Read, Update, and Delete) filter
+that can be added to the ``public_api`` pipeline. The user CRUD filter
+enables users to use a HTTP PATCH to change their own password. To
+enable this extension you should define a :code:`user_crud_extension`
+filter, insert it after the "option:`*_body` middleware and before the
+``public_service`` application in the ``public_api`` WSGI pipeline in
+:file:`keystone-paste.ini`. For example:
+
+.. code-block:: ini
+ :linenos:
+
+ [filter:user_crud_extension]
+ paste.filter_factory = keystone.contrib.user_crud:CrudExtension.factory
+
+ [pipeline:public_api]
+ pipeline = sizelimit url_normalize request_id build_auth_context token_auth admin_token_auth json_body ec2_extension user_crud_extension public_service
+
+Each user can then change their own password with a HTTP PATCH::
+
+ $ curl -X PATCH http://localhost:5000/v2.0/OS-KSCRUD/users/USERID -H "Content-type: application/json" \
+ -H "X_Auth_Token: AUTHTOKENID" -d '{"user": {"password": "ABCD", "original_password": "DCBA"}}'
+
+In addition to changing their password, all current tokens for the user
+are invalidated.
+
+.. note::
+
+ Only use a KVS back end for tokens when testing.
+
+Logging
+~~~~~~~
+
+You configure logging externally to the rest of Identity. The name of
+the file specifying the logging configuration is set using the
+``log_config`` option in the ``[DEFAULT]`` section of the
+:file:`keystone.conf` file. To route logging through syslog, set
+``use_syslog=true`` in the ``[DEFAULT]`` section.
+
+A sample logging configuration file is available with the project in
+:file:`etc/logging.conf.sample`. Like other OpenStack projects, Identity
+uses the Python logging module, which provides extensive configuration
+options that let you define the output levels and formats.
+
+Start the Identity services
+~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+To start the services for Identity, run the following command:
+
+.. code::
+
+ $ keystone-all
+
+This command starts two wsgi.Server instances configured by the
+:file:`keystone.conf` file as described previously. One of these wsgi
+servers is :code:`admin` (the administration API) and the other is :code:`main` (the primary/public API interface). Both run in a single
+process.
+
+Example usage
+~~~~~~~~~~~~~
+
+The ``keystone`` client is set up to expect commands in the general
+form of ``keystone command argument``, followed by flag-like keyword
+arguments to provide additional (often optional) information. For
+example, the :command:`user-list` and :command:`tenant-create`
+commands can be invoked as follows:
+
+.. code-block:: bash
+ :linenos:
+
+ # Using token auth env variables
+ export OS_SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
+ export OS_SERVICE_TOKEN=secrete_token
+ keystone user-list
+ keystone tenant-create --name demo
+
+ # Using token auth flags
+ keystone --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ user-list
+ keystone --os-token secrete --os-endpoint http://127.0.0.1:5000/v2.0/ tenant-create --name=demo
+
+ # Using user + password + project_name env variables
+ export OS_USERNAME=admin
+ export OS_PASSWORD=secrete
+ export OS_PROJECT_NAME=admin
+ openstack user list
+ openstack project create demo
+
+ # Using user + password + project-name flags
+ openstack --os-username admin --os-password secrete --os-project-name admin user list
+ openstack --os-username admin --os-password secrete --os-project-name admin project create demo
+
+Authentication middleware with user name and password
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+You can also configure Identity authentication middleware using the
+:code:`admin_user` and :code:`admin_password` options.
+
+.. note::
+
+ The :code:`admin_token` option is deprecated and no longer used for
+ configuring auth_token middleware.
+
+For services that have a separate paste-deploy :file:`.ini` file, you can
+configure the authentication middleware in the ``[keystone_authtoken]``
+section of the main configuration file, such as :file:`nova.conf`. In
+Compute, for example, you can remove the middleware parameters from
+:file:`api-paste.ini`, as follows:
+
+.. code:: ini
+
+ [filter:authtoken]
+ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+
+.. note::
+
+ Prior to the Juno release, ``the auth_token`` middleware was in
+ ``python-keystoneclient``. The ``filter_factory`` must be set to
+ ``keystoneclient.middleware.auth_token:filter_factory`` in those
+ releases.
+
+And set the following values in :file:`nova.conf` as follows:
+
+.. code:: ini
+
+ [DEFAULT]
+ ...
+ auth_strategy=keystone
+
+ [keystone_authtoken]
+ auth_uri = http://controller:5000/v2.0
+ identity_uri = http://controller:35357
+ admin_user = admin
+ admin_password = SuperSekretPassword
+ admin_tenant_name = service
+
+.. note::
+
+ The middleware parameters in the paste config take priority. You
+ must remove them to use the values in the ``[keystone_authtoken]``
+ section.
+
+.. note::
+
+ Comment out any :code:`auth_host`, :code:`auth_port`, and
+ :code:`auth_protocol` options because the :code:`identity_uri` option
+ replaces them.
+
+This sample paste config filter makes use of the :code:`admin_user` and
+:code:`admin_password` options:
+
+.. code:: ini
+
+ [filter:authtoken]
+ paste.filter_factory = keystonemiddleware.auth_token:filter_factory
+ auth_uri = http://controller:5000/v2.0
+ identity_uri = http://controller:35357
+ auth_token = 012345SECRET99TOKEN012345
+ admin_user = admin
+ admin_password = keystone123
+
+.. note::
+
+ Using this option requires an admin tenant/role relationship. The
+ admin user is granted access to the admin role on the admin tenant.
+
+.. note::
+
+ Comment out any ``auth_host``, ``auth_port``, and
+ ``auth_protocol`` options because the ``identity_uri`` option
+ replaces them.
+
+.. note::
+
+ Prior to the Juno release, the ``auth_token middleware`` was in
+ ``python-keystoneclient``. The ``filter_factory`` must be set to
+ ``keystoneclient.middleware.auth_token:filter_factory`` in those
+ releases.
+
+Identity API protection with role-based access control (RBAC)
+~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+
+Like most OpenStack projects, Identity supports the protection of its
+APIs by defining policy rules based on an RBAC approach. Identity stores
+a reference to a policy JSON file in the main Identity configuration
+file, :file:`keystone.conf`. Typically this file is named ``policy.json``,
+and contains the rules for which roles have access to certain actions
+in defined services.
+
+Each Identity API v3 call has a line in the policy file that dictates
+which level of governance of access applies.
+
+.. code:: ini
+
+ API_NAME: RULE_STATEMENT or MATCH_STATEMENT
+
+Where:
+
+``RULE_STATEMENT`` can contain ``RULE_STATEMENT`` or
+``MATCH_STATEMENT``.
+
+``MATCH_STATEMENT`` is a set of identifiers that must match between the
+token provided by the caller of the API and the parameters or target
+entities of the API call in question. For example:
+
+.. code:: ini
+
+ "identity:create_user": [["role:admin", "domain_id:%(user.domain_id)s"]]
+
+Indicates that to create a user, you must have the admin role in your
+token. The :code:`domain_id` in your token must match the
+:code:`domain_id` in the user object that you are trying
+to create, which implies this must be a domain-scoped token.
+In other words, you must have the admin role on the domain
+in which you are creating the user, and the token that you use
+must be scoped to that domain.
+
+Each component of a match statement uses this format:
+
+.. code:: ini
+
+ ATTRIB_FROM_TOKEN:CONSTANT or ATTRIB_RELATED_TO_API_CALL
+
+The Identity service expects these attributes:
+
+Attributes from token:
+
+- ``user_id``
+- ``domain_id``
+- ``project_id``
+
+The ``project_id`` attribute requirement depends on the scope, and the
+list of roles you have within that scope.
+
+Attributes related to API call:
+
+- ``user.domain_id``
+- Any parameters passed into the API call
+- Any filters specified in the query string
+
+You reference attributes of objects passed with an object.attribute
+syntax (such as, ``user.domain_id``). The target objects of an API are
+also available using a target.object.attribute syntax. For instance:
+
+.. code:: ini
+
+ "identity:delete_user": [["role:admin", "domain_id:%(target.user.domain_id)s"]]
+
+would ensure that Identity only deletes the user object in the same
+domain as the provided token.
+
+Every target object has an ``id`` and a ``name`` available as
+``target.OBJECT.id`` and ``target.OBJECT.name``. Identity retrieves
+other attributes from the database, and the attributes vary between
+object types. The Identity service filters out some database fields,
+such as user passwords.
+
+List of object attributes:
+
+.. code-block:: ini
+ :linenos:
+
+ role:
+ target.role.id
+ target.role.name
+
+ user:
+ target.user.default_project_id
+ target.user.description
+ target.user.domain_id
+ target.user.enabled
+ target.user.id
+ target.user.name
+
+ group:
+ target.group.description
+ target.group.domain_id
+ target.group.id
+ target.group.name
+
+ domain:
+ target.domain.enabled
+ target.domain.id
+ target.domain.name
+
+ project:
+ target.project.description
+ target.project.domain_id
+ target.project.enabled
+ target.project.id
+ target.project.name
+
+The default :file:`policy.json` file supplied provides a somewhat
+basic example of API protection, and does not assume any particular
+use of domains. Refer to :file:`policy.v3cloudsample.json` as an
+example of multi-domain configuration installations where a cloud
+provider wants to delegate administration of the contents of a domain
+to a particular :code:`admin domain`. This example policy file also
+shows the use of an :code:`admin_domain` to allow a cloud provider to
+enable cloud administrators to have wider access across the APIs.
+
+A clean installation could start with the standard policy file, to
+allow creation of the :code:`admin_domain` with the first users within
+it. You could then obtain the :code:`domain_id` of the admin domain,
+paste the ID into a modified version of
+:file:`policy.v3cloudsample.json`, and then enable it as the main
+policy file.
+
+.. TODO (DC) Convert the following file and include(?) it as
+ a section:
+ /common/section_identity-troubleshooting.xml
diff --git a/doc/admin-guide-cloud-rst/source/index.rst b/doc/admin-guide-cloud-rst/source/index.rst
new file mode 100644
index 0000000000..ec8b20fd50
--- /dev/null
+++ b/doc/admin-guide-cloud-rst/source/index.rst
@@ -0,0 +1,31 @@
+===================================
+OpenStack Cloud Administrator Guide
+===================================
+
+Abstract
+~~~~~~~~
+
+OpenStack offers open source software for cloud administrators to manage and troubleshoot an OpenStack cloud.
+
+This guide documents OpenStack Kilo, OpenStack Juno, and OpenStack
+Icehouse releases.
+
+Contents
+~~~~~~~~
+
+.. toctree::
+ :maxdepth: 2
+
+ identity_management.rst
+ common/app_support.rst
+ common/glossary.rst
+
+.. TODO (DC)
+ Add get_started_with_openstack.rst and format the table :/
+ Add preface.rst
+ Add chapter files
+
+Search in this guide
+~~~~~~~~~~~~~~~~~~~~
+
+* :ref:`search`
diff --git a/tools/build-user-guides.sh b/tools/build-user-guides.sh
index 0e77b197d8..711cfc0689 100755
--- a/tools/build-user-guides.sh
+++ b/tools/build-user-guides.sh
@@ -3,3 +3,4 @@
tools/build-rst.sh doc/user-guide --glossary --build build
# No need to build the glossary again here.
tools/build-rst.sh doc/user-guide-admin --build build
+tools/build-rst.sh doc/admin-guide-cloud-rst --build build
diff --git a/tools/publishdocs.sh b/tools/publishdocs.sh
index 679cf39a50..67653b181d 100755
--- a/tools/publishdocs.sh
+++ b/tools/publishdocs.sh
@@ -51,6 +51,12 @@ for guide in user-guide user-guide-admin networking-guide; do
GLOSSARY=""
done
+# Draft guides
+for guide in admin-guide-cloud-rst; do
+ tools/build-rst.sh doc/$guide --build build \
+ --target "draft/$guide"
+done
+
# Build the www pages so that openstack-doc-test creates a link to
# www/www-index.html.
if [ "$PUBLISH" = "build" ] ; then