立志把F、G、H版本的keystone工作原理及区别都整理一下,网上分析keystone核心对象及其意义的文章已经很多了,我就不赘述了。
核心对象列表
user:一个使用openstack云服务的人、系统或者服务。
project:租户,一个人或者组织,直接和虚拟机、卷等资源关联。
role:用户角色,和policy配合使用。
token:一个通过keystone验证的用户标识,它的范围与user+project或者user+domain关联,根据获取的token的方式来区分。
service:compute,image,identity,volume,network。
endpoint:service的网络接入地址,具有region属性。
domain:类似命名空间,解决v2 API用户名和租户名只能全局唯一的问题。
group:用户的集合,便于给用户整体授予和取消权限
policy:对于服务的操作规则,和角色相关,可以定义哪个角色可以进行哪些操作(v3版本只增加了crud操作,没有逻辑实现替代policy.json的功能)
trust:一个用户可以通过trust将自己的role和个人信息转交给另一个用户使用
先看下keystoneClient吧!
获得token的请求:curl -i http://localhost:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "User-Agent: python-keystoneclient"
响应结果:
{
"access": { "token": { "expires": "2013-08-06T08:14:29Z", "id": "636bb1fd4f5b4ec1b9f1be668a9a7e75", "tenant": { "enabled": true, "description": null, "name": "admin", "id": "5dd12337fcaf45a99269053caa8549f2" } }, "serviceCatalog": [#Catalog实现template { "endpoints": [ { "adminURL": "http://10.120.34.51:9292", "region": "RegionOne", "internalURL": "http://10.120.34.51:9292", "id": "68e3b6105ae14829bbee65fd8d72e190", "publicURL": "http://10.120.34.51:9292" } ], "endpoints_links": [ ], "type": "image", "name": "glance" #可以访问的资源列表。 }, { "endpoints": [ { "adminURL": "http://10.120.34.51:8774/v2/5dd12337fcaf45a99269053caa8549f2", "region": "RegionOne", "internalURL": "http://10.120.34.51:8774/v2/5dd12337fcaf45a99269053caa8549f2", "id": "3770102afa3b42eeb0937efac7a8a49e", "publicURL": "http://10.120.34.51:8774/v2/5dd12337fcaf45a99269053caa8549f2" } ], "endpoints_links": [ ], "type": "compute", "name": "nova" }, { "endpoints": [ { "adminURL": "http://10.120.34.51:8773/services/Admin", "region": "RegionOne", "internalURL": "http://10.120.34.51:8773/services/Cloud", "id": "c1379aa288e04509bfaa94235a50b05d", "publicURL": "http://10.120.34.51:8773/services/Cloud" } ], "endpoints_links": [ ], "type": "ec2", "name": "ec2" }, { "endpoints": [ { "adminURL": "http://10.120.34.51:35357/v2.0", "region": "RegionOne", "internalURL": "http://10.120.34.51:5000/v2.0", "id": "6e66aea94bac486a8331758e00b48c63", "publicURL": "http://10.120.34.51:5000/v2.0" } ], "endpoints_links": [ ], "type": "identity", "name": "keystone" } ], "user": { "username": "admin", "roles_links": [ ], "id": "0e08fcb9b05f4d84beab287dcc2610e4", "roles": [ { "name": "KeystoneServiceAdmin" }, { "name": "admin" }, { "name": "KeystoneAdmin" } ], "name": "admin" }, "metadata": { "is_admin": 0, "roles": [ "2b8526ef51584c989ab16e235d5eb9db", "b35cfa3e75f24145808f3f3e5898d9b1", "0ea7efdc0b204fcbab3b4bff2f9c014b" ] } }
}
catalog
