quantum 配置
本文地址:http://blog.csdn.net/spch2008/article/details/9391675
最近一直跟quantum打交道,对于它的配置文档(api-paste.ini),当然也需要理清。之前了解过了相关paste的使用方法,见Paste 起步
[composite:quantum] use = egg:Paste#urlmap /: quantumversions /v2.0: quantumapi_v2_0 [composite:quantumapi_v2_0] use = call:quantum.auth:pipeline_factory noauth = extensions quantumapiapp_v2_0 keystone = authtoken keystonecontext extensions quantumapiapp_v2_0 [filter:keystonecontext] paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory [filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_host = 172.16.4.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = quantum admin_password = quantum [filter:extensions] paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory [app:quantumversions] paste.app_factory = quantum.api.versions:Versions.factory [app:quantumapiapp_v2_0] paste.app_factory = quantum.api.v2.router:APIRouter.factory
1. 加载APP
#quantum\service.py
def _run_wsgi(app_name):
app = config.load_paste_app(app_name)
if not app:
LOG.error(_('No known API applications configured.'))
return
server = wsgi.Server("Quantum")
server.start(app, cfg.CONF.bind_port, cfg.CONF.bind_host)
return serverapp_name为quantum,此处,加载api-paste.ini中的quantum段,即[composite:quantum]。
使用urlmap匹配路径前缀(path prefix),/v2.0转到quantumapi_v2_0段。
2. quantumapi_v2_0段
[composite:quantumapi_v2_0] use = call:quantum.auth:pipeline_factory noauth = extensions quantumapiapp_v2_0 keystone = authtoken keystonecontext extensions quantumapiapp_v2_0
采用quantum.auth中的pipeline_factory函数,并将noauth与keystone作为参数,传入此函数中。
#quantum.auth
def pipeline_factory(loader, global_conf, **local_conf):
pipeline = local_conf[cfg.CONF.auth_strategy]
pipeline = pipeline.split()
filters = [loader.get_filter(n) for n in pipeline[:-1]]
app = loader.get_app(pipeline[-1])
filters.reverse()
for filter in filters:
app = filter(app)
return applocal_conf即为配置文件中的noauth, keystone等数据,信息如下:
{'keystone': 'authtoken keystonecontext extensions quantumapiapp_v2_0',
'noauth': 'extensions quantumapiapp_v2_0'}剩下的就是根据配置的验证方式(keystone or noauth)加载每一段,进行包装,当请求到来时候,依次执行每个段的配置信息。
3. authtoken
[filter:authtoken] paste.filter_factory = keystone.middleware.auth_token:filter_factory auth_host = 172.16.4.1 auth_port = 35357 auth_protocol = http admin_tenant_name = service admin_user = quantum admin_password = quantum首先是authtoken,进行身份验证,配置信息是一个 quantum 管理员,用于与keystone进行交互时提供验证信息。quantum管理员向
keystone查询用户提供的token是否有效。
4.keystonecontext
[filter:keystonecontext] paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory经过authtoken验证用户token以后,会从keystone数据库获得用户id,tenant_id,以及role等信息,
并将该信息写入请求信息头。当请求信息到达keystonecontext时候,会提取上述信息,存放于context中,
并将context加入请求信息头中,供后续进行权限验证。
# Create a context with the authentication data ctx = context.Context(user_id, tenant_id, roles=roles) # Inject the context... req.environ['quantum.context'] = ctx
5. extension
[filter:extensions] paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory处理用户提供的扩展功能,前面写过QoS功能开发,就是在这一步,提取请求并执行相应功能。
6.quantumapiapp_v2_0
[app:quantumapiapp_v2_0] paste.app_factory = quantum.api.v2.router:APIRouter.factory提供基本功能。例如采用OVS Plugin时,端口、网络功能请求信息就由此段捕获。