quantum 配置

本文地址:http://blog.csdn.net/spch2008/article/details/9391675

最近一直跟quantum打交道,对于它的配置文档(api-paste.ini),当然也需要理清。之前了解过了相关paste的使用方法,见Paste 起步

[composite:quantum]
use = egg:Paste#urlmap
/: quantumversions
/v2.0: quantumapi_v2_0

[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0

[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 172.16.4.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = quantum

[filter:extensions]
paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory

[app:quantumversions]
paste.app_factory = quantum.api.versions:Versions.factory

[app:quantumapiapp_v2_0]
paste.app_factory = quantum.api.v2.router:APIRouter.factory

1. 加载APP   
#quantum\service.py  
def _run_wsgi(app_name):
    
    app = config.load_paste_app(app_name)
    if not app:
        LOG.error(_('No known API applications configured.'))
        return
  
    server = wsgi.Server("Quantum")
    server.start(app, cfg.CONF.bind_port, cfg.CONF.bind_host)

    return server
app_name为quantum,此处,加载api-paste.ini中的quantum段,即[composite:quantum]。

使用urlmap匹配路径前缀(path prefix),/v2.0转到quantumapi_v2_0段。


2. quantumapi_v2_0段

[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0

采用quantum.auth中的pipeline_factory函数,并将noauth与keystone作为参数,传入此函数中。

#quantum.auth
def pipeline_factory(loader, global_conf, **local_conf):
    pipeline = local_conf[cfg.CONF.auth_strategy]
    pipeline = pipeline.split()
    filters = [loader.get_filter(n) for n in pipeline[:-1]]
    app = loader.get_app(pipeline[-1])
    filters.reverse()
    for filter in filters:
        app = filter(app)
    return app
local_conf即为配置文件中的noauth, keystone等数据,信息如下:

{'keystone': 'authtoken keystonecontext extensions quantumapiapp_v2_0', 
 'noauth': 'extensions quantumapiapp_v2_0'}
剩下的就是根据配置的验证方式(keystone or noauth)加载每一段,进行包装,当请求到来时候,依次执行每个段的配置信息。

3. authtoken

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 172.16.4.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = quantum
首先是authtoken,进行身份验证,配置信息是一个 quantum 管理员,用于与keystone进行交互时提供验证信息。quantum管理员向

keystone查询用户提供的token是否有效。


4.keystonecontext

[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory
经过authtoken验证用户token以后,会从keystone数据库获得用户id,tenant_id,以及role等信息,

并将该信息写入请求信息头。当请求信息到达keystonecontext时候,会提取上述信息,存放于context中,

并将context加入请求信息头中,供后续进行权限验证。

 # Create a context with the authentication data
 ctx = context.Context(user_id, tenant_id, roles=roles)

 # Inject the context...
 req.environ['quantum.context'] = ctx

5. extension

[filter:extensions]
paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory
处理用户提供的扩展功能,前面写过QoS功能开发,就是在这一步,提取请求并执行相应功能。

6.quantumapiapp_v2_0

[app:quantumapiapp_v2_0]
paste.app_factory = quantum.api.v2.router:APIRouter.factory
提供基本功能。例如采用OVS Plugin时,端口、网络功能请求信息就由此段捕获。

你可能感兴趣的:(quantum 配置)