Openstack Keystone 认证流程(二)--门
2015-02-09 15:03
295 查看
千里之行, 始于足下
Linus 大师有名名言:talk is cheap show me the code这里我们借用一下大师的风格, 从代码开始。
代码版本: keystone-2013.2.1
1. 认证API及结果
对于Openstack来说, 执行任何命令的第一件事, 就是进行认证。我们可以先看看认证是怎么进行的。
以下命令摘自:OpenStack API Quick Start
$ curl -s -X POST http://8.21.28.222:5000/v2.0/tokens \ -H "Content-Type: application/json" \ -d '{"auth": {"tenantName": "'"$OS_TENANT_NAME"'", "passwordCredentials": {"username": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"}}}' \ | python -m json.tool
如果命令成功,返回的HTTP的状态就会被置为 200 OK, 并且返回下面的json内容
{ "access": { "metadata": { "is_admin": 0, "roles": [ "9fe2ff9ee4384b1894a90878d3e92bab" ] }, "serviceCatalog": [ { "endpoints": [ { "adminURL": "http://10.100.0.222:8774/v2/TENANT_ID", "id": "0eb78b6d3f644438aea327d9c57b7b5a", "internalURL": "http://10.100.0.222:8774/v2/TENANT_ID", "publicURL": "http://8.21.28.222:8774/v2/TENANT_ID", "region": "RegionOne" } ], "endpoints_links": [], "name": "nova", "type": "compute" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:9696/", "id": "3f4b6015a2f9481481ca03dace8acf32", "internalURL": "http://10.100.0.222:9696/", "publicURL": "http://8.21.28.222:9696/", "region": "RegionOne" } ], "endpoints_links": [], "name": "neutron", "type": "network" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8776/v2/TENANT_ID", "id": "16f6416588f64946bdcdf4a431a8f252", "internalURL": "http://10.100.0.222:8776/v2/TENANT_ID", "publicURL": "http://8.21.28.222:8776/v2/TENANT_ID", "region": "RegionOne" } ], "endpoints_links": [], "name": "cinder_v2", "type": "volumev2" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8779/v1.0/TENANT_ID", "id": "be48765ae31e425cb06036b1ebab694a", "internalURL": "http://10.100.0.222:8779/v1.0/TENANT_ID", "publicURL": "http://8.21.28.222:8779/v1.0/TENANT_ID", "region": "RegionOne" } ], "endpoints_links": [], "name": "trove", "type": "database" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:9292", "id": "1adfcb5414304f3596fb81edb2dfb514", "internalURL": "http://10.100.0.222:9292", "publicURL": "http://8.21.28.222:9292", "region": "RegionOne" } ], "endpoints_links": [], "name": "glance", "type": "image" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8774/v3", "id": "14187733d29845e5993d9b4e0f2df4fc", "internalURL": "http://10.100.0.222:8774/v3", "publicURL": "http://8.21.28.222:8774/v3", "region": "RegionOne" } ], "endpoints_links": [], "name": "novav3", "type": "computev3" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8777", "id": "350f3b91d73f4b3ab8a061c94ac31fbb", "internalURL": "http://10.100.0.222:8777", "publicURL": "http://8.21.28.222:8777", "region": "RegionOne" } ], "endpoints_links": [], "name": "ceilometer", "type": "metering" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8000/v1/", "id": "2198b0d32a604e75a5cc1e13276a813d", "internalURL": "http://10.100.0.222:8000/v1/", "publicURL": "http://8.21.28.222:8000/v1/", "region": "RegionOne" } ], "endpoints_links": [], "name": "heat-cfn", "type": "cloudformation" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8776/v1/TENANT_ID", "id": "7c193c4683d849ca8e8db493722a4d8c", "internalURL": "http://10.100.0.222:8776/v1/TENANT_ID", "publicURL": "http://8.21.28.222:8776/v1/TENANT_ID", "region": "RegionOne" } ], "endpoints_links": [], "name": "cinder", "type": "volume" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8773/services/Admin", "id": "11fac8254be74d7d906110f0069e5748", "internalURL": "http://10.100.0.222:8773/services/Cloud", "publicURL": "http://8.21.28.222:8773/services/Cloud", "region": "RegionOne" } ], "endpoints_links": [], "name": "nova_ec2", "type": "ec2" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:8004/v1/TENANT_ID", "id": "38fa4f9afce34d4ca0f5e0f90fd758dd", "internalURL": "http://10.100.0.222:8004/v1/TENANT_ID", "publicURL": "http://8.21.28.222:8004/v1/TENANT_ID", "region": "RegionOne" } ], "endpoints_links": [], "name": "heat", "type": "orchestration" }, { "endpoints": [ { "adminURL": "http://10.100.0.222:35357/v2.0", "id": "256cdf78ecb04051bf0f57ec11070222", "internalURL": "http://10.100.0.222:5000/v2.0", "publicURL": "http://8.21.28.222:5000/v2.0", "region": "RegionOne" } ], "endpoints_links": [], "name": "keystone", "type": "identity" } ], "token": { "audit_ids": [ "gsjrNoqFSQeuLUo0QeJprQ" ], "expires": "2014-12-15T15:09:29Z", "id": "TOKEN_ID", "issued_at": "2014-12-15T14:09:29.794527", "tenant": { "description": "Auto created account", "enabled": true, "id": "TENANT_ID", "name": "USERNAME" } }, "user": { "id": "USER_ID", "name": "USERNAME", "roles": [ { "name": "_member_" } ], "roles_links": [], "username": "USERNAME" } } }
由以上的结果可知,Keystone是基于Http RESTful风格的API接口。既然如此, 它就应该有一个WEB服务器,以及相关的应用程序。
2. 代码入口
接下来, 找到WEB服务器所对应的代码。首先使用
openstack-service list来找到Keystone对应的服务名称
$ openstack-service list | grep keystone openstack-keystone
然后打开服务文件,可以得到以下内容, 我们就找到了服务的入口文件keystone-all
$ cat /usr/lib/systemd/system/openstack-keystone.service [Unit] Description=OpenStack Identity Service (code-named Keystone) After=syslog.target network.target [Service] Type=notify NotifyAccess=all Restart=always User=keystone ExecStart=/usr/bin/keystone-all [Install] WantedBy=multi-user.target
在Keystone的源代码目录结构中, 在bin下, 可以找到keystone-all。
打开keystone-all, 就可以找到创建服务器的代码
servers = [] servers.append(create_server(paste_config, 'admin', CONF.bind_host, int(CONF.admin_port))) servers.append(create_server(paste_config, 'main', CONF.bind_host, int(CONF.public_port))) serve(*servers)
相关文章推荐
- Openstack Keystone 认证流程(四)--Filter流水线
- Openstack Keystone 认证流程(七)--API 及 Driver
- Openstack Keystone 认证流程(八)--总结
- Openstack Keystone 认证流程(五)--路由
- Openstack组件部署 — Keystone功能介绍与认证实现流程
- Openstack Keystone 认证流程(一)--Overview
- juno版OpenStack部署流程--添加认证服务(keystone)(2)
- Openstack Keystone 认证流程(三)-WSGI
- Openstack Keystone 认证流程(六)--认证
- OpenStack点滴积累2--KeyStone的认证流程
- Openstack组件 — Keystone认证功能实现原理
- openstack keystone认证失败
- 理解OpenStack认证:Keystone PKI
- Openstack组件实现原理 — Keystone认证功能
- OpenStack 认证服务 KeyStone部署(三)
- 理解OpenStack认证:Keystone PKI
- CentOS 6.5 Openstack Icehouse 安装指南 -3 身份认证 keystone
- openstack身份认证与API请求流程
- openstack创建虚拟机keystone流程中文图
- OpenStack 认证服务 KeyStone [二]