標籤:

OpenStack學習之keystone源碼學習(二十)

07-11
OpenStack學習之keystone源碼學習(二十)

由於我在身份管理行業摸爬滾打多年,所以對於認證和授權相關的內容特別有感情。keystone作為openstack中的認證授權模塊,所以先選擇對keystone源碼進行學習。

在學習源碼的過程中一個好的工具是非常重要的,我這裡使用的是PyCharm,是一款非常優秀的編程工具。首先從git上下載keystone源碼(這裡使用的是pike版本)。下載後的代碼結構如下圖:

由於我們剛開始學習,所以我們從關鍵的兩個配置文件開始,以了解一個http請求如何響應處理的。這兩個配置文件是setup.cfg和etc/keystone-paste.ini。

1、setup.cfg是keystone的基礎配置文件,包括程序入口、默認配置都在這裡定義。在這個配置文件中有一個參數console_scripts,定義的就是keystone程序的入口代碼:

[entry_points]console_scripts = keystone-manage = keystone.cmd.manage:main

參數paste.filter_factory定義了keystone中http請求的各種過濾器定義:

paste.filter_factory = healthcheck = oslo_middleware:Healthcheck.factory cors = oslo_middleware:CORS.factory sizelimit = oslo_middleware:RequestBodySizeLimiter.factory http_proxy_to_wsgi = oslo_middleware:HTTPProxyToWSGI.factory osprofiler = osprofiler.web:WsgiMiddleware.factory url_normalize = keystone.middleware:NormalizingFilter.factory request_id = oslo_middleware:RequestId.factory build_auth_context = keystone.middleware:AuthContextMiddleware.factory token_auth = keystone.middleware:TokenAuthMiddleware.factory json_body = keystone.middleware:JsonBodyMiddleware.factory debug = oslo_middleware:Debug.factory ec2_extension = keystone.contrib.ec2:Ec2Extension.factory ec2_extension_v3 = keystone.contrib.ec2:Ec2ExtensionV3.factory s3_extension = keystone.contrib.s3:S3Extension.factory

參數paste.app_factory將keystone接收到的請求轉發到具體的模塊中進行處理(通過controller進行處理,後續會講)。

paste.app_factory = admin_service = keystone.version.service:admin_app_factory admin_version_service = keystone.version.service:admin_version_app_factory public_service = keystone.version.service:public_app_factory public_version_service = keystone.version.service:public_version_app_factory service_v3 = keystone.version.service:v3_app_factory

2、etc/keystone-paste.ini是另一個重要配置文件,它由composite、pipeline、app和filter關鍵字定義的模塊組成。

其中composite中定義了用戶請求url中包含的字元串和pipeline中的關鍵字關係:

[composite:main]use = egg:Paste#urlmap/v2.0 = public_api/v3 = api_v3/ = public_version_api[composite:admin]use = egg:Paste#urlmap/v2.0 = admin_api/v3 = api_v3/ = admin_version_api

pipeline中定義了與filter和app之間的關係,每一個pipeline最後一個字元串標識了對應的app,其他都是依次執行的filter:

[pipeline:public_api]# The last item in this pipeline must be public_service or an equivalent# application. It cannot be a filter.pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension public_service[pipeline:admin_api]# The last item in this pipeline must be admin_service or an equivalent# application. It cannot be a filter.pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension s3_extension admin_service[pipeline:api_v3]# The last item in this pipeline must be service_v3 or an equivalent# application. It cannot be a filter.pipeline = healthcheck cors sizelimit http_proxy_to_wsgi osprofiler url_normalize request_id build_auth_context token_auth json_body ec2_extension_v3 s3_extension service_v3

filter中定義了http請求需要經過什麼預先處理才能交給具體的app處理:

[filter:build_auth_context]use = egg:keystone#build_auth_context[filter:token_auth]use = egg:keystone#token_auth[filter:json_body]use = egg:keystone#json_body

app中定義了具體使用什麼類去完成相應的業務功能:

[app:public_service]use = egg:keystone#public_service[app:service_v3]use = egg:keystone#service_v3[app:admin_service]use = egg:keystone#admin_service

然後,可以根據app中定義的特殊關鍵字到setup.cfg文件中paste.app_factory中定義的內容找到對應的類實現,根據filter中定義的特殊關鍵字到setup.cfg文件中paste.filter_factory中定義的內容找到對應的類實現。根據上面的關係梳理成如下圖:

根據上圖中setup.cfg指定的類去查看具體實現。

推薦閱讀:

openstack未來發展前景怎樣?
openstack與KVM的關係?
浪潮劉曉欣:2018 OpenStack的三大關鍵詞
T2Cloud帶你360度玩轉2017OpenStack Summit
OpenStack大規模部署優化之二:穩態優化

TAG:OpenStack | 開源 |