openstack身份认证与API请求流程

一、概况

1. 请求认证token时,需发送的认证信息包括:

openstack身份认证与API请求流程

2. 如果认证成功,会获得认证token

3. 在发送的API请求中将认证token填入X-Auth-Token字段。可以一直使用这个认证token发送API请求,直到任务完成或出现401非认证错误。

4. 如果出现401非认证错误,可以重新请求一个认证token。

 

二、详细流程举例

说明:以下例子会使用到cURL( http://curl.haxx.se/)和OpenStack APIs( http://developer.openstack.org/api-ref.html)

1、认证过程

使用如下命令请求认证token:

$ curl -i http://127.0.0.1:5000/v2.0/tokens -X POST -H "Content-Type: application/json" -H "Accept: application/json"  -d {"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "secretsecret"}}}

 

如果认证成功,将获得200 OK响应报文,其中响应body包含了一个token和过期时间,前者格式为"id":"token",后者格式为"expires":"datetime"。详细情况如下:

HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 5858
Date: Wed, 06 Nov 2013 20:06:24 GMT
{
    "access": {
        "token": {
            "issued_at": "2013-11-06T20:06:24.113908",
            "expires": "2013-11-07T20:06:24Z",
            "id": "{token}",
            "tenant": {
                "description": null,
                "enabled": true,
                "id": "604bbe45ac7143a79e14f3158df67091",
                "name": "admin"
            }
        },
        "serviceCatalog": [
            {
                "endpoints": [
                    {
                        "adminURL": "http://166.78.21.23:8774/v2/604bbe45ac7143a79e14f3158df67091",
                        "region": "RegionOne",
                        "internalURL": "http://166.78.21.23:8774/v2/604bbe45ac7143a79e14f3158df67091",
                        "id": "9851cb538ce04283b770820acc24e898",
                        "publicURL": "http://166.78.21.23:8774/v2/604bbe45ac7143a79e14f3158df67091"
                    }
                ],
                "endpoints_links": [],
                "type": "compute",
                "name": "nova"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://166.78.21.23:3333",
                        "region": "RegionOne",
                        "internalURL": "http://166.78.21.23:3333",
                        "id": "0bee9a113d294dda86fc23ac22dce1e3",
                        "publicURL": "http://166.78.21.23:3333"
                    }
                ],
                "endpoints_links": [],
                "type": "s3",
                "name": "s3"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://166.78.21.23:9292",
                        "region": "RegionOne",
                        "internalURL": "http://166.78.21.23:9292",
                        "id": "4b6e9ece7e25479a8f7bb07eb58845af",
                        "publicURL": "http://166.78.21.23:9292"
                    }
                ],
                "endpoints_links": [],
                "type": "image",
                "name": "glance"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://166.78.21.23:8776/v1/604bbe45ac7143a79e14f3158df67091",
                        "region": "RegionOne",
                        "internalURL": "http://166.78.21.23:8776/v1/604bbe45ac7143a79e14f3158df67091",
                        "id": "221a2df63537400e929c0ce7184c5d68",
                        "publicURL": "http://166.78.21.23:8776/v1/604bbe45ac7143a79e14f3158df67091"
                    }
                ],
                "endpoints_links": [],
                "type": "volume",
                "name": "cinder"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://166.78.21.23:8773/services/Admin",
                        "region": "RegionOne",
                        "internalURL": "http://166.78.21.23:8773/services/Cloud",
                        "id": "356f334fdb7045f7a35b0eebe26fca53",
                        "publicURL": "http://166.78.21.23:8773/services/Cloud"
                    }
                ],
                "endpoints_links": [],
                "type": "ec2",
                "name": "ec2"
            },
            {
                "endpoints": [
                    {
                        "adminURL": "http://166.78.21.23:35357/v2.0",
                        "region": "RegionOne",
                        "internalURL": "http://166.78.21.23:5000/v2.0",
                        "id": "10f3816574c14a5eb3d455b8a72dc9b0",
                        "publicURL": "http://166.78.21.23:5000/v2.0"
                    }
                ],
                "endpoints_links": [],
                "type": "identity",
                "name": "keystone"
            }
        ],
        "user": {
            "username": "admin",
            "roles_links": [],
            "id": "3273a50d6cfb4a2ebc75e83cb86e1554",
            "roles": [
                {
                    "name": "admin"
                }
            ],
            "name": "admin"
        },
        "metadata": {
            "is_admin": 0,
            "roles": [
                "b0d525aa42784ee0a3df1730aabdcecd"
            ]
        }
    }
}

 

2、发送API请求过程

说明:以下使用 Identity API (http://developer.openstack.org/api-ref-identity-v3.html)和Compute API (http://developer.openstack.org/api-ref-compute-v2.html)的请求举例。

2.1 使用Identity API 请求tenants list,如下:

$ curl -i -X GET http://166.78.21.23:35357/v2.0/tenants -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: token"
结果内容:
{
"tenants_links": [], "tenants": [ { "description": null, "enabled": true, "id": "3eddf34c2f814bd5bc50a382f8fba1c6", "name": "demo" }, { "description": null, "enabled": true, "id": "604bbe45ac7143a79e14f3158df67091", "name": "admin" }, { "description": null, "enabled": true, "id": "78323d3574e6421b98fe5894475c69fe", "name": "service" }, { "description": null, "enabled": true, "id": "da73856734d84ec29958b048d8708d82", "name": "invisible_to_admin" }, { "description": null, "enabled": true, "id": "ee30a93eaade41acbcf210780dd7a0ba", "name": "alt_demo" } ] }

 

2.2 使用Compute API 请求servers list,如下:

$ curl -v -H "X-Auth-Token:token" http://208.123.85.197:8774/v2/tenant_id/servers
结果内容:
{
"server": { "adminPass": "MVk5HPrazHcG", "id": "5bbcc3c4-1da2-4437-a48a-66f15b1b13f9", "links": [ { "href": "http://openstack.example.com/v2/openstack/servers/5bbcc3c4-1da2-4437-a48a-66f15b1b13f9", "rel": "self" }, { "href": "http://openstack.example.com/openstack/servers/5bbcc3c4-1da2-4437-a48a-66f15b1b13f9", "rel": "bookmark" } ] } }

 

三、详细流程图

openstack身份认证与API请求流程

如果给出tenant直接从以下步骤开始:

openstack身份认证与API请求流程

openstack身份认证与API请求流程

openstack身份认证与API请求流程

openstack身份认证与API请求流程

openstack身份认证与API请求流程

参考文章:

http://docs.openstack.org/api/quick-start/content/index.html#authenticate

http://docs.openstack.org/icehouse/install-guide/install/yum/content/keystone-concepts.html

 

openstack身份认证与API请求流程

上一篇:C#垃圾回收机制


下一篇:C#==>匿名方法