OpenStack API 认证和 API 请求工作流程
来源:互联网 发布:seo牛人 编辑:程序博客网 时间:2024/06/05 20:46
参考:https://developer.openstack.org/zh_CN/api-guide/quick-start/api-quick-start.html#authentication-and-api-request-workflow
认证和 API 请求工作流程¶
- 从云管理员提供的认证服务接入点请求一个认证令牌,以“ref:authenticate”的形式发送一个有效载荷的请求,如果请求成功,服务器将返回一个认证令牌。
- 发送API请求时,令牌信息包含在“X-Auth-Token”的包头中,使用该令牌发送请求,直到请求的服务完成或者Unauthorized (401)错误出现。
- 如果Unauthorized (401)错误出现, 重新申请一个令牌。
该部分的实例使用了cURL命令。关于cURL的信息,请参考http://curl.haxx.se/。关于OpenStack APIs的信息,请参考 当前API 版本。
认证¶
The payload of credentials to authenticate contains these parameters:
在一个运行着认证服务的典型OpenStack环境中,你可以指定你的项目名,用户名和密码进行身份验证。
首先,将你的项目名传递给环境变量``OS_TENANT_NAME``,你的项目域名传递给环境变量``OS_PROJECT_DOMAIN_NAME``,你的用户名传递给环境变量``OS_USERNAME``,你的密码传递给环境变量``OS_PASSWORD``,同时你的用户域名传递给环境变量``OS_USER_DOMAIN_NAME``。
下面例子使用了遵循安装手册安装Ocata。但是,你也可以使用``$OS_AUTH_URL``作为一个环境变量,如果需要改变该URL。
然后,运行cURL命令去请求一个token。
$ curl -v -s -X POST $OS_AUTH_URL/auth/tokens?nocatalog -H "Content-Type: application/json" -d '{ "auth": { "identity": { "methods": ["password"],"password": {"user": {"domain": {"name": "'"$OS_USER_DOMAIN_NAME"'"},"name": "'"$OS_USERNAME"'", "password": "'"$OS_PASSWORD"'"} } }, "scope": { "project": { "domain": { "name": "'"$OS_PROJECT_DOMAIN_NAME"'" }, "name": "'"$OS_PROJECT_NAME"'" } } }}' \| python -m json.tool
如果请求成功是,将会返回``Created (201)``响应码,同时在``X-Subject-Token``响应头中包含着token值。该请求头伴随着一个响应体,包含一个``token``类型的对象,该对象包含token过期日期和时间,以``”expires_at”:”datetime”``的形式,还包含其它属性。
下面的例子展示了一个成功的响应:
* Trying 192.168.56.101...* Connected to controller (192.168.56.101) port 5000 (#0)> POST /v3/auth/tokens?nocatalog HTTP/1.1> Host: controller:5000> User-Agent: curl/7.47.0> Accept: */*> Content-Type: application/json> Content-Length: 226>} [226 bytes data]* upload completely sent off: 226 out of 226 bytes< HTTP/1.1 201 Created< Date: Fri, 26 May 2017 06:48:58 GMT< Server: Apache/2.4.18 (Ubuntu)< X-Subject-Token: gAAAAABZJ8_a7aiq1SnOhbNw8vFb5WZChcvWdzzUAFzhiB99BHrjdSGai--_-JstU3WazsFXmRHNbD07qOQKTp5Sen2R_b9csaDkU49VXqSaJ0jh2nAlwJkys8aazz2oa3xSeUVe3Ndv_HRiW23-iWTr6jquK_AXdhRX7nvM4lmVTrxXFpelnJQ< Vary: X-Auth-Token< X-Distribution: Ubuntu< x-openstack-request-id: req-0e9239ec-104b-40e0-a337-dca91fb24387< Content-Length: 521< Content-Type: application/json<{ [521 bytes data]* Connection #0 to host controller left intact{ "token": { "audit_ids": [ "HOGlhnMFT52xY7PjbuJZlA" ], "expires_at": "2017-05-26T07:48:58.000000Z", "is_domain": false, "issued_at": "2017-05-26T06:48:58.000000Z", "methods": [ "password" ], "project": { "domain": { "id": "default", "name": "Default" }, "id": "05ef0bf2a79c42b2b8155873b6404061", "name": "demo" }, "roles": [ { "id": "b18239b7026042ef8695c3c4cf10607b", "name": "user" } ], "user": { "domain": { "id": "default", "name": "Default" }, "id": "12846256e60c42f88d0e1ba9711a57f5", "name": "demo", "password_expires_at": null } }}
在上面的请求中,``nocatalog``请求字符串用于当你想要获取一个token,同时并不想要服务目录(如果对于当前用户来说可用)使输出结果混乱时。如果一个用户项目要获取服务目录,该请求字符串不需要添加到URL中。
发送 API 请求¶
这部分内容展示了如何调用一些基本的计算服务API,对于一个完整的计算API函数列表,请见`Compute API <https://developer.openstack.org/api-ref/compute/>`__。
将token ID传递给环境变量“OS_TOKEN”,例如:
export OS_TOKEN=gAAAAABZJ8_a7aiq1SnOhbNw8vFb5WZChcvWdzzUAFzhiB99BHrjdSGai--_-JstU3WazsFXmRHNbD07qOQKTp5Sen2R_b9csaDkU49VXqSaJ0jh2nAlwJkys8aazz2oa3xSeUVe3Ndv_HRiW23-iWTr6jquK_AXdhRX7nvM4lmVTrxXFpelnJQ
token的默认有效时间为1小时,尽管可以被设置为不同的值。可参考`认证服务设置<https://docs.openstack.org/newton/config-reference/identity/options.html#keystone-token>`__ 章节中``token配置选项描述`` 部分 ``expiration``相关配置。
将项目名传递给环境变量``OS_PROJECT_NAME``,例如:
export OS_PROJECT_NAME=demo
之后,可以使用计算服务API来列出所有的云主机类型,使用如下所示的包含在你项目ID中的flavor来替换计算API端点
$ curl -s -H "X-Auth-Token: $OS_TOKEN" \ $OS_COMPUTE_API/flavors \ | python -m json.tool
{ "flavors": [ { "id": "1", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/1", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/1", "rel": "bookmark" } ], "name": "m1.tiny" }, { "id": "2", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/2", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/2", "rel": "bookmark" } ], "name": "m1.small" }, { "id": "3", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/3", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/3", "rel": "bookmark" } ], "name": "m1.medium" }, { "id": "4", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/4", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/4", "rel": "bookmark" } ], "name": "m1.large" }, { "id": "5", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/flavors/5", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/flavors/5", "rel": "bookmark" } ], "name": "m1.xlarge" } ]}
从令牌中导出$OS_PROJECT_ID,然后基于计算服务API来列出所有镜像
$ curl -s -H "X-Auth-Token: $OS_TOKEN" \ http://8.21.28.222:8774/v2/$OS_PROJECT_ID/images \ | python -m json.tool
{ "images": [ { "id": "2dadcc7b-3690-4a1d-97ce-011c55426477", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/2dadcc7b-3690-4a1d-97ce-011c55426477", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/2dadcc7b-3690-4a1d-97ce-011c55426477", "rel": "bookmark" }, { "href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/2dadcc7b-3690-4a1d-97ce-011c55426477", "type": "application/vnd.openstack.image", "rel": "alternate" } ], "name": "Fedora 21 x86_64" }, { "id": "cfba3478-8645-4bc8-97e8-707b9f41b14e", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/cfba3478-8645-4bc8-97e8-707b9f41b14e", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/cfba3478-8645-4bc8-97e8-707b9f41b14e", "rel": "bookmark" }, { "href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/cfba3478-8645-4bc8-97e8-707b9f41b14e", "type": "application/vnd.openstack.image", "rel": "alternate" } ], "name": "Ubuntu 14.04 amd64" }, { "id": "2e4c08a9-0ecd-4541-8a45-838479a88552", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/2e4c08a9-0ecd-4541-8a45-838479a88552", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/2e4c08a9-0ecd-4541-8a45-838479a88552", "rel": "bookmark" }, { "href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/2e4c08a9-0ecd-4541-8a45-838479a88552", "type": "application/vnd.openstack.image", "rel": "alternate" } ], "name": "CentOS 7 x86_64" }, { "id": "c8dd9096-60c1-4e23-a486-82955481df9f", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/c8dd9096-60c1-4e23-a486-82955481df9f", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/c8dd9096-60c1-4e23-a486-82955481df9f", "rel": "bookmark" }, { "href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/c8dd9096-60c1-4e23-a486-82955481df9f", "type": "application/vnd.openstack.image", "rel": "alternate" } ], "name": "CentOS 6.5 x86_64" }, { "id": "f97b8d36-935e-4666-9c58-8a0afc6d3796", "links": [ { "href": "http://8.21.28.222:8774/v2/f9828a18c6484624b571e85728780ba8/images/f97b8d36-935e-4666-9c58-8a0afc6d3796", "rel": "self" }, { "href": "http://8.21.28.222:8774/f9828a18c6484624b571e85728780ba8/images/f97b8d36-935e-4666-9c58-8a0afc6d3796", "rel": "bookmark" }, { "href": "http://8.21.28.222:9292/f9828a18c6484624b571e85728780ba8/images/f97b8d36-935e-4666-9c58-8a0afc6d3796", "type": "application/vnd.openstack.image", "rel": "alternate" } ], "name": "Fedora 20 x86_64" } ]}
从令牌中导出$OS_PROJECT_ID,然后基于计算服务API来列出所有服务器
$ curl -s -H "X-Auth-Token: $OS_TOKEN" \ http://8.21.28.222:8774/v2/$OS_PROJECT_ID/servers \ | python -m json.tool
{ "servers": [ { "id": "41551256-abd6-402c-835b-e87e559b2249", "links": [ { "href": "http://8.21.28.222:8774/v2/f8828a18c6484624b571e85728780ba8/servers/41551256-abd6-402c-835b-e87e559b2249", "rel": "self" }, { "href": "http://8.21.28.222:8774/f8828a18c6484624b571e85728780ba8/servers/41551256-abd6-402c-835b-e87e559b2249", "rel": "bookmark" } ], "name": "test-server" } ]}
- OpenStack API 认证和 API 请求工作流程
- Openstack Keystone 认证流程(七)--API 及 Driver
- 请求处理流程和API组件
- Openstack Nova API服务流程
- openstack nova-api启动流程
- openstack之nova-api服务流程分析
- openstack之nova-api服务流程分析
- openstack nova-api 服务流程介绍
- openstack-nova-API解析流程分析
- openstack API
- openstack API
- Openstack API
- Yii2 API认证和授权
- Rest API: 基本认证和摘要认证
- openstack核心路由和扩展路由及路由对应的api函数调用流程分析
- openstack核心路由和扩展路由及路由对应的api函数调用流程分析
- Liberty nova-api HTTP请求执行流程
- 如何开始使用OpenStack命令行和API
- Druid 配置
- 数组
- BZOJ4537[HNOI2016]最小公倍数
- 定义一个图形类及其子类(三角形类和矩形类),分别计算其面积和周长。
- Pig join cogroup 介绍
- OpenStack API 认证和 API 请求工作流程
- linux环境mysql5.7.20安装
- sql server 在存储过程中使用事物
- 能装机,能在无光驱的实机稳定启动的reactos版本
- 5.1 二叉树的顺序存储实验
- 公专星沙考场科目三考试考前相关注意事项
- 华为研发工程师编程题3
- 用选择法对10个数由小到大排序
- 认证鉴权与API权限控制在微服务架构中的设计与实现(一)