quantum 配置

本文地址：http://blog.csdn.net/spch2008/article/details/9391675

最近一直跟quantum打交道，对于它的配置文档（api-paste.ini），当然也需要理清。之前了解过了相关paste的使用方法，见Paste 起步

[composite:quantum]
use = egg:Paste#urlmap
/: quantumversions
/v2.0: quantumapi_v2_0

[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0

[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 172.16.4.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = quantum

[filter:extensions]
paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory

[app:quantumversions]
paste.app_factory = quantum.api.versions:Versions.factory

[app:quantumapiapp_v2_0]
paste.app_factory = quantum.api.v2.router:APIRouter.factory

1. 加载APP   

#quantum\service.py  
def _run_wsgi(app_name):
    
    app = config.load_paste_app(app_name)
    if not app:
        LOG.error(_('No known API applications configured.'))
        return
  
    server = wsgi.Server("Quantum")
    server.start(app, cfg.CONF.bind_port, cfg.CONF.bind_host)

    return server

app_name为quantum，此处，加载api-paste.ini中的quantum段，即[composite:quantum]。

使用urlmap匹配路径前缀（path prefix），/v2.0转到quantumapi_v2_0段。

2. quantumapi_v2_0段

[composite:quantumapi_v2_0]
use = call:quantum.auth:pipeline_factory
noauth = extensions quantumapiapp_v2_0
keystone = authtoken keystonecontext extensions quantumapiapp_v2_0

采用quantum.auth中的pipeline_factory函数，并将noauth与keystone作为参数，传入此函数中。

#quantum.auth
def pipeline_factory(loader, global_conf, **local_conf):
    pipeline = local_conf[cfg.CONF.auth_strategy]
    pipeline = pipeline.split()
    filters = [loader.get_filter(n) for n in pipeline[:-1]]
    app = loader.get_app(pipeline[-1])
    filters.reverse()
    for filter in filters:
        app = filter(app)
    return app

local_conf即为配置文件中的noauth， keystone等数据，信息如下：

{'keystone': 'authtoken keystonecontext extensions quantumapiapp_v2_0', 
 'noauth': 'extensions quantumapiapp_v2_0'}

剩下的就是根据配置的验证方式（keystone or noauth）加载每一段，进行包装，当请求到来时候，依次执行每个段的配置信息。

3. authtoken

[filter:authtoken]
paste.filter_factory = keystone.middleware.auth_token:filter_factory
auth_host = 172.16.4.1
auth_port = 35357
auth_protocol = http
admin_tenant_name = service
admin_user = quantum
admin_password = quantum

首先是authtoken，进行身份验证，配置信息是一个 quantum 管理员，用于与keystone进行交互时提供验证信息。quantum管理员向

keystone查询用户提供的token是否有效。

4.keystonecontext

[filter:keystonecontext]
paste.filter_factory = quantum.auth:QuantumKeystoneContext.factory

经过authtoken验证用户token以后，会从keystone数据库获得用户id，tenant_id，以及role等信息，

并将该信息写入请求信息头。当请求信息到达keystonecontext时候，会提取上述信息，存放于context中，

并将context加入请求信息头中，供后续进行权限验证。

 # Create a context with the authentication data
 ctx = context.Context(user_id, tenant_id, roles=roles)

 # Inject the context...
 req.environ['quantum.context'] = ctx

5. extension

[filter:extensions]
paste.filter_factory = quantum.extensions.extensions:plugin_aware_extension_middleware_factory

处理用户提供的扩展功能，前面写过QoS功能开发，就是在这一步，提取请求并执行相应功能。

6.quantumapiapp_v2_0

[app:quantumapiapp_v2_0]
paste.app_factory = quantum.api.v2.router:APIRouter.factory

提供基本功能。例如采用OVS Plugin时，端口、网络功能请求信息就由此段捕获。