测试 keystone v3 接口

前言

之前 TT 在 keystone v3 新特性中 介绍了 keystone V3 中的一部分新功能,但是没有体验过,这次使用 devstack 来体验一番。

用 devstack 搭环境

使用 Mitaka 版本(2016-04-22) devstack 搭建 OpenStack 开发环境,在这个版本中 devstack 建议的 keystone API 版本还是 2.0。

从 localrc 中默认设置的环境变量中可以看出:

# Authenticating against an OpenStack cloud using Keystone returns a **Token**
# and **Service Catalog**.  The catalog contains the endpoints for all services
# the user/project has access to - including nova, glance, keystone, swift, ...
# We currently recommend using the 2.0 *identity api*.
#
export OS_AUTH_URL=$KEYSTONE_AUTH_PROTOCOL://$KEYSTONE_AUTH_HOST:5000/v${OS_IDENTITY_API_VERSION}

要使用最新的 V3 接口,可以使用 userrc_early,文件内容:

export OS_IDENTITY_API_VERSION=3
export OS_AUTH_URL=http://10.1.1.1:35357
export OS_USERNAME=admin
export OS_USER_DOMAIN_ID=default
export OS_PASSWORD=password
export OS_PROJECT_NAME=admin
export OS_PROJECT_DOMAIN_ID=default
export OS_REGION_NAME=RegionOne
$ cd devstack
$ source userrc_early 

userrc_early 和 openrc 的区别在于:

1. OS_IDENTITY_API_VERSION=3
2. OS_AUTH_URL=http://10.1.1.1:35357  # 后面不带 /v2.0

只有这两参数设置正确才能使用 keystone v3 接口,否则会出现如下错误:

$ openstack service list
DiscoveryFailure: Could not determine a suitable URL for the plugin

测试

$ openstack domain list
+---------+---------+---------+------------------------------------------------+
| ID      | Name    | Enabled | Description                                    |
+---------+---------+---------+------------------------------------------------+
| default | Default | True    | Owns users aaaand projects on Identity API v2. |
+---------+---------+---------+------------------------------------------------+
$ openstack endpoint list
+----------------------------------+-----------+--------------+----------------+---------+-----------+------------------------------------------------+
| ID                               | Region    | Service Name | Service Type   | Enabled | Interface | URL                                            |
+----------------------------------+-----------+--------------+----------------+---------+-----------+------------------------------------------------+
| 056a515fdee5472894088159bf867fe2 | RegionOne | nova         | compute        | True    | public    | http://10.166.224.47/compute/v2.1              |
| 0fb1c2588f8644bc9c4d2d2b3a355722 | RegionOne | neutron      | network        | True    | internal  | http://10.166.224.47:9696/                     |
| 2103a7829edf4d74b193f6b5782ef266 | RegionOne | glance       | image          | True    | internal  | http://10.166.224.47:9292                      |
| 39095be5f11944baa64464c4c3676731 | RegionOne | cinderv2     | volumev2       | True    | internal  | http://10.166.224.47:8776/v2/$(project_id)s    |
| 65cf7de5466d4d9c9702849c5efd39aa | RegionOne | cinder       | volume         | True    | internal  | http://10.166.224.47:8776/v1/$(project_id)s    |
| 778a36ceca9e421f947704857bf54529 | RegionOne | glance       | image          | True    | admin     | http://10.166.224.47:9292                      |
| 871778d44976475ea88148597b5d11c0 | RegionOne | keystone     | identity       | True    | admin     | http://10.166.224.47:35357/                    |
| 87e58ac4b5134fdf93adcecb122f000e | RegionOne | cinder       | volume         | True    | public    | http://10.166.224.47:8776/v1/$(project_id)s    |
| 8886bec81a2a48bc8302027626f5940f | RegionOne | cinderv2     | volumev2       | True    | public    | http://10.166.224.47:8776/v2/$(project_id)s    |
| 8bba169552364b8d9849ad698558f032 | RegionOne | glance       | image          | True    | public    | http://10.166.224.47:9292                      |
| a030b8cbb7a24038b7d8f4531bdd7741 | RegionOne | keystone     | identity       | True    | public    | http://10.166.224.47:5000/                     |
| a2de05364b534831adcebdb367103ebe | RegionOne | nova_legacy  | compute_legacy | True    | internal  | http://10.166.224.47/compute/v2/$(project_id)s |
| a6e8210d7a3d41a989fb18f6b97c8bd0 | RegionOne | cinderv2     | volumev2       | True    | admin     | http://10.166.224.47:8776/v2/$(project_id)s    |
| a9d453e296ef46eb9020147321cec6b6 | RegionOne | nova_legacy  | compute_legacy | True    | admin     | http://10.166.224.47/compute/v2/$(project_id)s |
| ad50270af0474a7684af2ea48a338c76 | RegionOne | cinder       | volume         | True    | admin     | http://10.166.224.47:8776/v1/$(project_id)s    |
| c19a567735a64e93aeb63c36e64b4586 | RegionOne | neutron      | network        | True    | public    | http://10.166.224.47:9696/                     |
| c212fecda78b456584cefb85d435cdbf | RegionOne | neutron      | network        | True    | admin     | http://10.166.224.47:9696/                     |
| d492b4289fc64b4685bfbff17f926f50 | RegionOne | nova_legacy  | compute_legacy | True    | public    | http://10.166.224.47/compute/v2/$(project_id)s |
| de2a77dc55704212bbbba6053cf8d405 | RegionOne | keystone     | identity       | True    | internal  | http://10.166.224.47:5000/                     |
| e682372c328340fea186463954869034 | RegionOne | nova         | compute        | True    | internal  | http://10.166.224.47/compute/v2.1              |
| f1dca727c89c40fcb447850a637c6876 | RegionOne | nova         | compute        | True    | admin     | http://10.166.224.47/compute/v2.1              |
+----------------------------------+-----------+--------------+----------------+---------+-----------+------------------------------------------------+

Region 是 keystone V3.2 中新加的,并且在 V3.3 中新增了一个 url 字段,此字段可以记录不同 Region 中 keystone 的 URL。
其实没有 Region,甚至没有 endpoint,service 这些概念,OpenStack 完全可以正常运行,只不过社区为了保证用户是可以自服务的,通过类似这种服务发现的机制,让用户通过 API 获取所有 API 的信息。
有很多公司在这点上还没有跟上社区的思路,需要加强。

$ openstack region create RegionTwo
+---------------+-----------+
| Field         | Value     |
+---------------+-----------+
| description   |           |
| enabled       | True      |
| parent_region | None      |
| region        | RegionTwo |
+---------------+-----------+

$ openstack  region show RegionOne       
+---------------+-----------+
| Field         | Value     |
+---------------+-----------+
| description   |           |
| parent_region | None      |
| region        | RegionOne |
+---------------+-----------+

2 条思考于 “测试 keystone v3 接口

  1. 夏小苒

    请问下,你的wordpress代码块是用什么工具实现的呢,你写文章直接用wordpress还是用什么工具写的,谢谢。

    1. gtt116 文章作者

      代码块是装了这个插件:WP Code Highlight.js
      写文章使用的是 WP Markdown Editor

发表评论

电子邮件地址不会被公开。 必填项已用*标注