OpenStack API and WSGI

dryu999

　　OpenStack是一个很多服务的集合，它所包含的服务有nova(compute)、keystone(identity)、glance(image)、horizon(dashboard)、neutron(network)、swift(object storage)等。每个服务都可以看做是一个WebApp，每个service从前端看就是一个REST API server，有可能后端有多个backend server，service之间是通过messaging通信。
　　

　　所有对openstack的操作都可以用api来实现，官方链接：
　　http://docs.openstack.org/api/
　　http://api.openstack.org/
　　

　　API使用http协议，再加上 json数据格式，可以使用curl、http库、python client库来操作。

　　1、使用novaclient查看image list
#!/usr/bin/env python
import logging
import novaclient
from novaclient.v1_1 import client
# enable debug logging
logger = logging.getLogger('novaclient.client')
logger.setLevel(logging.DEBUG)
debug_stream = logging.StreamHandler()
logger.addHandler(debug_stream)
auth_url = 'http://10.100.20.22:5000/v2.0'
user = 'admin'
password = 'devstack'
project = 'demo'
region = 'RegionOne'
service = 'compute'
nova = client.Client(user, password, project, auth_url,
                     region_name=region, service_type=service)
results = nova.images.list(detailed=True)
for image in results:
    print image.id, image.name, image.status　　

　　2、使用urllib2库查看image
#!/usr/bin/env python
import urllib2
import json
def get_keystone_token():
    """authenticate against keystone identity service
    returns an auth token, and the service url

"""
    user = 'admin'
    password = 'devstack'
    project = 'demo'
    auth_url = 'http://10.100.20.22:5000/v2.0/tokens'

    auth_request = urllib2.Request(auth_url)
    auth_request.add_header('Content-Type', 'application/json;charset=utf8')
    auth_request.add_header('Accept', 'application/json')
    auth_request.add_header('User-Agent', 'python-mikeyp')
    auth_data = {"auth":
        {"tenantName": project,
         "passwordCredentials": {
            "username": user,
            "password": password}
        }
    }
    auth_request.add_data(json.dumps(auth_data))
    auth_response = urllib2.urlopen(auth_request)
    response_data = json.loads(auth_response.read())
    token = response_data['access']['token']['id']
    service_list = response_data['access']['serviceCatalog']
    for s in service_list:

    if s['type'] == 'compute' and s['name'] == "'Compute Service'":
        break
    nova_url = s['endpoints'][0]['publicURL']
    return (token, nova_url)
token, service_url  = get_keystone_token()
image_api = service_url + '/images/detail'
images_request = urllib2.Request(image_api)
images_request.add_header('Content-Type', 'application/json;charset=utf8')
images_request.add_header('Accept', 'application/json')
images_request.add_header('User-Agent', 'python-mikeyp')
images_request.add_header('X-Auth-Token', token)
images_request.add_header('X-Auth-Project-Id', 'demo')
image_response = urllib2.urlopen(images_request)
image_data = json.loads(image_response.read())
print json.dumps(image_data, indent=4) 　　

　　OpenStack Web Stack
　　1、paste http server：http协议 + networking
　　2、webob请求和响应：http请求和响应的封装
　　3、openstack code(nova、glance、neutron、etc)
　　4、web service gateway interface(wsgi)：wsgi是一种协议
　　

　　WSGI简要概括：
　　1、wsgi application：python调用需要传入两个参数，a、wsgi environment，b、一个start_response函数；application会调用start_response，然后再return response
　　2、wsgi server：server会调用application
　　3、wsgi middleware：wsgi中间件，可以过滤请求
　　

　　一个简单的wsgi application
　　[root@devstack tmp]# cat hello_world.py
# 使用paste+wsgi
from paste import httpserver
def application(environ, start_response):
    start_response('200 ok', [('Content-type', 'text/html')])
    return ['Hello World']
httpserver.serve(application, host='127.0.0.1', port=8888)
# 验证结果
[root@devstack tmp]# python hello_world.py
serving on
[root@devstack ~]# curl http://localhost:8888
Hello World　　

　　带有webob + paste + wsgi的application
[root@devstack tmp]# cat wsgi_webob.py
from webob import Response
from webob.dec import wsgify
from paste import httpserver
from paste.deploy import loadapp
ini_path = '/tmp/wsgi_webob.ini'
@wsgify
def application(request):
    return Response('Hello World!')
def app_factory(global_config, **local_config):
    return application
wsgi_app = loadapp('config:' + ini_path)
httpserver.serve(wsgi_app, host='127.0.0.1', port=8888)
[root@devstack tmp]# cat wsgi_webob.ini
[app:main]
paste.app_factory = wsgi_webob:app_factory　　
引入wsgi middleware中间件

[root@devstack tmp]# cat wsgi_webob_mi.py
from webob import Response
from webob.dec import wsgify
from webob import exc
from paste import httpserver
from paste.deploy import loadapp
ini_path = '/tmp/wsgi_webob_mi.ini'
@wsgify
def application(request):
    return Response('Hello World!')
@wsgify.middleware
def auth_filter(request, app):
    if request.headers.get('X-Auth-Token') != 'open-sesame':
        return exc.HTTPForbidden()
    return app(request)
def app_factory(global_config, **local_config):
    return application
def filter_factory(global_config, **local_config):
    return auth_filter
wsgi_app = loadapp('config:' + ini_path)
httpserver.serve(wsgi_app, host='127.0.0.1', port=8888)
[root@devstack tmp]# cat wsgi_webob_mi.ini
[pipeline:main]
pipeline = auth main1
[app:main1]
paste.app_factory = wsgi_webob_mi:app_factory
[filter:auth]
paste.filter_factory = wsgi_webob_mi:filter_factory
# 验证结果
[root@devstack tmp]# python wsgi_webob_mi.py
serving on
[root@devstack ~]# curl -H "X-Auth-Token: open-sesame" http://localhost:8888
Hello World!
[root@devstack ~]# curl http://localhost:8888
# 无结果　　

　　还有eventlet.wsgi也有必要了解，链接：http://eventlet.net/doc/modules/wsgi.html
　　

　　参考链接
　　https://github.com/lhrc-mikeyp/Presentations/blob/master/openstack_api_wsgi/OpenStack_WSGI.pdf