|
|
一、概况
1. 请求认证token时,需发送的认证信息包括:
2. 如果认证成功,会获得认证token
3. 在发送的API请求中将认证token填入X-Auth-Token字段。可以一直使用这个认证token发送API请求,直到任务完成或出现401非认证错误。
4. 如果出现401非认证错误,可以重新请求一个认证token。
二、详细流程举例
说明:以下例子会使用到cURL( http://curl.haxx.se/)和OpenStack APIs( http://developer.openstack.org/api-ref.html)
1、认证过程
使用如下命令请求认证token:
$ curl -i 'http://127.0.0.1:5000/v2.0/tokens' -X POST -H "Content-Type: application/json" -H "Accept: application/json" -d '{"auth": {"tenantName": "admin", "passwordCredentials": {"username": "admin", "password": "secretsecret"}}}'
如果认证成功,将获得200 OK响应报文,其中响应body包含了一个token和过期时间,前者格式为"id":"token",后者格式为"expires":"datetime"。详细情况如下:
HTTP/1.1 200 OK
Vary: X-Auth-Token
Content-Type: application/json
Content-Length: 5858
Date: Wed, 06 Nov 2013 20:06:24 GMT{"access": {
{
"access": {
"token": {
"issued_at": "2013-11-06T20:06:24.113908",
"expires": "2013-11-07T20:06:24Z",
"id": "{token}",
"tenant": {
"description": null,
"enabled": true,
"id": "604bbe45ac7143a79e14f3158df67091",
"name": "admin"
}
},
"serviceCatalog": [
{
"endpoints": [
{
"adminURL": "http://166.78.21.23:8774/v2/604bbe45ac7143a79e14f3158df67091",
"region": "RegionOne",
"internalURL": "http://166.78.21.23:8774/v2/604bbe45ac7143a79e14f3158df67091",
"id": "9851cb538ce04283b770820acc24e898",
"publicURL": "http://166.78.21.23:8774/v2/604bbe45ac7143a79e14f3158df67091"
}
],
"endpoints_links": [],
"type": "compute",
"name": "nova"
},
...
"user": {
"username": "admin",
"roles_links": [],
"id": "3273a50d6cfb4a2ebc75e83cb86e1554",
"roles": [
{
"name": "admin"
}
],
"name": "admin"
},
"metadata": {
"is_admin": 0,
"roles": [
"b0d525aa42784ee0a3df1730aabdcecd"
]
}
}
}
2、发送API请求过程
说明:以下使用 Identity API (http://developer.openstack.org/api-ref-identity-v3.html)和Compute API (http://developer.openstack.org/api-ref-compute-v2.html)的请求举例。
2.1 使用Identity API 请求tenants list,如下:
$ curl -i -X GET http://166.78.21.23:35357/v2.0/tenants -H "User-Agent: python-keystoneclient" -H "X-Auth-Token: token"
结果内容:
{
"tenants_links": [],
"tenants": [
{
"description": null,
"enabled": true,
"id": "3eddf34c2f814bd5bc50a382f8fba1c6",
"name": "demo"
},
{
"description": null,
"enabled": true,
"id": "604bbe45ac7143a79e14f3158df67091",
"name": "admin"
},
{
"description": null,
"enabled": true,
"id": "78323d3574e6421b98fe5894475c69fe",
"name": "service"
},
{
"description": null,
"enabled": true,
"id": "da73856734d84ec29958b048d8708d82",
"name": "invisible_to_admin"
},
{
"description": null,
"enabled": true,
"id": "ee30a93eaade41acbcf210780dd7a0ba",
"name": "alt_demo"
}
]
}
2.2 使用Compute API 请求servers list,如下:
$ curl -v -H "X-Auth-Token:token" http://208.123.85.197:8774/v2/tenant_id/servers
结果内容:
{
"server": {
"adminPass": "MVk5HPrazHcG",
"id": "5bbcc3c4-1da2-4437-a48a-66f15b1b13f9",
"links": [
{
"href": "http://openstack.example.com/v2/openstack/servers/5bbcc3c4-1da2-4437-a48a-66f15b1b13f9",
"rel": "self"
},
{
"href": "http://openstack.example.com/openstack/servers/5bbcc3c4-1da2-4437-a48a-66f15b1b13f9",
"rel": "bookmark"
}
]
}
}
三、详细流程图
如果给出tenant直接从以下步骤开始:
参考文章:
http://docs.openstack.org/api/quick-start/content/index.html#authenticate
http://docs.openstack.org/icehouse/install-guide/install/yum/content/keystone-concepts.html
|
|
QQ群⑧:
窥视卡
雷达卡
发表于 2015-4-12 09:21:29
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡