《openstack二次开发简介.ppt》由会员分享,可在线阅读,更多相关《openstack二次开发简介.ppt(25页珍藏版)》请在taowenge.com淘文阁网|工程机械CAD图纸|机械工程制图|CAD装配图下载|SolidWorks_CaTia_CAD_UG_PROE_设计图分享下载上搜索。
1、OpenStack二次开发简介目录什么是什么是OpenStackOpenStack主要模块Bss OpenStack Gateway开发示例初识OpenStackOpenStack定义OpenStack is a cloud operating system that controls large pools of compute,storage,and networking resources throughout a datacenter,all managed through a dashboard that gives administrators control while empo
2、wering their users to provision resources through a web interface.OpenStack概念架构OpenStack逻辑架构目录什么是OpenStackOpenStack主要模块主要模块Bss OpenStack Gateway开发示例KeystoneKeystone身份验证服务身份验证服务KeystoneKeystone作为作为OpenstackOpenstack的核心模块,为的核心模块,为Nova(Nova(计计算算),Glance(),Glance(镜像镜像),Swift(),Swift(对象存储对象存储),Cinder(),C
3、inder(块存储块存储),Neutron(),Neutron(网络网络)以及以及Horizon(Dashboard)Horizon(Dashboard)等提供等提供认证服务认证服务KeystoneKeystone基本概念基本概念介绍之一介绍之一Authentication The process of confirming the identity of a user.To confirm an incoming request,OpenStack Identity validates a set of credentials users supply.Initially,these cre
4、dentials are a user name and password,or a user name and API key.Project A container that groups or isolates resources or identity objects.Depending on the service operator,a project might map to a customer,account,organization,or tenant.Domain Domains are a collection of projects and users that def
5、ine administrative boundaries for managing Identity entities.Domains can represent an individual,company,or operator-owned space.They expose administrative activities directly to system users.Users can be granted the administrator role for a domain.A domain administrator can create projects,users,an
6、d groups in a domain and assign roles to users and groups in a domain.DomanProjectKeystoneKeystone基本概念基本概念介绍之二介绍之二UserUser User即用户,他们代表可以通过keystone进行访问的人或程序。Users通过认证信息(credentials,如密码、API Keys等)进行验证。Group Group An Identity service API v3 entity.Groups are a collection of users owned by a domain.A g
7、roup role,granted to a domain or project,applies to all users in the group.Adding or removing users to or from a group grants or revokes their role and authentication to the associated domain or project.Role Role Role即角色,Roles代表一组用户可以访问的资源权限,例如Nova中的虚拟机、Glance中的镜像。Users可以被添加到任意一个全局的或租户的角色中。在全局的role中
8、,用户的role权限作用于所有的租户,即可以对所有的租户执行role规定的权限;在租户内的role中,用户仅能在当前租户内执行role规定的权限。TokenToken Token是访问资源的钥匙。它是通过Keystone验证后的返回值,在之后的与其他服务交互中只需要携带Token值即可。每个Token都有一个有效期,Token只在有效期内是有效的。Quotas Quotas To prevent system capacities from being exhausted without notification,you can set up quotas.Quotas are operati
9、onal limits.For example,the number of gigabytes allowed for each tenant can be controlled so that cloud resources are optimized.Quotas can be enforced at both the tenant(or project)and the tenant-user level.计算管理(codenamed“Nova”)基于用户需求为VM提供计算资源管理.基于Python语言编写。Nova-API:对外统一提供标准化接口.接受和响应最终用户Compute API
10、的请求,同时还实现与Openstack其他各逻辑模块的通讯与服务提供Nova-Scheduler:从队列上得到一个虚拟机实例请求并且决定它应该在哪里运行(使用多种过滤器或算法调度)Nova-Compute:主要是一个人工守护进程,它可以通过虚拟机管理程序的API(XenAPI for XenServer/XCP,libvirt for KVM or QEMU,VMwareAPI for VMware等)来创建和终止虚拟机实例。支持多种虚拟化平台Queue:提供了一个守护进程之间传递消息的中央枢纽。消息队列系统作用还可以实现与Openstack其他各逻辑模块之间的通信建立连接枢纽Nova-Dat
11、abase:存储云基础设施的编译时和运行时的状态,从理论上讲,OpenStack Nova可以支持任何SQL-Alchemy支持的数据库,但是目前被广泛使用的数据库有sqlite3(只适用于测试和开发工作),MySQL和PostgreSQL。Nova还提供控制台的服务,让最终用户通过代理服务器访问他们的虚拟实例的控制台。这涉及到多个守护进程(nova-console,nova-novncproxy、nova-xvpnvncproxy和nova-consoleauth)NovaNova服务服务块存储管理模块(“Cinder”)提供到虚拟机的永久性块存储卷.多个卷可以被挂载到单一虚拟机实例,同时卷
12、可以在虚拟机实例间移动,单个卷在同一时刻只能被挂载到一个虚拟机实例 块存储块存储CinderCinderAPI API S Serviceervice:负责接受和处理 Rest 请求,并将请求放入RabbitMQ队列。Scheduler Scheduler S Service:ervice:处理任务队列的任务,并根据预定策略选择合适的 Volume Service 节点来执行任务。Volume Volume S Service:ervice:该服务运行在存储节点上,管理存储空间。每个存储节点都有一个 Volume Service,若干个这样的存储节点联合起来可以构成一个存储资源池。为了支持不同
13、类型和型号的存储,均通过Drivers的形式为Cinder的 Volume Service 提供相应的Cinder-Volume。网络服务(“Neutron”)提供在被管理设备之间的网络连接服务,包括租户网络和提供商网络。NeutronNeutron网络服务网络服务Neutron DriversNeutron API 提供Openstack其他服务或管理员及用户访问的接口OpenStack Networking plug-in and agents Plugs and unplugs ports,creates networks or subnets,and provides IP addre
14、ssing.The chosen plug-in and agents differ depending on the vendor and technologies used in the particular cloud.It is important to mention that only one plug-in can be used at a time.Messaging queue Accepts and routes RPC requests between agents to complete API operations.NeutronNeutron 的关的关键概念键概念网
15、络网络NetworkNetwork一个L2二层网络单元 租户可通过Neutron API 创建自己的网络子网子网SubnetSubnet一段IPV4/IPV6地址段 为Instance提供私网或公网地址 路由器路由器RouterRouter三层路由器为租户的Instance提供路由功能 端口端口PortPort虚拟交换机上的端口管理Instance的网卡GlanceGlance镜像服务镜像服务 Glance是OpenStack镜像服务,用来注册、登陆和检索虚拟机镜像。Glance服务提供了一个REST API,使你能够查询虚拟机镜像元数据和检索的实际镜像。通过镜像服务提供的虚拟机镜像可以存储在
16、不同的位置,从简单的文件系统对象存储到类似OpeenStack对象存储系统。lGlance-API:接收最终用户或Noav对镜像的请求,检索和存储镜像的相关API调用。lGlance-registry:存储,处理和检索有关镜像的元数据,元数据大小、类型等等。lDatabase:存储镜像元数据,可以支持多种数据库,现在使用比较广泛的是mysql和sqlite.创建虚拟机流程创建虚拟机流程目录什么是OpenStackOpenStack主要模块Bss OpenStack Gateway开发示例开发示例Bss OpenStack Gateway上下文OpenStack-gatewayOpenStack
17、Http RequestMysqlFcbssOpenStack-gatewayOpenStack-GatewayFcbssFcbssCLI/clientMysqlMysqlOpenStack API请求流程Request an authentication token from the Identity endpoint that your cloud administrator gave you.Send a payload of credentials in the request as shown in Authenticate.If the request succeeds,the s
18、erver returns an authentication token.Send API requests and include the token in the X-Auth-Token header.Continue to send API requests with that token until the service completes the request or the Unauthorized(401)error occurs.If the Unauthorized(401)error occurs,request another token.获取token发送请求三种
19、API接口Rest API http:/developer.openstack.org/api-ref.htmlCLI http:/docs.openstack.org/cli-reference/SDK http:/docs.openstack.org/user-guide/sdk.htmlRest API示例获取获取token:发送请求:发送请求:CLI示例nova-os-username$USERNAME-os-password$PASSWORD-os-tenant-name$TENANT_NAME-os-auth-url$AUTH_URL-os-cacert$OS_CACERT vol
20、ume-detach$VM_UUID$VOLUME_UUIDnovaclient.v1_1.clientneutronclient.v2_0.clientcinderclient.v2.clientkeystoneclient.v2_0.clientglanceclient.v2.clientimport novaclient.v1_1.client as nvclientcredscacert=self.cacertcredsauth_url=self.auth_urlcredsproject_id=tenant_namecredsusername=tenant_infouser_namecredsapi_key=tenant_infouser_keynova=nvclient.Client(*creds)vms=nova.servers.list()SDK示例参考http:/docs.openstack.org谢谢大家!