Merge redux branch (keystone light)
Change-Id: I2cb5b198a06848f42f919ea49e338443131e263e
|
@ -1,21 +1,17 @@
|
|||
*.pyc
|
||||
.cache/
|
||||
.project
|
||||
.project/
|
||||
.pydevproject
|
||||
.pydevproject/
|
||||
.settings/
|
||||
.keystone-venv/
|
||||
*.swp
|
||||
vendor
|
||||
.ksl-venv
|
||||
.venv
|
||||
build/
|
||||
dist/
|
||||
doc/source/sourcecode
|
||||
.tox
|
||||
keystone.egg-info/
|
||||
*.db
|
||||
.*.swp
|
||||
*.log
|
||||
*.pid
|
||||
pidfile
|
||||
*.komodoproject
|
||||
run_tests.log
|
||||
.coverage
|
||||
covhtml
|
||||
pep8.txt
|
||||
nosetests.xml
|
||||
bla.db
|
||||
docs/build
|
||||
.DS_Store
|
||||
docs/source/modules.rst
|
||||
docs/source/keystone.*
|
||||
|
|
16
.mailmap
|
@ -1,16 +0,0 @@
|
|||
<dolph.mathews@rackspace.com> <dolph.mathews@gmail.com>
|
||||
Edouard Thuleau <edouard1.thuleau@orange.com>
|
||||
<jeblair@hp.com> <corvus@gnu.org>
|
||||
<jeblair@hp.com> <james.blair@rackspace.com>
|
||||
<joon.eo@gmail.com> <john.eo@rackspace.com>
|
||||
Khaled Hussein <khaled.hussein@gmail.com> KnightHacker <khaled.hussein@rackspace.com>
|
||||
Khaled Hussein <khaled.hussein@gmail.com> Khaled Hussein <khaled.hussein@rackspace.com>
|
||||
<rjuvvadi@hcl.com> <ramana@venus.lekha.org>
|
||||
<rjuvvadi@hcl.com> <rrjuvvadi@gmail.com>
|
||||
<xtoddx@gmail.com> <todd@rubidine.com>
|
||||
<github@highbridgellc.com> <gihub@highbridgellc.com>
|
||||
<github@highbridgellc.com> <ziad.sawalha@rackspace.com>
|
||||
sirish.bitra <sirish.bitra@gmail.com> sirish bitra <sirish.bitra@gmail.com>
|
||||
sirish.bitra <sirish.bitra@gmail.com> sirishbitra <sirish.bitra@gmail.com>
|
||||
sirish.bitra <sirish.bitra@gmail.com> bsirish <sirish.bitra@gmail.com>
|
||||
sirish.bitra <sirish.bitra@gmail.com> root <root@bsirish.(none)>
|
50
AUTHORS
|
@ -1,50 +0,0 @@
|
|||
Adipudi Praveena <padipudi@padipudi.(none)>
|
||||
Alex Silva <alex.silva@M1BPAGY.(none)>
|
||||
Anne Gentle <anne@openstack.org>
|
||||
Anthony Young <sleepsonthefloor@gmail.com>
|
||||
Brian Lamar <brian.lamar@gmail.com>
|
||||
Dan Prince <dan.prince@rackspace.com>
|
||||
Dolph Mathews <dolph.mathews@gmail.com>
|
||||
Ed Leafe <ed@leafe.com>
|
||||
Edouard Thuleau <edouard1.thuleau@orange.com>
|
||||
Eoghan Glynn <eglynn@redhat.com>
|
||||
gholt <gholt@brim.net>
|
||||
Ionuț Arțăriși <iartarisi@suse.cz>
|
||||
jabdul <abdulkader.j@hcl.com>
|
||||
James E. Blair <jeblair@hp.com>
|
||||
Jason Cannavale <jason.cannavale@rackspace.com>
|
||||
Jay Pipes <jaypipes@gmail.com>
|
||||
Jenkins <jenkins@review.openstack.org>
|
||||
Jesse Andrews <anotherjesse@gmail.com>
|
||||
Joe Savak <joe.savak@rackspace.com>
|
||||
John Dickinson <me@not.mn>
|
||||
John Eo <joon.eo@gmail.com>
|
||||
Jorge L. Williams <jorge.williams@rackspace.com>
|
||||
Joseph W. Breu <joseph.breu@rackspace.com>
|
||||
Josh Kearney <josh@jk0.org>
|
||||
Julien Danjou <julien.danjou@enovance.com>
|
||||
Justin Shepherd <jshepher@rackspace.com>
|
||||
Kevin L. Mitchell <kevin.mitchell@rackspace.com>
|
||||
Khaled Hussein <khaled.hussein@gmail.com>
|
||||
Kiall Mac Innes <kiall@managedit.ie>
|
||||
Mark Gius <mgius7096@gmail.com>
|
||||
Mark McLoughlin <markmc@redhat.com>
|
||||
Monty Taylor <mordred@inaugust.com>
|
||||
Pádraig Brady <P@draigBrady.com>
|
||||
Paul Voccio <paul@substation9.com>
|
||||
Ramana Juvvadi <rjuvvadi@hcl.com>
|
||||
Robin Norwood <robin.norwood@gmail.com>
|
||||
root <root@newapps.(none)>
|
||||
Sai Krishna <saikrishna1511@gmail.com>
|
||||
Sirish Bitra <sirish.bitra@gmail.com>
|
||||
Sony K. Philip <sony@hcleai.com>
|
||||
termie <github@anarkystic.com>
|
||||
Thierry Carrez <thierry@openstack.org>
|
||||
Todd Willey <xtoddx@gmail.com>
|
||||
Will Kelly <the.william.kelly@gmail.com>
|
||||
Vishvananda Ishaya <vishvananda@gmail.com>
|
||||
Yaguang Tang <heut2008@gmail.com>
|
||||
Yogeshwar Srikrishnan <yoga80@yahoo.com>
|
||||
Yuriy Taraday <yorik.sar@gmail.com>
|
||||
Ziad Sawalha <github@highbridgellc.com>
|
||||
Zhongyue Luo <lzyeval@gmail.com>
|
68
HACKING
|
@ -1,68 +0,0 @@
|
|||
Keystone Style Commandments (pilfered from Nova and added to)
|
||||
=============================================================
|
||||
|
||||
Step 1: Read http://www.python.org/dev/peps/pep-0008/
|
||||
Step 2: Read http://www.python.org/dev/peps/pep-0008/ again
|
||||
Step 3: Read on
|
||||
|
||||
Imports
|
||||
-------
|
||||
- thou shalt not import objects, only modules
|
||||
- thou shalt not import more than one module per line
|
||||
- thou shalt not make relative imports
|
||||
- thou shalt organize your imports according to the following template
|
||||
|
||||
::
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
{{stdlib imports in human alphabetical order}}
|
||||
\n
|
||||
{{OpenStack/Keystone imports in human alphabetical order}}
|
||||
\n
|
||||
\n
|
||||
{{begin your code}}
|
||||
|
||||
|
||||
General
|
||||
-------
|
||||
- thou shalt put two newlines twixt toplevel code (funcs, classes, etc)
|
||||
- thou shalt put one newline twixt methods in classes and anywhere else
|
||||
- thou shalt not write "except:", use "except Exception:" at the very least
|
||||
- thou shalt include your name with TODOs as in "TODO(waldo)"
|
||||
- thou shalt not name anything the same name as a builtin or reserved word
|
||||
- thou shouldeth comment profusely
|
||||
- thou shalt not violate causality in our time cone, or else
|
||||
|
||||
|
||||
Human Alphabetical Order Examples
|
||||
---------------------------------
|
||||
::
|
||||
import httplib
|
||||
import logging
|
||||
import random
|
||||
import StringIO
|
||||
import time
|
||||
import unittest
|
||||
|
||||
import keystone.logic.types.fault as fault
|
||||
import keystone.db.sqlalchemy.api as db_api
|
||||
|
||||
Docstrings
|
||||
----------
|
||||
Add them to modules, classes, and functions:
|
||||
"""Summary of the function, class or method, less than 80 characters.
|
||||
|
||||
New paragraph after newline that explains in more detail any general
|
||||
information about the function, class or method. After this, if defining
|
||||
parameters and return types use the Sphinx format. After that an extra
|
||||
newline then close the quotations.
|
||||
|
||||
When writing the docstring for a class, an extra line should be placed
|
||||
after the closing quotations. For more in-depth explanations for these
|
||||
decisions see http://www.python.org/dev/peps/pep-0257/
|
||||
|
||||
:param foo: the foo parameter
|
||||
:param bar: the bar parameter
|
||||
:returns: description of the return value
|
||||
|
||||
"""
|
||||
|
|
@ -0,0 +1,192 @@
|
|||
Keystone Style Commandments
|
||||
===========================
|
||||
|
||||
- Step 1: Read http://www.python.org/dev/peps/pep-0008/
|
||||
- Step 2: Read http://www.python.org/dev/peps/pep-0008/ again
|
||||
- Step 3: Read on
|
||||
|
||||
|
||||
General
|
||||
-------
|
||||
- Put two newlines between top-level code (funcs, classes, etc)
|
||||
- Put one newline between methods in classes and anywhere else
|
||||
- Do not write "except:", use "except Exception:" at the very least
|
||||
- Include your name with TODOs as in "#TODO(termie)"
|
||||
- Do not name anything the same name as a built-in or reserved word
|
||||
|
||||
TODO vs FIXME
|
||||
-------------
|
||||
|
||||
- TODO(name): implies that something should be done (cleanup, refactoring,
|
||||
etc), but is expected to be functional.
|
||||
- FIXME(name): implies that the method/function/etc shouldn't be used until
|
||||
that code is resolved and bug fixed.
|
||||
|
||||
Imports
|
||||
-------
|
||||
- Do not import objects, only modules
|
||||
- Do not import more than one module per line
|
||||
- Do not make relative imports
|
||||
- Order your imports by the full module path
|
||||
- Organize your imports according to the following template
|
||||
|
||||
Example::
|
||||
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
{{stdlib imports in human alphabetical order}}
|
||||
\n
|
||||
{{third-party lib imports in human alphabetical order}}
|
||||
\n
|
||||
{{nova imports in human alphabetical order}}
|
||||
\n
|
||||
\n
|
||||
{{begin your code}}
|
||||
|
||||
|
||||
Human Alphabetical Order Examples
|
||||
---------------------------------
|
||||
Example::
|
||||
|
||||
import httplib
|
||||
import logging
|
||||
import random
|
||||
import StringIO
|
||||
import time
|
||||
import unittest
|
||||
|
||||
import eventlet
|
||||
import webob.exc
|
||||
|
||||
import nova.api.ec2
|
||||
from nova.api import openstack
|
||||
from nova.auth import users
|
||||
import nova.flags
|
||||
from nova.endpoint import cloud
|
||||
from nova import test
|
||||
|
||||
|
||||
Docstrings
|
||||
----------
|
||||
Example::
|
||||
|
||||
"""A one line docstring looks like this and ends in a period."""
|
||||
|
||||
|
||||
"""A multiline docstring has a one-line summary, less than 80 characters.
|
||||
|
||||
Then a new paragraph after a newline that explains in more detail any
|
||||
general information about the function, class or method. Example usages
|
||||
are also great to have here if it is a complex class for function.
|
||||
|
||||
When writing the docstring for a class, an extra line should be placed
|
||||
after the closing quotations. For more in-depth explanations for these
|
||||
decisions see http://www.python.org/dev/peps/pep-0257/
|
||||
|
||||
A docstring ends with an empty line before the closing quotations.
|
||||
|
||||
Describe parameters and return values, using the Sphinx format; the
|
||||
appropriate syntax is as follows.
|
||||
|
||||
:param foo: the foo parameter
|
||||
:param bar: the bar parameter
|
||||
:type bar: parameter type for 'bar'
|
||||
:returns: return_type -- description of the return value
|
||||
:returns: description of the return value
|
||||
:raises: AttributeError, KeyError
|
||||
|
||||
"""
|
||||
|
||||
|
||||
Dictionaries/Lists
|
||||
------------------
|
||||
If a dictionary (dict) or list object is longer than 80 characters, its items
|
||||
should be split with newlines. Embedded iterables should have their items
|
||||
indented. Additionally, the last item in the dictionary should have a trailing
|
||||
comma. This increases readability and simplifies future diffs.
|
||||
|
||||
Example::
|
||||
|
||||
my_dictionary = {
|
||||
"image": {
|
||||
"name": "Just a Snapshot",
|
||||
"size": 2749573,
|
||||
"properties": {
|
||||
"user_id": 12,
|
||||
"arch": "x86_64",
|
||||
},
|
||||
"things": [
|
||||
"thing_one",
|
||||
"thing_two",
|
||||
],
|
||||
"status": "ACTIVE",
|
||||
},
|
||||
}
|
||||
|
||||
|
||||
Calling Methods
|
||||
---------------
|
||||
Calls to methods 80 characters or longer should format each argument with
|
||||
newlines. This is not a requirement, but a guideline::
|
||||
|
||||
unnecessarily_long_function_name('string one',
|
||||
'string two',
|
||||
kwarg1=constants.ACTIVE,
|
||||
kwarg2=['a', 'b', 'c'])
|
||||
|
||||
|
||||
Rather than constructing parameters inline, it is better to break things up::
|
||||
|
||||
list_of_strings = [
|
||||
'what_a_long_string',
|
||||
'not as long',
|
||||
]
|
||||
|
||||
dict_of_numbers = {
|
||||
'one': 1,
|
||||
'two': 2,
|
||||
'twenty four': 24,
|
||||
}
|
||||
|
||||
object_one.call_a_method('string three',
|
||||
'string four',
|
||||
kwarg1=list_of_strings,
|
||||
kwarg2=dict_of_numbers)
|
||||
|
||||
|
||||
Internationalization (i18n) Strings
|
||||
-----------------------------------
|
||||
In order to support multiple languages, we have a mechanism to support
|
||||
automatic translations of exception and log strings.
|
||||
|
||||
Example::
|
||||
|
||||
msg = _("An error occurred")
|
||||
raise HTTPBadRequest(explanation=msg)
|
||||
|
||||
If you have a variable to place within the string, first internationalize the
|
||||
template string then do the replacement.
|
||||
|
||||
Example::
|
||||
|
||||
msg = _("Missing parameter: %s") % ("flavor",)
|
||||
LOG.error(msg)
|
||||
|
||||
If you have multiple variables to place in the string, use keyword parameters.
|
||||
This helps our translators reorder parameters when needed.
|
||||
|
||||
Example::
|
||||
|
||||
msg = _("The server with id %(s_id)s has no key %(m_key)s")
|
||||
LOG.error(msg % {"s_id": "1234", "m_key": "imageId"})
|
||||
|
||||
|
||||
Creating Unit Tests
|
||||
-------------------
|
||||
For every new feature, unit tests should be created that both test and
|
||||
(implicitly) document the usage of said feature. If submitting a patch for a
|
||||
bug that had no unit test, a new passing unit test should be added. If a
|
||||
submitted bug fix does have a unit test, be sure to add a new one that fails
|
||||
without the patch and passes with the patch.
|
||||
|
||||
For more information on creating unit tests and utilizing the testing
|
||||
infrastructure in OpenStack Nova, please read nova/testing/README.rst.
|
202
LICENSE
|
@ -1,202 +0,0 @@
|
|||
|
||||
Apache License
|
||||
Version 2.0, January 2004
|
||||
http://www.apache.org/licenses/
|
||||
|
||||
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
|
||||
|
||||
1. Definitions.
|
||||
|
||||
"License" shall mean the terms and conditions for use, reproduction,
|
||||
and distribution as defined by Sections 1 through 9 of this document.
|
||||
|
||||
"Licensor" shall mean the copyright owner or entity authorized by
|
||||
the copyright owner that is granting the License.
|
||||
|
||||
"Legal Entity" shall mean the union of the acting entity and all
|
||||
other entities that control, are controlled by, or are under common
|
||||
control with that entity. For the purposes of this definition,
|
||||
"control" means (i) the power, direct or indirect, to cause the
|
||||
direction or management of such entity, whether by contract or
|
||||
otherwise, or (ii) ownership of fifty percent (50%) or more of the
|
||||
outstanding shares, or (iii) beneficial ownership of such entity.
|
||||
|
||||
"You" (or "Your") shall mean an individual or Legal Entity
|
||||
exercising permissions granted by this License.
|
||||
|
||||
"Source" form shall mean the preferred form for making modifications,
|
||||
including but not limited to software source code, documentation
|
||||
source, and configuration files.
|
||||
|
||||
"Object" form shall mean any form resulting from mechanical
|
||||
transformation or translation of a Source form, including but
|
||||
not limited to compiled object code, generated documentation,
|
||||
and conversions to other media types.
|
||||
|
||||
"Work" shall mean the work of authorship, whether in Source or
|
||||
Object form, made available under the License, as indicated by a
|
||||
copyright notice that is included in or attached to the work
|
||||
(an example is provided in the Appendix below).
|
||||
|
||||
"Derivative Works" shall mean any work, whether in Source or Object
|
||||
form, that is based on (or derived from) the Work and for which the
|
||||
editorial revisions, annotations, elaborations, or other modifications
|
||||
represent, as a whole, an original work of authorship. For the purposes
|
||||
of this License, Derivative Works shall not include works that remain
|
||||
separable from, or merely link (or bind by name) to the interfaces of,
|
||||
the Work and Derivative Works thereof.
|
||||
|
||||
"Contribution" shall mean any work of authorship, including
|
||||
the original version of the Work and any modifications or additions
|
||||
to that Work or Derivative Works thereof, that is intentionally
|
||||
submitted to Licensor for inclusion in the Work by the copyright owner
|
||||
or by an individual or Legal Entity authorized to submit on behalf of
|
||||
the copyright owner. For the purposes of this definition, "submitted"
|
||||
means any form of electronic, verbal, or written communication sent
|
||||
to the Licensor or its representatives, including but not limited to
|
||||
communication on electronic mailing lists, source code control systems,
|
||||
and issue tracking systems that are managed by, or on behalf of, the
|
||||
Licensor for the purpose of discussing and improving the Work, but
|
||||
excluding communication that is conspicuously marked or otherwise
|
||||
designated in writing by the copyright owner as "Not a Contribution."
|
||||
|
||||
"Contributor" shall mean Licensor and any individual or Legal Entity
|
||||
on behalf of whom a Contribution has been received by Licensor and
|
||||
subsequently incorporated within the Work.
|
||||
|
||||
2. Grant of Copyright License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
copyright license to reproduce, prepare Derivative Works of,
|
||||
publicly display, publicly perform, sublicense, and distribute the
|
||||
Work and such Derivative Works in Source or Object form.
|
||||
|
||||
3. Grant of Patent License. Subject to the terms and conditions of
|
||||
this License, each Contributor hereby grants to You a perpetual,
|
||||
worldwide, non-exclusive, no-charge, royalty-free, irrevocable
|
||||
(except as stated in this section) patent license to make, have made,
|
||||
use, offer to sell, sell, import, and otherwise transfer the Work,
|
||||
where such license applies only to those patent claims licensable
|
||||
by such Contributor that are necessarily infringed by their
|
||||
Contribution(s) alone or by combination of their Contribution(s)
|
||||
with the Work to which such Contribution(s) was submitted. If You
|
||||
institute patent litigation against any entity (including a
|
||||
cross-claim or counterclaim in a lawsuit) alleging that the Work
|
||||
or a Contribution incorporated within the Work constitutes direct
|
||||
or contributory patent infringement, then any patent licenses
|
||||
granted to You under this License for that Work shall terminate
|
||||
as of the date such litigation is filed.
|
||||
|
||||
4. Redistribution. You may reproduce and distribute copies of the
|
||||
Work or Derivative Works thereof in any medium, with or without
|
||||
modifications, and in Source or Object form, provided that You
|
||||
meet the following conditions:
|
||||
|
||||
(a) You must give any other recipients of the Work or
|
||||
Derivative Works a copy of this License; and
|
||||
|
||||
(b) You must cause any modified files to carry prominent notices
|
||||
stating that You changed the files; and
|
||||
|
||||
(c) You must retain, in the Source form of any Derivative Works
|
||||
that You distribute, all copyright, patent, trademark, and
|
||||
attribution notices from the Source form of the Work,
|
||||
excluding those notices that do not pertain to any part of
|
||||
the Derivative Works; and
|
||||
|
||||
(d) If the Work includes a "NOTICE" text file as part of its
|
||||
distribution, then any Derivative Works that You distribute must
|
||||
include a readable copy of the attribution notices contained
|
||||
within such NOTICE file, excluding those notices that do not
|
||||
pertain to any part of the Derivative Works, in at least one
|
||||
of the following places: within a NOTICE text file distributed
|
||||
as part of the Derivative Works; within the Source form or
|
||||
documentation, if provided along with the Derivative Works; or,
|
||||
within a display generated by the Derivative Works, if and
|
||||
wherever such third-party notices normally appear. The contents
|
||||
of the NOTICE file are for informational purposes only and
|
||||
do not modify the License. You may add Your own attribution
|
||||
notices within Derivative Works that You distribute, alongside
|
||||
or as an addendum to the NOTICE text from the Work, provided
|
||||
that such additional attribution notices cannot be construed
|
||||
as modifying the License.
|
||||
|
||||
You may add Your own copyright statement to Your modifications and
|
||||
may provide additional or different license terms and conditions
|
||||
for use, reproduction, or distribution of Your modifications, or
|
||||
for any such Derivative Works as a whole, provided Your use,
|
||||
reproduction, and distribution of the Work otherwise complies with
|
||||
the conditions stated in this License.
|
||||
|
||||
5. Submission of Contributions. Unless You explicitly state otherwise,
|
||||
any Contribution intentionally submitted for inclusion in the Work
|
||||
by You to the Licensor shall be under the terms and conditions of
|
||||
this License, without any additional terms or conditions.
|
||||
Notwithstanding the above, nothing herein shall supersede or modify
|
||||
the terms of any separate license agreement you may have executed
|
||||
with Licensor regarding such Contributions.
|
||||
|
||||
6. Trademarks. This License does not grant permission to use the trade
|
||||
names, trademarks, service marks, or product names of the Licensor,
|
||||
except as required for reasonable and customary use in describing the
|
||||
origin of the Work and reproducing the content of the NOTICE file.
|
||||
|
||||
7. Disclaimer of Warranty. Unless required by applicable law or
|
||||
agreed to in writing, Licensor provides the Work (and each
|
||||
Contributor provides its Contributions) on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
implied, including, without limitation, any warranties or conditions
|
||||
of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A
|
||||
PARTICULAR PURPOSE. You are solely responsible for determining the
|
||||
appropriateness of using or redistributing the Work and assume any
|
||||
risks associated with Your exercise of permissions under this License.
|
||||
|
||||
8. Limitation of Liability. In no event and under no legal theory,
|
||||
whether in tort (including negligence), contract, or otherwise,
|
||||
unless required by applicable law (such as deliberate and grossly
|
||||
negligent acts) or agreed to in writing, shall any Contributor be
|
||||
liable to You for damages, including any direct, indirect, special,
|
||||
incidental, or consequential damages of any character arising as a
|
||||
result of this License or out of the use or inability to use the
|
||||
Work (including but not limited to damages for loss of goodwill,
|
||||
work stoppage, computer failure or malfunction, or any and all
|
||||
other commercial damages or losses), even if such Contributor
|
||||
has been advised of the possibility of such damages.
|
||||
|
||||
9. Accepting Warranty or Additional Liability. While redistributing
|
||||
the Work or Derivative Works thereof, You may choose to offer,
|
||||
and charge a fee for, acceptance of support, warranty, indemnity,
|
||||
or other liability obligations and/or rights consistent with this
|
||||
License. However, in accepting such obligations, You may act only
|
||||
on Your own behalf and on Your sole responsibility, not on behalf
|
||||
of any other Contributor, and only if You agree to indemnify,
|
||||
defend, and hold each Contributor harmless for any liability
|
||||
incurred by, or claims asserted against, such Contributor by reason
|
||||
of your accepting any such warranty or additional liability.
|
||||
|
||||
END OF TERMS AND CONDITIONS
|
||||
|
||||
APPENDIX: How to apply the Apache License to your work.
|
||||
|
||||
To apply the Apache License to your work, attach the following
|
||||
boilerplate notice, with the fields enclosed by brackets "[]"
|
||||
replaced with your own identifying information. (Don't include
|
||||
the brackets!) The text should be enclosed in the appropriate
|
||||
comment syntax for the file format. We also recommend that a
|
||||
file or class name and description of purpose be included on the
|
||||
same "printed page" as the copyright notice for easier
|
||||
identification within third-party archives.
|
||||
|
||||
Copyright [yyyy] [name of copyright owner]
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License");
|
||||
you may not use this file except in compliance with the License.
|
||||
You may obtain a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS,
|
||||
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
See the License for the specific language governing permissions and
|
||||
limitations under the License.
|
21
MANIFEST.in
|
@ -1,21 +0,0 @@
|
|||
include AUTHORS
|
||||
include HACKING
|
||||
include LICENSE
|
||||
include MANIFEST.in
|
||||
include README.md
|
||||
include pylintrc
|
||||
include run_tests.py
|
||||
include run_tests.sh
|
||||
include setup.py
|
||||
graft bin
|
||||
graft doc
|
||||
prune doc/source/sourcecode
|
||||
graft etc
|
||||
graft examples
|
||||
graft keystone/content
|
||||
graft keystone/test/etc
|
||||
graft tools
|
||||
recursive-include keystone *.json *.xml *.cfg README
|
||||
include keystone/backends/ldap/keystone.ldif
|
||||
include keystone/backends/ldap/keystone.schema
|
||||
global-exclude *.pyc *.sdx *.log *.db *.swp
|
275
README.md
|
@ -1,275 +0,0 @@
|
|||
# Keystone: OpenStack Identity Service
|
||||
|
||||
Keystone is a Python implementation of the [OpenStack](http://www.openstack.org) identity service API.
|
||||
|
||||
# Documentation
|
||||
|
||||
## For users and sysadmins
|
||||
|
||||
Learn how to install, configure, manage, and interact with the OpenStack
|
||||
Identity Service API at the [OpenStack Documentation](http://docs.openstack.org/) site.
|
||||
|
||||
## For contributors
|
||||
|
||||
Learn how to setup a development environment and then test, run, and contribute to Keystone at the
|
||||
[Contributor Documentation](http://keystone.openstack.org/) site.
|
||||
|
||||
# Questions/Feedback
|
||||
|
||||
Having trouble? We'd like to help!
|
||||
|
||||
* Try the documentation first — it's got answers to many common questions.
|
||||
* Search for information in the archives of the [OpenStack mailing list](http://wiki.openstack.org/MailingLists), or post a question.
|
||||
* Ask a question in the [#openstack IRC channel](http://wiki.openstack.org/UsingIRC).
|
||||
* If you notice errors, please [open a bug](https://bugs.launchpad.net/keystone) and let us know! Please only use the bug tracker for criticisms and improvements. For tech support, use the resources above.
|
||||
|
||||
# For Contributors
|
||||
|
||||
## What's in the box?
|
||||
|
||||
### Services
|
||||
|
||||
* Keystone - identity store and authentication service
|
||||
* Auth_Token - WSGI middleware that can be used to handle token auth protocol (WSGI or remote proxy)
|
||||
* Echo - A sample service that responds by returning call details
|
||||
|
||||
### Also included:
|
||||
|
||||
* Auth_Basic - Stub for WSGI middleware that will be used to handle basic auth
|
||||
* Auth_OpenID - Stub for WSGI middleware that will be used to handle openid auth protocol (to be implemented)
|
||||
* RemoteAuth - WSGI middleware that can be used in services (like Swift, Nova, and Glance) when Auth middleware is running remotely
|
||||
|
||||
### Built-In commands:
|
||||
|
||||
* bin/keystone - Provides HTTP API for users and administrators
|
||||
* bin/keystone-admin - Provides HTTP API for administrators
|
||||
* bin/keystone-service - Provides HTTP API for users
|
||||
* bin/keystone-manage - Provides command-line interface for managing all aspects of Keystone
|
||||
|
||||
## Running Keystone
|
||||
|
||||
Starting both Admin and Service API endpoints:
|
||||
|
||||
$ ./bin/keystone
|
||||
|
||||
Starting the auth server only (exposes the Service API):
|
||||
|
||||
$ ./bin/keystone-auth
|
||||
|
||||
Starting the admin server only (exposes the Admin API):
|
||||
|
||||
$ ./bin/keystone-admin
|
||||
|
||||
By default, configuration parameters (such as the IP and port binding for each service) are parsed from `etc/keystone.conf`.
|
||||
|
||||
## Configuring Keystone
|
||||
|
||||
Keystone gets its configuration from command-line parameters or a `.conf` file. While command line parameters take precedence,
|
||||
Keystone looks in the following location to find a configuration file:
|
||||
|
||||
1. Command line parameter
|
||||
2. /etc/keystone.conf
|
||||
3. /etc/keystone/keystone.conf
|
||||
4. <topdir>/etc/keystone.conf
|
||||
|
||||
Additional configuration templates are maintained in `keystone/test/etc/` that may be useful as a reference.
|
||||
|
||||
### Editing and Building the API Developer Guide
|
||||
|
||||
Users of the Keystone API are often developers making ReSTful API calls to Keystone. The guide to provide them
|
||||
information is therefore called a `Developer Guide`. Developer in this case is not to be confused with contributors
|
||||
working on the Keystone codebase itself.
|
||||
|
||||
The developer guides are automatically generated from XML and other artifacts that live in the
|
||||
[OpenStack Manuals project](https://launchpad.net/openstack-manuals).
|
||||
|
||||
To build the Developer Guide from source, you need [Maven](http://maven.apache.org/). To build the docs and publish a new PDF:
|
||||
|
||||
$ cd to folder with the pom.xml file
|
||||
$ mvn clean generate-sources && cp target/docbkx/pdf/identitydevguide.pdf ../../keystone/content/identitydevguide.pdf
|
||||
|
||||
The output will go into the `target` folder (the source is in `src`). Output generated is PDF and webhelp.
|
||||
|
||||
# Additional Information:
|
||||
|
||||
## Sample data
|
||||
|
||||
A set of sample data can be loaded by running a shell script:
|
||||
|
||||
$ ./bin/sampledata
|
||||
|
||||
The script calls `keystone-manage` to import the sample data.
|
||||
|
||||
After starting keystone or running `keystone-manage` a `keystone.db` sqlite database should be created in the keystone folder,
|
||||
per the default configuration.
|
||||
|
||||
## Demo
|
||||
|
||||
To run client demo (with all auth middleware running locally on sample service):
|
||||
|
||||
$ ./examples/echo/bin/echod
|
||||
$ python examples/echo/echo_client.py
|
||||
|
||||
## CURL commands
|
||||
|
||||
<pre>
|
||||
# Get an unscoped token
|
||||
$ curl -d '{"auth": {"passwordCredentials": {"username": "joeuser", "password": "secrete"}}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens
|
||||
|
||||
# Get a token for a tenant
|
||||
$ curl -d '{"auth": {"passwordCredentials": {"username": "joeuser", "password": "secrete"}, "tenantName": "customer-x"}}' -H "Content-type: application/json" http://localhost:5000/v2.0/tokens
|
||||
|
||||
# Get an admin token
|
||||
$ curl -d '{"auth": {"passwordCredentials": {"username": "admin", "password": "secrete"}}}' -H "Content-type: application/json" http://localhost:35357/v2.0/tokens
|
||||
</pre>
|
||||
|
||||
## Load Testing
|
||||
|
||||
<pre>
|
||||
# Create post data
|
||||
$ echo '{"auth": {"passwordCredentials": {"username": "joeuser", "password": "secrete", "tenantName": "customer-x"}}}' > post_data
|
||||
|
||||
# Call Apache Bench
|
||||
$ ab -c 30 -n 1000 -T "application/json" -p post_data http://127.0.0.1:35357/v2.0/tokens
|
||||
</pre>
|
||||
|
||||
## NOVA Integration
|
||||
|
||||
Initial support for using keystone as nova's identity component has been started.
|
||||
|
||||
# clone projects
|
||||
bzr clone lp:nova
|
||||
git clone git://github.com/openstack/keystone.git
|
||||
|
||||
# install keystone on the host which runs nova
|
||||
run "python setup install" to install keystone.
|
||||
|
||||
# run nova-api based on the paste config in keystone
|
||||
nova/bin/nova-api --api_paste_config=keystone/examples/paste/nova-api-paste.ini
|
||||
|
||||
Assuming you added the test data using bin/sampledata, you can then use joeuser/secrete
|
||||
|
||||
## Swift Integration - Quick Start
|
||||
|
||||
1. Install Swift, either from trunk or version 1.4.1 (once it's released) or
|
||||
higher. Do the standard SAIO install with the included TempAuth to be sure
|
||||
you have a working system to start with. This step is beyond the scope of
|
||||
this quick start; see http://swift.openstack.org/development_saio.html for
|
||||
a Swift development set up guide. Once you have a working Swift install, go
|
||||
ahead and shut it down for now (the default Swift install uses the same
|
||||
ports Keystone wants):
|
||||
|
||||
$ swift-init all stop
|
||||
|
||||
2. Obtain and install a source copy of Keystone:
|
||||
|
||||
$ git clone https://github.com/openstack/keystone.git ~/keystone
|
||||
...
|
||||
$ cd ~/keystone && sudo python setup.py develop
|
||||
...
|
||||
|
||||
3. Start up the Keystone service:
|
||||
|
||||
$ cd ~/keystone/bin && ./keystone
|
||||
Starting the Legacy Authentication component
|
||||
Service API listening on 0.0.0.0:5000
|
||||
Admin API listening on 0.0.0.0:35357
|
||||
|
||||
4. In another window, edit the `~/keystone/keystone/test/sampledata.py` file,
|
||||
find the `swift.publicinternets.com` text and replace it with the URL to
|
||||
your Swift cluster using the following format (note that we're going to
|
||||
change Swift to run on port 8888 later):
|
||||
`http://127.0.0.1:8888/v1/AUTH_%tenant_id%`
|
||||
|
||||
5. Create the sample data entries:
|
||||
|
||||
$ cd ~/keystone/bin && ./sampledata
|
||||
...
|
||||
|
||||
6. Reconfigure Swift's proxy server to use Keystone instead of TempAuth.
|
||||
Here's an example `/etc/swift/proxy-server.conf`:
|
||||
|
||||
[DEFAULT]
|
||||
bind_port = 8888
|
||||
user = <user>
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = catch_errors cache keystone proxy-server
|
||||
|
||||
[app:proxy-server]
|
||||
use = egg:swift#proxy
|
||||
account_autocreate = true
|
||||
|
||||
[filter:keystone]
|
||||
use = egg:keystone#tokenauth
|
||||
auth_protocol = http
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 35357
|
||||
admin_token = 999888777666
|
||||
delay_auth_decision = 0
|
||||
service_protocol = http
|
||||
service_host = 127.0.0.1
|
||||
service_port = 8100
|
||||
service_pass = dTpw
|
||||
|
||||
[filter:cache]
|
||||
use = egg:swift#memcache
|
||||
set log_name = cache
|
||||
|
||||
[filter:catch_errors]
|
||||
use = egg:swift#catch_errors
|
||||
|
||||
7. Start Swift back up with the new configuration:
|
||||
|
||||
$ swift-init main start
|
||||
...
|
||||
|
||||
8. Use `swift` to check everything works (note: you currently have to create a
|
||||
container or upload something as your first action to have the account
|
||||
created; there's a Swift bug to be fixed soon):
|
||||
|
||||
$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete post container
|
||||
$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v
|
||||
StorageURL: http://127.0.0.1:8888/v1/AUTH_1234
|
||||
Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3
|
||||
Account: AUTH_1234
|
||||
Containers: 1
|
||||
Objects: 0
|
||||
Bytes: 0
|
||||
Accept-Ranges: bytes
|
||||
X-Trans-Id: tx25c1a6969d8f4372b63912f411de3c3b
|
||||
|
||||
**Note: Keystone currently allows any valid token to do anything with any
|
||||
account.**
|
||||
|
||||
But, it works as a demo!
|
||||
|
||||
## LDAP Setup on a Mac
|
||||
|
||||
Using macports:
|
||||
|
||||
sudo port install openldap
|
||||
|
||||
It appears the package `python-ldap` needs to be recompiled to work. So,
|
||||
download it from: http://pypi.python.org/pypi/python-ldap/2.4.1
|
||||
|
||||
After unpacking, edit `setup.cfg` as shown below:
|
||||
|
||||
library_dirs = /opt/local/lib
|
||||
include_dirs = /opt/local/include /usr/include/sasl
|
||||
|
||||
Then, run:
|
||||
|
||||
python setup.py build
|
||||
sudo python setup.py install
|
||||
|
||||
# Relevant Standards and Technologies
|
||||
|
||||
[Overlap of Identity Technologies](https://sites.google.com/site/oauthgoog/Overlap)
|
||||
|
||||
Keystone could potentially integrate with:
|
||||
|
||||
1. [WebID](http://www.w3.org/2005/Incubator/webid/spec/) (See also [FOAF+SSL](http://www.w3.org/wiki/Foaf+ssl))
|
||||
2. [OpenID](http://openid.net/) and/or [OpenIDConnect](http://openidconnect.com/)
|
||||
3. [OAUTH2](http://oauth.net/2/)
|
||||
4. [SAML](http://saml.xml.org/)
|
|
@ -0,0 +1,222 @@
|
|||
.. image:: http://term.ie/data/medium_ksl.png
|
||||
:alt: Keystone
|
||||
|
||||
.. toctree::
|
||||
:maxdepth 2
|
||||
|
||||
Keystone is an OpenStack project that provides Identity, Token, Catalog and
|
||||
Policy services for use specifically by projects in the OpenStack family.
|
||||
|
||||
Much of the design is precipitated from the expectation that the auth backends
|
||||
for most deployments will actually be shims in front of existing user systems.
|
||||
|
||||
|
||||
-----------
|
||||
Development
|
||||
-----------
|
||||
|
||||
Building the Documentation
|
||||
--------------------------
|
||||
|
||||
The documentation is all generated with Sphinx from within the docs directory.
|
||||
To generate the full set of HTML documentation:
|
||||
|
||||
cd docs
|
||||
make autodoc
|
||||
make html
|
||||
make man
|
||||
|
||||
the results are in the docs/build/html and docs/build/man directories
|
||||
respectively.
|
||||
|
||||
------------
|
||||
The Services
|
||||
------------
|
||||
|
||||
Keystone is organized as a group of services exposed on one or many endpoints.
|
||||
Many of these services are used in a combined fashion by the frontend, for
|
||||
example an authenticate call will validate user/tenant credentials with the
|
||||
Identity service and, upon success, create and return a token with the Token
|
||||
service.
|
||||
|
||||
|
||||
Identity
|
||||
--------
|
||||
|
||||
The Identity service provides auth credential validation and data about Users,
|
||||
Tenants and Roles, as well as any associated metadata.
|
||||
|
||||
In the basic case all this data is managed by the service, allowing the service
|
||||
to manage all the CRUD associated with the data.
|
||||
|
||||
In other cases, this data is pulled, by varying degrees, from an authoritative
|
||||
backend service. An example of this would be when backending on LDAP. See
|
||||
`LDAP Backend` below for more details.
|
||||
|
||||
|
||||
Token
|
||||
-----
|
||||
|
||||
The Token service validates and manages Tokens used for authenticating requests
|
||||
once a user/tenant's credentials have already been verified.
|
||||
|
||||
|
||||
Catalog
|
||||
-------
|
||||
|
||||
The Catalog service provides an endpoint registry used for endpoint discovery.
|
||||
|
||||
|
||||
Policy
|
||||
------
|
||||
|
||||
The Policy service provides a rule-based authorization engine and the
|
||||
associated rule management interface.
|
||||
|
||||
|
||||
|
||||
----------
|
||||
Data Model
|
||||
----------
|
||||
|
||||
Keystone was designed from the ground up to be amenable to multiple styles of
|
||||
backends and as such many of the methods and data types will happily accept
|
||||
more data than they know what to do with and pass them on to a backend.
|
||||
|
||||
There are a few main data types:
|
||||
|
||||
* **User**: has account credentials, is associated with one or more tenants
|
||||
* **Tenant**: unit of ownership in openstack, contains one or more users
|
||||
* **Role**: a first-class piece of metadata associated with many user-tenant pairs.
|
||||
* **Token**: identifying credential associated with a user or user and tenant
|
||||
* **Extras**: bucket of key-value metadata associated with a user-tenant pair.
|
||||
* **Rule**: describes a set of requirements for performing an action.
|
||||
|
||||
While the general data model allows a many-to-many relationship between Users
|
||||
and Tenants and a many-to-one relationship between Extras and User-Tenant pairs,
|
||||
the actual backend implementations take varying levels of advantage of that
|
||||
functionality.
|
||||
|
||||
|
||||
KVS Backend
|
||||
-----------
|
||||
|
||||
A simple backend interface meant to be further backended on anything that can
|
||||
support primary key lookups, the most trivial implementation being an in-memory
|
||||
dict.
|
||||
|
||||
Supports all features of the general data model.
|
||||
|
||||
|
||||
PAM Backend
|
||||
-----------
|
||||
|
||||
Extra simple backend that uses the current system's PAM service to authenticate,
|
||||
providing a one-to-one relationship between Users and Tenants with the `root`
|
||||
User also having the 'admin' role.
|
||||
|
||||
|
||||
Templated Backend
|
||||
-----------------
|
||||
|
||||
Largely designed for a common use case around service catalogs in the Keystone
|
||||
project, a Catalog backend that simply expands pre-configured templates to
|
||||
provide catalog data.
|
||||
|
||||
Example paste.deploy config (uses $ instead of % to avoid ConfigParser's
|
||||
interpolation)::
|
||||
|
||||
[DEFAULT]
|
||||
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.name = 'Identity Service'
|
||||
|
||||
|
||||
----------------
|
||||
Approach to CRUD
|
||||
----------------
|
||||
|
||||
While it is expected that any "real" deployment at a large company will manage
|
||||
their users, tenants and other metadata in their existing user systems, a
|
||||
variety of CRUD operations are provided for the sake of development and testing.
|
||||
|
||||
CRUD is treated as an extension or additional feature to the core feature set in
|
||||
that it is not required that a backend support it.
|
||||
|
||||
|
||||
----------------------------------
|
||||
Approach to Authorization (Policy)
|
||||
----------------------------------
|
||||
|
||||
Various components in the system require that different actions are allowed
|
||||
based on whether the user is authorized to perform that action.
|
||||
|
||||
For the purposes of Keystone there are only a couple levels of
|
||||
authorization being checked for:
|
||||
|
||||
* Require that the performing user is considered an admin.
|
||||
* Require that the performing user matches the user being referenced.
|
||||
|
||||
Other systems wishing to use the policy engine will require additional styles
|
||||
of checks and will possibly write completely custom backends. Backends included
|
||||
in Keystone are:
|
||||
|
||||
|
||||
Trivial True
|
||||
------------
|
||||
|
||||
Allows all actions.
|
||||
|
||||
|
||||
Simple Match
|
||||
------------
|
||||
|
||||
Given a list of matches to check for, simply verify that the credentials
|
||||
contain the matches. For example::
|
||||
|
||||
credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']}
|
||||
|
||||
# An admin only call:
|
||||
policy_api.can_haz(('is_admin:1',), credentials)
|
||||
|
||||
# An admin or owner call:
|
||||
policy_api.can_haz(('is_admin:1', 'user_id:foo'),
|
||||
credentials)
|
||||
|
||||
# A netadmin call:
|
||||
policy_api.can_haz(('roles:nova:netadmin',),
|
||||
credentials)
|
||||
|
||||
|
||||
Credentials are generally built from the user metadata in the 'extras' part
|
||||
of the Identity API. So, adding a 'role' to the user just means adding the role
|
||||
to the user metadata.
|
||||
|
||||
|
||||
Capability RBAC
|
||||
---------------
|
||||
|
||||
(Not yet implemented.)
|
||||
|
||||
Another approach to authorization can be action-based, with a mapping of roles
|
||||
to which capabilities are allowed for that role. For example::
|
||||
|
||||
credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']}
|
||||
|
||||
# add a policy
|
||||
policy_api.add_policy('action:nova:add_network', ('roles:nova:netadmin',))
|
||||
|
||||
policy_api.can_haz(('action:nova:add_network',), credentials)
|
||||
|
||||
|
||||
In the backend this would look up the policy for 'action:nova:add_network' and
|
||||
then do what is effectively a 'Simple Match' style match against the creds.
|
||||
|
||||
|
||||
-----------
|
||||
Still To Do
|
||||
-----------
|
||||
|
||||
* LDAP backend.
|
||||
* Diablo migration.
|
84
bin/keystone
|
@ -1,84 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
""" This is only a convenience script. It starts two endpoints of Keystone; the
|
||||
first one is a Service API server running on port 5000 (by default), and the
|
||||
second one is an Admin API server running on port 35357 (by default).
|
||||
|
||||
By default, keystone uses bind_host and bind_port to set its litening ports,
|
||||
but since this script runs two endpoints, it uses the following options:
|
||||
|
||||
Setting any of the Admin API values for bind host or port using the
|
||||
admin_* entries in the config file. Specoific to this script only is the
|
||||
-a/--admin-port option on the command-line (nothing else supports that).
|
||||
|
||||
Setting any of the Service API values for bind host or port using the
|
||||
service_* entries in the config file.
|
||||
|
||||
"""
|
||||
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
import keystone.tools.tracer # @UnusedImport # module runs on import
|
||||
from keystone.common import config
|
||||
from keystone.config import CONF
|
||||
import keystone.server
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
POSSIBLE_TOPDIR = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir, os.pardir))
|
||||
if os.path.exists(os.path.join(POSSIBLE_TOPDIR, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, POSSIBLE_TOPDIR)
|
||||
|
||||
|
||||
def get_options():
|
||||
# Initialize a parser for our configuration paramaters
|
||||
# since we have special handling for the -a|--admin-port argument
|
||||
parser = optparse.OptionParser()
|
||||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Handle a special argument to support starting two endpoints
|
||||
common_group.add_option(
|
||||
'-a', '--admin-port', dest="admin_port", metavar="PORT",
|
||||
help="specifies port for Admin API to listen on (default is 35357)")
|
||||
|
||||
# Parse CLI arguments and merge with config
|
||||
(options, args) = config.parse_options(parser)
|
||||
return options
|
||||
|
||||
|
||||
def main():
|
||||
# Get merged config and CLI options and admin-specific settings
|
||||
options = get_options()
|
||||
config_file = config.find_config_file(options, sys.argv[1:])
|
||||
CONF(config_files=[config_file])
|
||||
|
||||
# Start services
|
||||
try:
|
||||
# Load Service API Server
|
||||
service = keystone.server.Server(name="Service API",
|
||||
config_name='keystone-legacy-auth')
|
||||
service.start(wait=False)
|
||||
except RuntimeError, e:
|
||||
sys.exit("ERROR: %s" % e)
|
||||
|
||||
try:
|
||||
# Get admin-specific settings
|
||||
port = options.get('admin_port', None)
|
||||
host = options.get('bind_host', None)
|
||||
|
||||
# Load Admin API server
|
||||
admin = keystone.server.Server(name='Admin API', config_name='admin')
|
||||
admin.start(host=host, port=port, wait=True)
|
||||
except RuntimeError, e:
|
||||
sys.exit("ERROR: %s" % e)
|
||||
finally:
|
||||
service.stop()
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -1,69 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2010 United States Government as represented by the
|
||||
# Administrator of the National Aeronautics and Space Administration.
|
||||
# Copyright 2011 OpenStack LLC.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""
|
||||
Keystone Identity Server - Admin API
|
||||
"""
|
||||
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone.tools.tracer # @UnusedImport # module runs on import
|
||||
from keystone.common import config
|
||||
from keystone.config import CONF
|
||||
import keystone.server
|
||||
|
||||
|
||||
def get_options():
|
||||
# Initialize a parser for our configuration paramaters
|
||||
# since we have special handling for the -a|--admin-port argument
|
||||
parser = optparse.OptionParser()
|
||||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Parse CLI arguments and merge with config
|
||||
(options, args) = config.parse_options(parser)
|
||||
return options
|
||||
|
||||
|
||||
def main():
|
||||
# Get merged config and CLI options and admin-specific settings
|
||||
options = get_options()
|
||||
config_file = config.find_config_file(options, sys.argv[1:])
|
||||
CONF(config_files=[config_file])
|
||||
try:
|
||||
# Load Admin API server
|
||||
admin = keystone.server.Server(name='Admin API', config_name='admin')
|
||||
admin.start(wait=True)
|
||||
except RuntimeError, e:
|
||||
sys.exit("ERROR: %s" % e)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -0,0 +1,71 @@
|
|||
#!/usr/bin/env python
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
import greenlet
|
||||
import logging
|
||||
import os
|
||||
import sys
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir,
|
||||
'keystone-all',
|
||||
'__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
from paste import deploy
|
||||
|
||||
from keystone import config
|
||||
from keystone.common import wsgi
|
||||
|
||||
|
||||
CONF = config.CONF
|
||||
|
||||
|
||||
def create_server(conf, name, port):
|
||||
app = deploy.loadapp('config:%s' % conf, name=name)
|
||||
return wsgi.Server(app, port)
|
||||
|
||||
|
||||
def serve(*servers):
|
||||
for server in servers:
|
||||
logging.debug("starting server %s on port %s", server.application,
|
||||
server.port)
|
||||
server.start()
|
||||
|
||||
for server in servers:
|
||||
try:
|
||||
server.wait()
|
||||
except greenlet.GreenletExit:
|
||||
pass
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
dev_conf = os.path.join(possible_topdir,
|
||||
'etc',
|
||||
'keystone.conf')
|
||||
config_files = None
|
||||
if os.path.exists(dev_conf):
|
||||
config_files = [dev_conf]
|
||||
|
||||
CONF(config_files=config_files)
|
||||
|
||||
config.setup_logging(CONF)
|
||||
|
||||
# Log the options used when starting if we're in debug mode...
|
||||
if CONF.debug:
|
||||
CONF.log_opt_values(logging.getLogger(CONF.prog), logging.DEBUG)
|
||||
|
||||
options = deploy.appconfig('config:%s' % CONF.config_file[0])
|
||||
|
||||
servers = []
|
||||
servers.append(create_server(CONF.config_file[0],
|
||||
'admin',
|
||||
int(options['admin_port'])))
|
||||
servers.append(create_server(CONF.config_file[0],
|
||||
'main',
|
||||
int(options['public_port'])))
|
||||
serve(*servers)
|
|
@ -1,70 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright 2010 United States Government as represented by the
|
||||
# Administrator of the National Aeronautics and Space Administration.
|
||||
# Copyright 2011 OpenStack LLC.
|
||||
# All Rights Reserved.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
# not use this file except in compliance with the License. You may obtain
|
||||
# a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
# WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
# License for the specific language governing permissions and limitations
|
||||
# under the License.
|
||||
|
||||
"""
|
||||
Keystone Identity Server - Service API
|
||||
"""
|
||||
|
||||
import optparse
|
||||
import os
|
||||
import sys
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone.tools.tracer # @UnusedImport # module runs on import
|
||||
from keystone.common import config
|
||||
from keystone.config import CONF
|
||||
import keystone.server
|
||||
|
||||
|
||||
def get_options():
|
||||
# Initialize a parser for our configuration paramaters
|
||||
# since we have special handling for the -a|--admin-port argument
|
||||
parser = optparse.OptionParser()
|
||||
common_group = config.add_common_options(parser)
|
||||
config.add_log_options(parser)
|
||||
|
||||
# Parse CLI arguments and merge with config
|
||||
(options, args) = config.parse_options(parser)
|
||||
return options
|
||||
|
||||
|
||||
def main():
|
||||
# Get merged config and CLI options and admin-specific settings
|
||||
options = get_options()
|
||||
config_file = config.find_config_file(options, sys.argv[1:])
|
||||
CONF(config_files=[config_file])
|
||||
try:
|
||||
# Load Service API server
|
||||
server = keystone.server.Server(name='Service API',
|
||||
config_name='keystone-legacy-auth')
|
||||
server.start(wait=True)
|
||||
except RuntimeError, e:
|
||||
sys.exit("ERROR: %s" % e)
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
main()
|
|
@ -1,235 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright (c) 2011 OpenStack, LLC.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
"""
|
||||
Helper script for starting/stopping/reloading Keystone server programs.
|
||||
Copied from Glance. Thanks for some of the code, Swifties ;)
|
||||
"""
|
||||
|
||||
from __future__ import with_statement
|
||||
|
||||
import errno
|
||||
import gettext
|
||||
import os
|
||||
import optparse
|
||||
import resource
|
||||
import signal
|
||||
import sys
|
||||
import time
|
||||
|
||||
# If ../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
gettext.install('keystone', unicode=1)
|
||||
|
||||
import keystone.version
|
||||
from keystone.common import config
|
||||
|
||||
ALL_COMMANDS = ['start', 'stop', 'shutdown', 'restart',
|
||||
'reload', 'force-reload']
|
||||
ALL_SERVERS = ['keystone-auth', 'keystone-admin']
|
||||
GRACEFUL_SHUTDOWN_SERVERS = ['keystone-auth', 'keystone-admin']
|
||||
MAX_DESCRIPTORS = 32768
|
||||
MAX_MEMORY = (1024 * 1024 * 1024) * 2 # 2 GB
|
||||
USAGE = """%prog [options] <SERVER> <COMMAND> [CONFPATH]
|
||||
|
||||
Where <SERVER> is one of:
|
||||
|
||||
all, auth, admin
|
||||
|
||||
And command is one of:
|
||||
|
||||
start, stop, shutdown, restart, reload, force-reload
|
||||
|
||||
And CONFPATH is the optional configuration file to use."""
|
||||
|
||||
|
||||
def pid_files(server, options):
|
||||
pid_files = []
|
||||
if options['pid_file']:
|
||||
if os.path.exists(os.path.abspath(options['pid_file'])):
|
||||
pid_files = [os.path.abspath(options['pid_file'])]
|
||||
else:
|
||||
if os.path.exists('/var/run/keystone/%s.pid' % server):
|
||||
pid_files = ['/var/run/keystone/%s.pid' % server]
|
||||
for pid_file in pid_files:
|
||||
pid = int(open(pid_file).read().strip())
|
||||
yield pid_file, pid
|
||||
|
||||
|
||||
def do_start(server, options, args):
|
||||
server_type = '-'.join(server.split('-')[:-1])
|
||||
|
||||
for pid_file, pid in pid_files(server, options):
|
||||
if os.path.exists('/proc/%s' % pid):
|
||||
print "%s appears to already be running: %s" % (server, pid_file)
|
||||
return
|
||||
else:
|
||||
print "Removing stale pid file %s" % pid_file
|
||||
os.unlink(pid_file)
|
||||
|
||||
try:
|
||||
resource.setrlimit(resource.RLIMIT_NOFILE,
|
||||
(MAX_DESCRIPTORS, MAX_DESCRIPTORS))
|
||||
resource.setrlimit(resource.RLIMIT_DATA,
|
||||
(MAX_MEMORY, MAX_MEMORY))
|
||||
except ValueError:
|
||||
print "Unable to increase file descriptor limit. Running as non-root?"
|
||||
os.environ['PYTHON_EGG_CACHE'] = '/tmp'
|
||||
|
||||
def write_pid_file(pid_file, pid):
|
||||
dir, file = os.path.split(pid_file)
|
||||
if not os.path.exists(dir):
|
||||
try:
|
||||
os.makedirs(dir)
|
||||
except OSError, err:
|
||||
if err.errno == errno.EACCES:
|
||||
sys.exit('Unable to create %s. Running as non-root?'
|
||||
% dir)
|
||||
fp = open(pid_file, 'w')
|
||||
fp.write('%d\n' % pid)
|
||||
fp.close()
|
||||
|
||||
def launch(ini_file, pid_file):
|
||||
args = [server, ini_file]
|
||||
print 'Starting %s with %s' % (server, ini_file)
|
||||
|
||||
pid = os.fork()
|
||||
if pid == 0:
|
||||
os.setsid()
|
||||
with open(os.devnull, 'r+b') as nullfile:
|
||||
for desc in (0, 1, 2): # close stdio
|
||||
try:
|
||||
os.dup2(nullfile.fileno(), desc)
|
||||
except OSError:
|
||||
pass
|
||||
try:
|
||||
os.execlp('%s' % server, server, ini_file)
|
||||
except OSError, e:
|
||||
sys.exit('unable to launch %s. Got error: %s'
|
||||
% (server, "%s" % e))
|
||||
sys.exit(0)
|
||||
else:
|
||||
write_pid_file(pid_file, pid)
|
||||
|
||||
if not options['pid_file']:
|
||||
pid_file = '/var/run/keystone/%s.pid' % server
|
||||
else:
|
||||
pid_file = os.path.abspath(options['pid_file'])
|
||||
conf_file = config.find_config_file(options, args)
|
||||
if not conf_file:
|
||||
sys.exit("Could not find any configuration file to use!")
|
||||
launch_args = [(conf_file, pid_file)]
|
||||
|
||||
# start all servers
|
||||
for conf_file, pid_file in launch_args:
|
||||
launch(conf_file, pid_file)
|
||||
|
||||
|
||||
def do_stop(server, options, args, graceful=False):
|
||||
if graceful and server in GRACEFUL_SHUTDOWN_SERVERS:
|
||||
sig = signal.SIGHUP
|
||||
else:
|
||||
sig = signal.SIGTERM
|
||||
|
||||
did_anything = False
|
||||
pfiles = pid_files(server, options)
|
||||
for pid_file, pid in pfiles:
|
||||
did_anything = True
|
||||
try:
|
||||
print 'Stopping %s pid: %s signal: %s' % (server, pid, sig)
|
||||
os.kill(pid, sig)
|
||||
except OSError:
|
||||
print "Process %d not running" % pid
|
||||
try:
|
||||
os.unlink(pid_file)
|
||||
except OSError:
|
||||
pass
|
||||
for pid_file, pid in pfiles:
|
||||
for _junk in xrange(150): # 15 seconds
|
||||
if not os.path.exists('/proc/%s' % pid):
|
||||
break
|
||||
time.sleep(0.1)
|
||||
else:
|
||||
print 'Waited 15 seconds for pid %s (%s) to die; giving up' % \
|
||||
(pid, pid_file)
|
||||
if not did_anything:
|
||||
print 'No %s running' % server
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
oparser = optparse.OptionParser(usage=USAGE, version='%%prog %s'
|
||||
% keystone.version.version())
|
||||
oparser.add_option('--pid-file', default=None, metavar="PATH",
|
||||
help="File to use as pid file. Default: "
|
||||
"/var/run/keystone/$server.pid")
|
||||
config.add_common_options(oparser)
|
||||
(options, args) = config.parse_options(oparser)
|
||||
|
||||
if len(args) < 2:
|
||||
oparser.print_usage()
|
||||
sys.exit(1)
|
||||
|
||||
server = args.pop(0).lower()
|
||||
if server == 'all':
|
||||
servers = ALL_SERVERS
|
||||
else:
|
||||
if not server.startswith('keystone-'):
|
||||
server = 'keystone-%s' % server
|
||||
if server not in ALL_SERVERS:
|
||||
server_list = ", ".join([s.replace('keystone-', '')
|
||||
for s in ALL_SERVERS])
|
||||
msg = ("Unknown server '%(server)s' specified. Please specify "
|
||||
"all, or one of the servers: %(server_list)s" % locals())
|
||||
sys.exit(msg)
|
||||
servers = [server]
|
||||
|
||||
command = args.pop(0).lower()
|
||||
if command not in ALL_COMMANDS:
|
||||
command_list = ", ".join(ALL_COMMANDS)
|
||||
msg = ("Unknown command %(command)s specified. Please specify a "
|
||||
"command in this list: %(command_list)s" % locals())
|
||||
sys.exit(msg)
|
||||
|
||||
if command == 'start':
|
||||
for server in servers:
|
||||
do_start(server, options, args)
|
||||
|
||||
if command == 'stop':
|
||||
for server in servers:
|
||||
do_stop(server, options, args)
|
||||
|
||||
if command == 'shutdown':
|
||||
for server in servers:
|
||||
do_stop(server, options, args, graceful=True)
|
||||
|
||||
if command == 'restart':
|
||||
for server in servers:
|
||||
do_stop(server, options, args)
|
||||
for server in servers:
|
||||
do_start(server, options, args)
|
||||
|
||||
if command == 'reload' or command == 'force-reload':
|
||||
for server in servers:
|
||||
do_stop(server, options, args, graceful=True)
|
||||
do_start(server, options, args)
|
|
@ -1,42 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
# vim: tabstop=4 shiftwidth=4 softtabstop=4
|
||||
|
||||
# Copyright (C) 2011 OpenStack LLC.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
# This file is to read a export file from Nova that will import users,
|
||||
# tenants and EC2 credentials
|
||||
# The file should be in the keystone-manage format
|
||||
|
||||
import os
|
||||
import sys
|
||||
import shlex
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone.manage
|
||||
|
||||
with open(sys.argv[1], 'r') as line:
|
||||
try:
|
||||
keystone.manage.main(shlex.split(line))
|
||||
except Exception as exc:
|
||||
# Main prints all of the errors we need
|
||||
sys.exit(1)
|
|
@ -2,35 +2,27 @@
|
|||
|
||||
import os
|
||||
import sys
|
||||
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
if os.path.exists(os.path.join(possible_topdir,
|
||||
'keystone',
|
||||
'__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone.manage
|
||||
import keystone.manage2
|
||||
import keystone.tools.tracer # @UnusedImport # module runs on import
|
||||
|
||||
from keystone import cli
|
||||
|
||||
|
||||
if __name__ == '__main__':
|
||||
args = sys.argv[1:]
|
||||
while True:
|
||||
if len(args) > 1 and args[0] in keystone.manage.OBJECTS:
|
||||
# the args look like the old 'subject verb' (e.g. 'user add')
|
||||
# (this module is pending deprecation)
|
||||
keystone.manage.main()
|
||||
break
|
||||
elif len(args) > 2 and args[0] == '-c':
|
||||
# Remove -c <config file> and try again
|
||||
del args[0:2]
|
||||
elif len(args) > 1 and args[0] == '-d':
|
||||
# Remove -d and try again
|
||||
del args[0]
|
||||
else:
|
||||
# calls that don't start with a 'subject' go to the new impl
|
||||
# which uses a 'verb_subject' convention (e.g. 'add_user')
|
||||
keystone.manage2.main()
|
||||
break
|
||||
dev_conf = os.path.join(possible_topdir,
|
||||
'etc',
|
||||
'keystone.conf')
|
||||
config_files = None
|
||||
if os.path.exists(dev_conf):
|
||||
config_files = [dev_conf]
|
||||
|
||||
cli.main(argv=sys.argv, config_files=config_files)
|
||||
|
|
|
@ -1,16 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
|
||||
import os
|
||||
import sys
|
||||
# If ../../keystone/__init__.py exists, add ../ to Python search path, so that
|
||||
# it will override what happens to be installed in /usr/(local/)lib/python...
|
||||
possible_topdir = os.path.normpath(os.path.join(os.path.abspath(sys.argv[0]),
|
||||
os.pardir,
|
||||
os.pardir))
|
||||
if os.path.exists(os.path.join(possible_topdir, 'keystone', '__init__.py')):
|
||||
sys.path.insert(0, possible_topdir)
|
||||
|
||||
import keystone.test.sampledata
|
||||
|
||||
if __name__ == '__main__':
|
||||
keystone.test.sampledata.main()
|
96
doc/Makefile
|
@ -1,96 +0,0 @@
|
|||
# Makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line.
|
||||
SPHINXOPTS =
|
||||
SPHINXBUILD = sphinx-build
|
||||
SPHINXSOURCE = source
|
||||
PAPER =
|
||||
BUILDDIR = build
|
||||
|
||||
# Internal variables.
|
||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||
PAPEROPT_letter = -D latex_paper_size=letter
|
||||
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) $(SPHINXSOURCE)
|
||||
|
||||
.PHONY: help clean html dirhtml pickle json htmlhelp qthelp latex changes linkcheck doctest
|
||||
|
||||
.DEFAULT_GOAL = html
|
||||
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " html to make standalone HTML files"
|
||||
@echo " dirhtml to make HTML files named index.html in directories"
|
||||
@echo " pickle to make pickle files"
|
||||
@echo " json to make JSON files"
|
||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||
@echo " qthelp to make HTML files and a qthelp project"
|
||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||
@echo " linkcheck to check all external links for integrity"
|
||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||
|
||||
clean:
|
||||
-rm -rf $(BUILDDIR)/*
|
||||
if [ -f .autogenerated ] ; then \
|
||||
cat .autogenerated | xargs rm ; \
|
||||
rm .autogenerated ; \
|
||||
fi
|
||||
|
||||
html:
|
||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||
|
||||
dirhtml:
|
||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||
|
||||
pickle:
|
||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||
@echo
|
||||
@echo "Build finished; now you can process the pickle files."
|
||||
|
||||
json:
|
||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||
@echo
|
||||
@echo "Build finished; now you can process the JSON files."
|
||||
|
||||
htmlhelp:
|
||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||
|
||||
qthelp:
|
||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/nova.qhcp"
|
||||
@echo "To view the help file:"
|
||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/nova.qhc"
|
||||
|
||||
latex:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo
|
||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||
@echo "Run \`make all-pdf' or \`make all-ps' in that directory to" \
|
||||
"run these through (pdf)latex."
|
||||
|
||||
changes:
|
||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||
@echo
|
||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||
|
||||
linkcheck:
|
||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||
@echo
|
||||
@echo "Link check complete; look for any errors in the above output " \
|
||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||
|
||||
doctest:
|
||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||
@echo "Testing of doctests in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/doctest/output.txt."
|
|
@ -1,38 +0,0 @@
|
|||
==================================
|
||||
Building Contributor Documentation
|
||||
==================================
|
||||
|
||||
This documentation is written by contributors, for contributors.
|
||||
|
||||
The source is maintained in the `doc/source` folder using
|
||||
`reStructuredText`_ and built by `Sphinx`_ (a dependency from `tools/pip-requires`).
|
||||
|
||||
.. _reStructuredText: http://docutils.sourceforge.net/rst.html
|
||||
.. _Sphinx: http://sphinx.pocoo.org/
|
||||
|
||||
Building automatically
|
||||
======================
|
||||
|
||||
From the project root, just type::
|
||||
|
||||
$ python setup.py build_sphinx
|
||||
|
||||
Building manually
|
||||
=================
|
||||
|
||||
#. Generate the code.rst file so that Sphinx will pull in our docstrings::
|
||||
|
||||
$ python doc/generate_autodoc_index.py
|
||||
|
||||
#. Use `sphinx-build` to produce the docs in HTML::
|
||||
|
||||
$ sphinx-build -b html doc/source/ build/sphinx/html/
|
||||
|
||||
#. Similarly, build the man pages (optional)::
|
||||
|
||||
$ sphinx-build -b man doc/source/ build/sphinx/man/
|
||||
|
||||
After building
|
||||
==============
|
||||
|
||||
Navigate to the `build/sphinx/html` directory to browse generated the HTML docs.
|
Before Width: | Height: | Size: 160 KiB |
|
@ -1,87 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<diagram>
|
||||
<source><![CDATA[client:Library
|
||||
/queue:FIFO
|
||||
keystone:Service
|
||||
compute:Service
|
||||
policy:Service
|
||||
|
||||
[c:default_auth_token]
|
||||
client:unscoped_token, serviceCatalog=keystone.auth<user, creds>
|
||||
[/c]
|
||||
|
||||
[c:get_tenants]
|
||||
client:tenants=keystone.get_tenants<unscoped_token>
|
||||
[/c]
|
||||
|
||||
[c:tenant_auth_token]
|
||||
client:token, serviceCatalog=keystone.auth<user, creds, tenant>
|
||||
[/c]
|
||||
|
||||
[c:do_something_in_compute]
|
||||
client:endpoint=serviceCatalog['compute']
|
||||
client:success=compute.do_something<token, instance_id>
|
||||
|
||||
compute:tenant = parse(url)
|
||||
[c:auth_middleware]
|
||||
compute:user, roles=keystone.validate<token, [tenant]>
|
||||
[/c]
|
||||
compute:instance=instance_get(instance_id)
|
||||
[c:policy_middleware]
|
||||
compute:action='do_something'
|
||||
compute:target=instance
|
||||
compute:success=policy.check_acl<user, target, action, roles>
|
||||
[/c]
|
||||
compute:execute something logic
|
||||
[/c]]]></source>
|
||||
<configuration>
|
||||
<property name="actorWidth" value="25"/>
|
||||
<property name="allowMessageProperties" value="false"/>
|
||||
<property name="arrowSize" value="6"/>
|
||||
<property name="colorizeThreads" value="true"/>
|
||||
<property name="destructorWidth" value="30"/>
|
||||
<property family="Dialog" name="font" size="12" style="0"/>
|
||||
<property name="fragmentMargin" value="8"/>
|
||||
<property name="fragmentPadding" value="10"/>
|
||||
<property name="fragmentTextPadding" value="3"/>
|
||||
<property name="glue" value="10"/>
|
||||
<property name="headHeight" value="35"/>
|
||||
<property name="headLabelPadding" value="5"/>
|
||||
<property name="headWidth" value="100"/>
|
||||
<property name="initialSpace" value="10"/>
|
||||
<property name="leftMargin" value="5"/>
|
||||
<property name="lineWrap" value="false"/>
|
||||
<property name="lowerMargin" value="5"/>
|
||||
<property name="mainLifelineWidth" value="8"/>
|
||||
<property name="messageLabelSpace" value="3"/>
|
||||
<property name="messagePadding" value="6"/>
|
||||
<property name="noteMargin" value="6"/>
|
||||
<property name="notePadding" value="6"/>
|
||||
<property name="opaqueMessageText" value="false"/>
|
||||
<property name="returnArrowVisible" value="true"/>
|
||||
<property name="rightMargin" value="5"/>
|
||||
<property name="selfMessageHorizontalSpace" value="15"/>
|
||||
<property name="separatorBottomMargin" value="8"/>
|
||||
<property name="separatorTopMargin" value="15"/>
|
||||
<property name="shouldShadowParticipants" value="true"/>
|
||||
<property name="spaceBeforeActivation" value="2"/>
|
||||
<property name="spaceBeforeAnswerToSelf" value="10"/>
|
||||
<property name="spaceBeforeConstruction" value="6"/>
|
||||
<property name="spaceBeforeSelfMessage" value="7"/>
|
||||
<property name="subLifelineWidth" value="6"/>
|
||||
<property name="tc0" value="-1118482"/>
|
||||
<property name="tc1" value="-256"/>
|
||||
<property name="tc2" value="-65536"/>
|
||||
<property name="tc3" value="-16776961"/>
|
||||
<property name="tc4" value="-16711936"/>
|
||||
<property name="tc5" value="-4144960"/>
|
||||
<property name="tc6" value="-65281"/>
|
||||
<property name="tc7" value="-14336"/>
|
||||
<property name="tc8" value="-20561"/>
|
||||
<property name="tc9" value="-12566464"/>
|
||||
<property name="threadNumbersVisible" value="false"/>
|
||||
<property name="threaded" value="true"/>
|
||||
<property name="upperMargin" value="5"/>
|
||||
<property name="verticallySplit" value="true"/>
|
||||
</configuration>
|
||||
</diagram>
|
Before Width: | Height: | Size: 45 KiB |
|
@ -1,83 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<diagram>
|
||||
<source><![CDATA[client:User
|
||||
/queue:FIFO
|
||||
keystone:Service
|
||||
nova:Service
|
||||
|
||||
[c:default_auth_token]
|
||||
client:unscoped_token, globalServiceCatalog=keystone.auth<user, password>
|
||||
[/c]
|
||||
|
||||
[c:get_tenants]
|
||||
client:tenants=keystone.get_tenants<unscoped_token>
|
||||
[/c]
|
||||
|
||||
[c:tenant_auth_token]
|
||||
client:token, serviceCatalog=keystone.auth<unscoped_token, tenant>
|
||||
[/c]
|
||||
|
||||
client:endpoint = serviceCatalog['compute']
|
||||
|
||||
[c:create_instance]
|
||||
client:success=nova.createInstance<token, tenant_id>
|
||||
|
||||
nova:tenant = parse(url)
|
||||
[c:auth_middleware]
|
||||
nova:user, roles=keystone.validate<token, [tenant]>
|
||||
[/c]
|
||||
nova:authorize=can_haz(context, user, 'create_instance', tenant_id)
|
||||
nova:execute create_instance
|
||||
[/c]
|
||||
client:200 OK]]></source>
|
||||
<configuration>
|
||||
<property name="actorWidth" value="25"/>
|
||||
<property name="allowMessageProperties" value="false"/>
|
||||
<property name="arrowSize" value="6"/>
|
||||
<property name="colorizeThreads" value="true"/>
|
||||
<property name="destructorWidth" value="30"/>
|
||||
<property family="Dialog" name="font" size="12" style="0"/>
|
||||
<property name="fragmentMargin" value="8"/>
|
||||
<property name="fragmentPadding" value="10"/>
|
||||
<property name="fragmentTextPadding" value="3"/>
|
||||
<property name="glue" value="10"/>
|
||||
<property name="headHeight" value="35"/>
|
||||
<property name="headLabelPadding" value="5"/>
|
||||
<property name="headWidth" value="100"/>
|
||||
<property name="initialSpace" value="10"/>
|
||||
<property name="leftMargin" value="5"/>
|
||||
<property name="lineWrap" value="false"/>
|
||||
<property name="lowerMargin" value="5"/>
|
||||
<property name="mainLifelineWidth" value="8"/>
|
||||
<property name="messageLabelSpace" value="3"/>
|
||||
<property name="messagePadding" value="6"/>
|
||||
<property name="noteMargin" value="6"/>
|
||||
<property name="notePadding" value="6"/>
|
||||
<property name="opaqueMessageText" value="false"/>
|
||||
<property name="returnArrowVisible" value="true"/>
|
||||
<property name="rightMargin" value="5"/>
|
||||
<property name="selfMessageHorizontalSpace" value="15"/>
|
||||
<property name="separatorBottomMargin" value="8"/>
|
||||
<property name="separatorTopMargin" value="15"/>
|
||||
<property name="shouldShadowParticipants" value="true"/>
|
||||
<property name="spaceBeforeActivation" value="2"/>
|
||||
<property name="spaceBeforeAnswerToSelf" value="10"/>
|
||||
<property name="spaceBeforeConstruction" value="6"/>
|
||||
<property name="spaceBeforeSelfMessage" value="7"/>
|
||||
<property name="subLifelineWidth" value="6"/>
|
||||
<property name="tc0" value="-1118482"/>
|
||||
<property name="tc1" value="-256"/>
|
||||
<property name="tc2" value="-65536"/>
|
||||
<property name="tc3" value="-16776961"/>
|
||||
<property name="tc4" value="-16711936"/>
|
||||
<property name="tc5" value="-4144960"/>
|
||||
<property name="tc6" value="-65281"/>
|
||||
<property name="tc7" value="-14336"/>
|
||||
<property name="tc8" value="-20561"/>
|
||||
<property name="tc9" value="-12566464"/>
|
||||
<property name="threadNumbersVisible" value="false"/>
|
||||
<property name="threaded" value="true"/>
|
||||
<property name="upperMargin" value="5"/>
|
||||
<property name="verticallySplit" value="true"/>
|
||||
</configuration>
|
||||
</diagram>
|
Before Width: | Height: | Size: 31 KiB |
|
@ -1,76 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<diagram>
|
||||
<source><![CDATA[client:User
|
||||
/queue:FIFO
|
||||
keystone:Service
|
||||
nova:Service
|
||||
|
||||
|
||||
[c:authenticate]
|
||||
client:token, serviceCatalog=keystone.auth<user, password, tenant>
|
||||
[/c]
|
||||
|
||||
|
||||
client:endpoint=serviceCatalog['compute']
|
||||
|
||||
[c:create_instance]
|
||||
client:success=nova.createInstance<token, tenant_id>
|
||||
nova:tenant = parse(url)
|
||||
[c:auth_middleware]
|
||||
nova:user, roles=keystone.validate<token, [tenant]>
|
||||
[/c]
|
||||
nova:authorize = can_haz(context, user, 'create_instance', tenant_id)
|
||||
nova:execute create_instance
|
||||
[/c]
|
||||
client:200 OK]]></source>
|
||||
<configuration>
|
||||
<property name="actorWidth" value="25"/>
|
||||
<property name="allowMessageProperties" value="false"/>
|
||||
<property name="arrowSize" value="6"/>
|
||||
<property name="colorizeThreads" value="true"/>
|
||||
<property name="destructorWidth" value="30"/>
|
||||
<property family="Dialog" name="font" size="12" style="0"/>
|
||||
<property name="fragmentMargin" value="8"/>
|
||||
<property name="fragmentPadding" value="10"/>
|
||||
<property name="fragmentTextPadding" value="3"/>
|
||||
<property name="glue" value="10"/>
|
||||
<property name="headHeight" value="35"/>
|
||||
<property name="headLabelPadding" value="5"/>
|
||||
<property name="headWidth" value="100"/>
|
||||
<property name="initialSpace" value="10"/>
|
||||
<property name="leftMargin" value="5"/>
|
||||
<property name="lineWrap" value="false"/>
|
||||
<property name="lowerMargin" value="5"/>
|
||||
<property name="mainLifelineWidth" value="8"/>
|
||||
<property name="messageLabelSpace" value="3"/>
|
||||
<property name="messagePadding" value="6"/>
|
||||
<property name="noteMargin" value="6"/>
|
||||
<property name="notePadding" value="6"/>
|
||||
<property name="opaqueMessageText" value="false"/>
|
||||
<property name="returnArrowVisible" value="true"/>
|
||||
<property name="rightMargin" value="5"/>
|
||||
<property name="selfMessageHorizontalSpace" value="15"/>
|
||||
<property name="separatorBottomMargin" value="8"/>
|
||||
<property name="separatorTopMargin" value="15"/>
|
||||
<property name="shouldShadowParticipants" value="true"/>
|
||||
<property name="spaceBeforeActivation" value="2"/>
|
||||
<property name="spaceBeforeAnswerToSelf" value="10"/>
|
||||
<property name="spaceBeforeConstruction" value="6"/>
|
||||
<property name="spaceBeforeSelfMessage" value="7"/>
|
||||
<property name="subLifelineWidth" value="6"/>
|
||||
<property name="tc0" value="-1118482"/>
|
||||
<property name="tc1" value="-256"/>
|
||||
<property name="tc2" value="-65536"/>
|
||||
<property name="tc3" value="-16776961"/>
|
||||
<property name="tc4" value="-16711936"/>
|
||||
<property name="tc5" value="-4144960"/>
|
||||
<property name="tc6" value="-65281"/>
|
||||
<property name="tc7" value="-14336"/>
|
||||
<property name="tc8" value="-20561"/>
|
||||
<property name="tc9" value="-12566464"/>
|
||||
<property name="threadNumbersVisible" value="false"/>
|
||||
<property name="threaded" value="true"/>
|
||||
<property name="upperMargin" value="5"/>
|
||||
<property name="verticallySplit" value="true"/>
|
||||
</configuration>
|
||||
</diagram>
|
Before Width: | Height: | Size: 42 KiB |
|
@ -1,80 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<diagram>
|
||||
<source><![CDATA[client:User
|
||||
/queue:FIFO
|
||||
keystone:Service
|
||||
nova:Service
|
||||
|
||||
[c:unauthenticated_call]
|
||||
client:\[standard http response requesting authentication\]=nova.createInstance<tenant_id>
|
||||
client:401 Unauthorized
|
||||
client:WWW-Authenticate\: Keystone uri="url_to_keystone"
|
||||
[/c]
|
||||
|
||||
[c:authenticate]
|
||||
client:token, serviceCatalog=keystone.auth<user, creds, tenant>
|
||||
[/c]
|
||||
|
||||
|
||||
[c:retry_create_instance]
|
||||
client:success=nova.createInstance<token, tenant_id>
|
||||
|
||||
nova:tenant = parse(url)
|
||||
[c:auth_middleware]
|
||||
nova:user, roles=keystone.validate<token, [tenant]>
|
||||
[/c]
|
||||
nova:authorize=can_haz(context, user, 'create_instance', tenant_id)
|
||||
nova:execute create_instance
|
||||
[/c]
|
||||
client:200 OK]]></source>
|
||||
<configuration>
|
||||
<property name="actorWidth" value="25"/>
|
||||
<property name="allowMessageProperties" value="false"/>
|
||||
<property name="arrowSize" value="6"/>
|
||||
<property name="colorizeThreads" value="true"/>
|
||||
<property name="destructorWidth" value="30"/>
|
||||
<property family="Dialog" name="font" size="12" style="0"/>
|
||||
<property name="fragmentMargin" value="8"/>
|
||||
<property name="fragmentPadding" value="10"/>
|
||||
<property name="fragmentTextPadding" value="3"/>
|
||||
<property name="glue" value="10"/>
|
||||
<property name="headHeight" value="35"/>
|
||||
<property name="headLabelPadding" value="5"/>
|
||||
<property name="headWidth" value="100"/>
|
||||
<property name="initialSpace" value="10"/>
|
||||
<property name="leftMargin" value="5"/>
|
||||
<property name="lineWrap" value="false"/>
|
||||
<property name="lowerMargin" value="5"/>
|
||||
<property name="mainLifelineWidth" value="8"/>
|
||||
<property name="messageLabelSpace" value="3"/>
|
||||
<property name="messagePadding" value="6"/>
|
||||
<property name="noteMargin" value="6"/>
|
||||
<property name="notePadding" value="6"/>
|
||||
<property name="opaqueMessageText" value="false"/>
|
||||
<property name="returnArrowVisible" value="true"/>
|
||||
<property name="rightMargin" value="5"/>
|
||||
<property name="selfMessageHorizontalSpace" value="15"/>
|
||||
<property name="separatorBottomMargin" value="8"/>
|
||||
<property name="separatorTopMargin" value="15"/>
|
||||
<property name="shouldShadowParticipants" value="true"/>
|
||||
<property name="spaceBeforeActivation" value="2"/>
|
||||
<property name="spaceBeforeAnswerToSelf" value="10"/>
|
||||
<property name="spaceBeforeConstruction" value="6"/>
|
||||
<property name="spaceBeforeSelfMessage" value="7"/>
|
||||
<property name="subLifelineWidth" value="6"/>
|
||||
<property name="tc0" value="-1118482"/>
|
||||
<property name="tc1" value="-256"/>
|
||||
<property name="tc2" value="-65536"/>
|
||||
<property name="tc3" value="-16776961"/>
|
||||
<property name="tc4" value="-16711936"/>
|
||||
<property name="tc5" value="-4144960"/>
|
||||
<property name="tc6" value="-65281"/>
|
||||
<property name="tc7" value="-14336"/>
|
||||
<property name="tc8" value="-20561"/>
|
||||
<property name="tc9" value="-12566464"/>
|
||||
<property name="threadNumbersVisible" value="false"/>
|
||||
<property name="threaded" value="true"/>
|
||||
<property name="upperMargin" value="5"/>
|
||||
<property name="verticallySplit" value="true"/>
|
||||
</configuration>
|
||||
</diagram>
|
|
@ -1,76 +0,0 @@
|
|||
#!/usr/bin/env python
|
||||
"""Generates files for sphinx documentation using a simple Autodoc based
|
||||
template.
|
||||
|
||||
To use, just run as a script:
|
||||
$ python doc/generate_autodoc_index.py
|
||||
"""
|
||||
|
||||
import os
|
||||
|
||||
|
||||
base_dir = os.path.dirname(os.path.abspath(__file__))
|
||||
RSTDIR=os.path.join(base_dir, "source", "sourcecode")
|
||||
SOURCEDIR=os.path.join(base_dir, "..")
|
||||
|
||||
# Exclude these modules from the autodoc results
|
||||
EXCLUDE_MODULES = ['keystone.backends.sqlalchemy.migrate_repo']
|
||||
|
||||
def in_exclude_list(module_name):
|
||||
"""Compares a module to the list of excluded modules
|
||||
|
||||
Returns true if the provided module resides in or matches
|
||||
an excluded module, false otherwise.
|
||||
"""
|
||||
for excluded_module in EXCLUDE_MODULES:
|
||||
if module_name.startswith(excluded_module):
|
||||
return True
|
||||
return False
|
||||
|
||||
def find_autodoc_modules(module_name, sourcedir):
|
||||
"""returns a list of modules in the SOURCE directory"""
|
||||
modlist = []
|
||||
os.chdir(os.path.join(sourcedir, module_name))
|
||||
for root, dirs, files in os.walk("."):
|
||||
for filename in files:
|
||||
if filename.endswith(".py"):
|
||||
# root = ./keystone/test/unit
|
||||
# filename = base.py
|
||||
elements = root.split(os.path.sep)
|
||||
# replace the leading "." with the module name
|
||||
elements[0] = module_name
|
||||
# and get the base module name
|
||||
base, extension = os.path.splitext(filename)
|
||||
if not (base == "__init__"):
|
||||
elements.append(base)
|
||||
result = (".".join(elements))
|
||||
if not in_exclude_list(result):
|
||||
modlist.append(result)
|
||||
return modlist
|
||||
|
||||
if not(os.path.exists(RSTDIR)):
|
||||
os.mkdir(RSTDIR)
|
||||
|
||||
INDEXOUT = open("%s/autoindex.rst" % RSTDIR, "w")
|
||||
INDEXOUT.write("Source Code Index\n")
|
||||
INDEXOUT.write("=================\n")
|
||||
INDEXOUT.write(".. toctree::\n")
|
||||
INDEXOUT.write(" :maxdepth: 1\n")
|
||||
INDEXOUT.write("\n")
|
||||
|
||||
for module in find_autodoc_modules('keystone', SOURCEDIR):
|
||||
generated_file = "%s/%s.rst" % (RSTDIR, module)
|
||||
|
||||
INDEXOUT.write(" %s\n" % module)
|
||||
FILEOUT = open(generated_file, "w")
|
||||
FILEOUT.write("The :mod:`%s` Module\n" % module)
|
||||
FILEOUT.write("=============================="
|
||||
"=============================="
|
||||
"==============================\n")
|
||||
FILEOUT.write(".. automodule:: %s\n" % module)
|
||||
FILEOUT.write(" :members:\n")
|
||||
FILEOUT.write(" :undoc-members:\n")
|
||||
FILEOUT.write(" :show-inheritance:\n")
|
||||
FILEOUT.close()
|
||||
|
||||
INDEXOUT.close()
|
|
@ -1,97 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
Keystone Architecture
|
||||
=====================
|
||||
|
||||
Keystone has two major components: Authentication and a Service Catalog.
|
||||
|
||||
Authentication
|
||||
--------------
|
||||
|
||||
In providing a token-based authentication service for OpenStack, keystone
|
||||
has several major concepts:
|
||||
|
||||
Tenant
|
||||
A grouping used in OpenStack to contain relevant OpenStack services. A
|
||||
tenant maps to a Nova "project-id", and in object storage, a tenant can
|
||||
have multiple containers. Depending on the installation, a tenant can
|
||||
represent a customer, account, organization, or project.
|
||||
|
||||
User
|
||||
Represents an individual within OpenStack for the purposes of
|
||||
authenticating them to OpenStack services. Users have credentials, and may
|
||||
be assigned to one or more tenants. When authenticated, a token is
|
||||
provided that is specific to a single tenant.
|
||||
|
||||
Credentials
|
||||
Password or other information that uniquely identifies a User to Keystone
|
||||
for the purposes of providing a token.
|
||||
|
||||
Token
|
||||
A token is an arbitrary bit of text that is used to share authentication
|
||||
with other OpenStack services so that Keystone can provide a central
|
||||
location for authenticating users for access to OpenStack services. A
|
||||
token may be "scoped" or "unscoped". A scoped token represents a user
|
||||
authenticated to a Tenant, where an unscoped token represents just the
|
||||
user.
|
||||
|
||||
Tokens are valid for a limited amount of time and may be revoked at any
|
||||
time.
|
||||
|
||||
Role
|
||||
A role is a set of permissions to access and use specific operations for
|
||||
a given user when applied to a tenant. Roles are logical groupings of
|
||||
those permissions to enable common permissions to be easily grouped and
|
||||
bound to users associated with a given tenant.
|
||||
|
||||
Service Catalog
|
||||
---------------
|
||||
|
||||
Keystone also provides a list of REST API endpoints as a definitive list for
|
||||
an OpenStack installation. Key concepts include:
|
||||
|
||||
Service
|
||||
An OpenStack service such as nova, swift, glance, or keystone. A service
|
||||
may have one of more endpoints through which users can interact with
|
||||
OpenStack services and resources.
|
||||
|
||||
Endpoint
|
||||
A network accessible address (typically a URL) that represents the API
|
||||
interface to an OpenStack service. Endpoints may also be grouped into
|
||||
templates which represent a group of consumable OpenStack services
|
||||
available across regions.
|
||||
|
||||
Template
|
||||
A collection of endpoints representing a set of consumable OpenStack
|
||||
service endpoints.
|
||||
|
||||
Components of Keystone
|
||||
----------------------
|
||||
|
||||
Keystone includes a command-line interface which interacts with the Keystone
|
||||
API for administrating keystone and related services.
|
||||
|
||||
* keystone - runs both keystone-admin and keystone-service
|
||||
* keystone-admin - the administrative API for manipulating keystone
|
||||
* keystone-service - the user oriented API for authentication
|
||||
* keystone-manage - the command line interface to manipulate keystone
|
||||
|
||||
Keystone also includes WSGI middelware to provide authentication support
|
||||
for Nova and Swift.
|
||||
|
||||
Keystone uses a built-in SQLite datastore - and may use an external LDAP
|
||||
service to authenticate users instead of using stored credentials.
|
|
@ -1,100 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
====================
|
||||
Configuring Keystone
|
||||
====================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
keystone.conf
|
||||
man/keystone-manage
|
||||
|
||||
Once Keystone is installed, there are a number of configuration options
|
||||
available and potentially some initial data to create and set up.
|
||||
|
||||
Sample data / Quick Setup
|
||||
=========================
|
||||
|
||||
Default sampledata is provided for easy setup and testing in bin/sampeldata. To
|
||||
set up the sample data run the following command while Keystone is running::
|
||||
|
||||
$ ./bin/sampledata
|
||||
|
||||
The sample data created comes from the file :doc:`sourcecode/keystone.test.sampledata`
|
||||
|
||||
|
||||
Keystone Configuration File
|
||||
===========================
|
||||
|
||||
Most configuration is done via configuration files. The default files are
|
||||
in ``/etc/keystone.conf``
|
||||
|
||||
When starting up a Keystone server, you can specify the configuration file to
|
||||
use (see :doc:`controllingservers`).
|
||||
If you do **not** specify a configuration file, keystone will look in the following
|
||||
directories for a configuration file, in order:
|
||||
|
||||
* ``~/.keystone``
|
||||
* ``~/``
|
||||
* ``/etc/keystone``
|
||||
* ``/etc``
|
||||
|
||||
The keystone configuration file should be named ``keystone.conf``.
|
||||
If you installed keystone via your operating system's
|
||||
package management system, it is likely that you will have sample
|
||||
configuration files installed in ``/etc/keystone``.
|
||||
|
||||
In addition to this documentation page, you can check the
|
||||
``etc/keystone.conf`` sample configuration
|
||||
files distributed with keystone for example configuration files for each server
|
||||
application with detailed comments on what each options does.
|
||||
|
||||
Sample Configuration Files
|
||||
--------------------------
|
||||
|
||||
Keystone ships with sample configuration files in keystone/etc. These files are:
|
||||
|
||||
1. keystone.conf
|
||||
|
||||
A standard configuration file for running keystone in stand-alone mode.
|
||||
It has a set of default extensions loaded to support administering Keystone
|
||||
over REST. It uses a local SQLite database.
|
||||
|
||||
2. memcache.conf
|
||||
|
||||
A configuration that uses memcached for storing tokens (but still SQLite for all
|
||||
other entities). This requires memcached running.
|
||||
|
||||
3. ssl.conf
|
||||
|
||||
A configuration that runs Keystone with SSL (so all URLs are accessed over HTTPS).
|
||||
|
||||
To run any of these configurations, use the `-c` option::
|
||||
|
||||
./keystone -c ../etc/ssl.conf
|
||||
|
||||
|
||||
|
||||
Usefule Links
|
||||
-------------
|
||||
|
||||
For a sample configuration file with explanations of the settings, see :doc:`keystone.conf`
|
||||
|
||||
For configuring an LDAP backend, see http://mirantis.blogspot.com/2011/08/ldap-identity-store-for-openstack.html
|
||||
|
||||
For configuration settings of middleware components, see :doc:`middleware`
|
|
@ -1,333 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
==========================================
|
||||
Configuring Services to work with Keystone
|
||||
==========================================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
Once Keystone is installed and running, services need to be configured to work
|
||||
with it. These are the steps to configure a service to work with Keystone:
|
||||
|
||||
1. Create or get credentials for the service to use
|
||||
|
||||
A set of credentials are needed for each service (they may be
|
||||
shared if you chose to). Depending on the service, these credentials are
|
||||
either a username and password or a long-lived token..
|
||||
|
||||
2. Register the service, endpoints, roles and other entities
|
||||
|
||||
In order for a service to have it's endpoints and roles show in the service
|
||||
catalog returned by Keystone, a service record needs to be added for the
|
||||
service. Endpoints and roles associated with that service can then be created.
|
||||
|
||||
This can be done through the REST interface (using the OS-KSCATALOG extension)
|
||||
or using keystone-manage.
|
||||
|
||||
3. Install and configure middleware for the service to handle authentication
|
||||
|
||||
Clients making calls to the service will pass in an authentication token. The
|
||||
Keystone middleware will look for and validate that token, taking the
|
||||
appropriate action. It will also retrive additional information from the token
|
||||
such as user name, id, tenant name, id, roles, etc...
|
||||
|
||||
The middleware will pass those data down to the service as headers. The
|
||||
detailed description of this architecture is available here :doc:`middleware_architecture`
|
||||
|
||||
Setting up credentials
|
||||
======================
|
||||
|
||||
First admin user - bootstrapping
|
||||
--------------------------------
|
||||
|
||||
For a default installation of Keystone, before you can use the REST API, you
|
||||
need to create your first initial user and grant that user the right to
|
||||
administer Keystone.
|
||||
|
||||
For the keystone service itself, two
|
||||
Roles are pre-defined in the keystone configuration file
|
||||
(:doc:`keystone.conf`).
|
||||
|
||||
#Role that allows admin operations (access to all operations)
|
||||
keystone-admin-role = Admin
|
||||
|
||||
#Role that allows acting as service (validate tokens, register service,
|
||||
etc...)
|
||||
keystone-service-admin-role = KeystoneServiceAdmin
|
||||
|
||||
In order to create your first user, once Keystone is running use
|
||||
the `keystone-manage` command:
|
||||
|
||||
$ keystone-manage user add admin secrete
|
||||
$ keystone-manage role add Admin
|
||||
$ keystone-manage role add KeystoneServiceAdmin
|
||||
$ keystone-manage role grant Admin admin
|
||||
$ keystone-manage role grant KeystoneServiceAdmin admin
|
||||
|
||||
This creates the `admin` user (with a password of `secrete`), creates
|
||||
two roles (`Admin` and `KeystoneServiceAdmin`), and assigns those roles to
|
||||
the `admin` user. From here, you should now have the choice of using the
|
||||
administrative API (as well as the :doc:`man/keystone-manage` commands) to
|
||||
further configure keystone. There are a number of examples of how to use
|
||||
that API at :doc:`adminAPI_curl_examples`.
|
||||
|
||||
|
||||
Setting up services
|
||||
===================
|
||||
|
||||
Defining Services and Service Endpoints
|
||||
---------------------------------------
|
||||
|
||||
Keystone also acts as a service catalog to let other OpenStack systems know
|
||||
where relevant API endpoints exist for OpenStack Services. The OpenStack
|
||||
Dashboard, in particular, uses this heavily - and this **must** be configured
|
||||
for the OpenStack Dashboard to properly function.
|
||||
|
||||
Here's how we define the services::
|
||||
|
||||
$ keystone-manage service add nova compute "Nova Compute Service"
|
||||
$ keystone-manage service add glance image "Glance Image Service"
|
||||
$ keystone-manage service add swift storage "Swift Object Storage Service"
|
||||
$ keystone-manage service add keystone identity "Keystone Identity Service"
|
||||
|
||||
Once the services are defined, we create endpoints for them. Each service
|
||||
has three relevant URL's associated with it that are used in the command:
|
||||
|
||||
* the public API URL
|
||||
* an administrative API URL
|
||||
* an internal URL
|
||||
|
||||
The "internal URL" is an endpoint the generally offers the same API as the
|
||||
public URL, but over a high-bandwidth, low-latency, unmetered (free) network.
|
||||
You would use that to transfer images from nova to glance for example, and
|
||||
not the Public URL which would go over the internet and be potentially chargeable.
|
||||
|
||||
The "admin URL" is for administering the services and is not exposed or accessible
|
||||
to customers without the apporpriate privileges.
|
||||
|
||||
An example of setting up the endpoint for Nova::
|
||||
|
||||
$ keystone-manage endpointTemplates add RegionOne nova \
|
||||
http://nova-api.mydomain:8774/v1.1/%tenant_id% \
|
||||
http://nova-api.mydomain:8774/v1.1/%tenant_id% \
|
||||
http://nova-api.mydomain:8774/v1.1/%tenant_id% \
|
||||
1 1
|
||||
|
||||
Glance::
|
||||
|
||||
$ keystone-manage endpointTemplates add RegionOne glance \
|
||||
http://glance.mydomain:9292/v1 \
|
||||
http://glance.mydomain:9292/v1 \
|
||||
http://glance.mydomain:9292/v1 \
|
||||
1 1
|
||||
|
||||
Swift::
|
||||
|
||||
$ keystone-manage endpointTemplates add RegionOne swift \
|
||||
http://swift.mydomain:8080/v1/AUTH_%tenant_id% \
|
||||
http://swift.mydomain:8080/v1.0/ \
|
||||
http://swift.mydomain:8080/v1/AUTH_%tenant_id% \
|
||||
1 1
|
||||
|
||||
And setting up an endpoint for Keystone::
|
||||
|
||||
$ keystone-manage endpointTemplates add RegionOne keystone \
|
||||
http://keystone.mydomain:5000/v2.0 \
|
||||
http://keystone.mydomain:35357/v2.0 \
|
||||
http://keystone.mydomain:5000/v2.0 \
|
||||
1 1
|
||||
|
||||
|
||||
Defining an Administrative Service Token
|
||||
----------------------------------------
|
||||
|
||||
An Administrative Service Token is a bit of arbitrary text which is configured
|
||||
in Keystone and used (typically configured into) Nova, Swift, Glance, and any
|
||||
other OpenStack projects, to be able to use Keystone services.
|
||||
|
||||
This token is an arbitrary text string, but must be identical between Keystone
|
||||
and the services using Keystone. This token is bound to a user and tenant as
|
||||
well, so those also need to be created prior to setting it up.
|
||||
|
||||
The *admin* user was set up above, but we haven't created a tenant for that
|
||||
user yet::
|
||||
|
||||
$ keystone-manage tenant add admin
|
||||
|
||||
and while we're here, let's grant the admin user the 'Admin' role to the
|
||||
'admin' tenant::
|
||||
|
||||
$ keystone-manage role add Admin
|
||||
$ keystone-manage role grant Admin admin admin
|
||||
|
||||
Now we can create a service token::
|
||||
|
||||
$ keystone-manage token add 999888777666 admin admin 2015-02-05T00:00
|
||||
|
||||
This creates a service token of '999888777666' associated to the admin user,
|
||||
admin tenant, and expires on February 5th, 2015. This token will be used when
|
||||
configuring Nova, Glance, or other OpenStack services.
|
||||
|
||||
Securing Communications with SSL
|
||||
--------------------------------
|
||||
|
||||
To encrypt traffic between services and Keystone, see :doc:`ssl`
|
||||
|
||||
|
||||
Setting up OpenStack users
|
||||
==========================
|
||||
|
||||
Creating Tenants, Users, and Roles
|
||||
----------------------------------
|
||||
|
||||
Let's set up a 'demo' tenant::
|
||||
|
||||
$ keystone-manage tenant add demo
|
||||
|
||||
And add a 'demo' user with the password 'guest'::
|
||||
|
||||
$ keystone-manage user add demo guest
|
||||
|
||||
Now let's add a role of "Member" and grant 'demo' user that role
|
||||
as it pertains to the tenant 'demo'::
|
||||
|
||||
$ keystone-manage role add Member
|
||||
$ keystone-manage role grant Member demo demo
|
||||
|
||||
Let's also add the admin user as an Admin role to the demo tenant::
|
||||
|
||||
$ keystone-manage role grant Admin admin demo
|
||||
|
||||
Creating EC2 credentials
|
||||
------------------------
|
||||
|
||||
To add EC2 credentials for the `admin` and `demo` accounts::
|
||||
|
||||
$ keystone-manage credentials add admin EC2 'admin' 'secretpassword'
|
||||
$ keystone-manage credentials add admin EC2 'demo' 'secretpassword'
|
||||
|
||||
If you have a large number of credentials to create, you can put them all
|
||||
into a single large file and import them using :doc:`man/keystone-import`. The
|
||||
format of the document looks like::
|
||||
|
||||
credentials add admin EC2 'username' 'password'
|
||||
credentials add admin EC2 'username' 'password'
|
||||
|
||||
Then use::
|
||||
|
||||
$ keystone-import `filename`
|
||||
|
||||
|
||||
Setting Up Middleware
|
||||
=====================
|
||||
|
||||
Keystone Auth-Token Middleware
|
||||
--------------------------------
|
||||
|
||||
The Keystone auth_token middleware is a WSGI component that can be inserted in
|
||||
the WSGI pipeline to handle authenticating tokens with Keystone. See :doc:`middleware`
|
||||
for details on middleware and configuration parameters.
|
||||
|
||||
|
||||
Configuring Nova to use Keystone
|
||||
--------------------------------
|
||||
|
||||
To configure Nova to use Keystone for authentication, the Nova API service
|
||||
can be run against the api-paste file provided by Keystone. This is most
|
||||
easily accomplished by setting the `--api_paste_config` flag in nova.conf to
|
||||
point to `examples/paste/nova-api-paste.ini` from Keystone. This paste file
|
||||
included references to the WSGI authentication middleware provided with the
|
||||
keystone installation.
|
||||
|
||||
When configuring Nova, it is important to create a admin service token for
|
||||
the service (from the Configuration step above) and include that as the key
|
||||
'admin_token' in the nova-api-paste.ini. See the documented
|
||||
:doc:`nova-api-paste` file for references.
|
||||
|
||||
Configuring Swift to use Keystone
|
||||
---------------------------------
|
||||
|
||||
Similar to Nova, swift can be configured to use Keystone for authentication
|
||||
rather than it's built in 'tempauth'.
|
||||
|
||||
1. Add a service endpoint for Swift to Keystone
|
||||
|
||||
2. Configure the paste file for swift-proxy (`/etc/swift/swift-proxy.conf`)
|
||||
|
||||
3. Reconfigure Swift's proxy server to use Keystone instead of TempAuth.
|
||||
Here's an example `/etc/swift/proxy-server.conf`::
|
||||
|
||||
[DEFAULT]
|
||||
bind_port = 8888
|
||||
user = <user>
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = catch_errors cache keystone proxy-server
|
||||
|
||||
[app:proxy-server]
|
||||
use = egg:swift#proxy
|
||||
account_autocreate = true
|
||||
|
||||
[filter:keystone]
|
||||
use = egg:keystone#tokenauth
|
||||
auth_protocol = http
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 35357
|
||||
admin_token = 999888777666
|
||||
delay_auth_decision = 0
|
||||
service_protocol = http
|
||||
service_host = 127.0.0.1
|
||||
service_port = 8100
|
||||
service_pass = dTpw
|
||||
cache = swift.cache
|
||||
|
||||
[filter:cache]
|
||||
use = egg:swift#memcache
|
||||
set log_name = cache
|
||||
|
||||
[filter:catch_errors]
|
||||
use = egg:swift#catch_errors
|
||||
|
||||
Note that the optional "cache" property in the keystone filter allows any
|
||||
service (not just Swift) to register its memcache client in the WSGI
|
||||
environment. If such a cache exists, Keystone middleware will utilize it
|
||||
to store validated token information, which could result in better overall
|
||||
performance.
|
||||
|
||||
4. Restart swift
|
||||
|
||||
5. Verify that keystone is providing authentication to Swift
|
||||
|
||||
Use `swift` to check everything works (note: you currently have to create a
|
||||
container or upload something as your first action to have the account
|
||||
created; there's a Swift bug to be fixed soon)::
|
||||
|
||||
$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete post container
|
||||
$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v
|
||||
StorageURL: http://127.0.0.1:8888/v1/AUTH_1234
|
||||
Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3
|
||||
Account: AUTH_1234
|
||||
Containers: 1
|
||||
Objects: 0
|
||||
Bytes: 0
|
||||
Accept-Ranges: bytes
|
||||
X-Trans-Id: tx25c1a6969d8f4372b63912f411de3c3b
|
||||
|
||||
.. WARNING::
|
||||
Keystone currently allows any valid token to do anything with any account.
|
||||
|
|
@ -1,135 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
========================
|
||||
Developing with Keystone
|
||||
========================
|
||||
|
||||
Get your development environment set up according to :doc:`setup`.
|
||||
|
||||
Running a development instance
|
||||
==============================
|
||||
|
||||
Setting up a virtualenv
|
||||
-----------------------
|
||||
|
||||
We recommend establishing a virtualenv to run keystone within. To establish
|
||||
this environment, use the command::
|
||||
|
||||
$ python tools/install_venv.py
|
||||
|
||||
This will create a local virtual environment in the directory ``.venv``.
|
||||
Once created, you can activate this virtualenv for your current shell using::
|
||||
|
||||
$ source .venv/bin/activate
|
||||
|
||||
The virtual environment can be disabled using the command::
|
||||
|
||||
$ deactivate
|
||||
|
||||
You can also use ``tools\with_venv.sh`` to prefix commands so that they run
|
||||
within the virtual environment. For more information on virtual environments,
|
||||
see virtualenv_.
|
||||
|
||||
.. _virtualenv: http://www.virtualenv.org/
|
||||
|
||||
Running Keystone
|
||||
----------------
|
||||
|
||||
To run the keystone Admin and API server instances, use::
|
||||
|
||||
$ tools/with_venv.sh bin/keystone
|
||||
|
||||
Running a demo service that uses Keystone
|
||||
-----------------------------------------
|
||||
|
||||
To run client demo (with all auth middleware running locally on sample service)::
|
||||
|
||||
$ tools/with_venv.sh examples/echo/bin/echod
|
||||
|
||||
which spins up a simple "echo" service on port 8090. To use a simple echo client::
|
||||
|
||||
$ python examples/echo/echo_client.py
|
||||
|
||||
Interacting with Keystone
|
||||
=========================
|
||||
|
||||
You can interact with Keystone through the command line using :doc:`man/keystone-manage`
|
||||
which allows you to establish tenants, users, etc.
|
||||
|
||||
You can also interact with Keystone through it's REST API. There is a python
|
||||
keystone client library python-keystoneclient_ which interacts exclusively through
|
||||
the REST API.
|
||||
|
||||
.. _python-keystoneclient: https://github.com/4P/python-keystoneclient
|
||||
|
||||
The easiest way to establish some base information in Keystone to interact with is
|
||||
to invoke::
|
||||
|
||||
$ tools/with_venv.sh bin/sampledata
|
||||
|
||||
You can see the details of what that creates in ``keystone/test/sampledata.py``
|
||||
|
||||
Enabling debugging middleware
|
||||
-----------------------------
|
||||
|
||||
You can enable a huge amount of additional data (debugging information) about
|
||||
the request and repsonse objects flowing through Keystone using the debugging
|
||||
WSGI middleware.
|
||||
|
||||
To enable this, just modify the pipelines in ``etc/keystone.conf``, from::
|
||||
|
||||
[pipeline:admin]
|
||||
pipeline =
|
||||
urlnormalizer
|
||||
admin_api
|
||||
|
||||
[pipeline:keystone-legacy-auth]
|
||||
pipeline =
|
||||
urlnormalizer
|
||||
legacy_auth
|
||||
d5_compat
|
||||
service_api
|
||||
|
||||
... to::
|
||||
|
||||
[pipeline:admin]
|
||||
pipeline =
|
||||
debug
|
||||
urlnormalizer
|
||||
d5_compat
|
||||
admin_api
|
||||
|
||||
[pipeline:keystone-legacy-auth]
|
||||
pipeline =
|
||||
debug
|
||||
urlnormalizer
|
||||
legacy_auth
|
||||
d5_compat
|
||||
service_api
|
||||
|
||||
Two simple and easy debugging tools are using the ``-d`` when you start keystone::
|
||||
|
||||
$ ./keystone -d
|
||||
|
||||
and the `--trace-calls` flag::
|
||||
|
||||
$ ./keystone -trace-calls
|
||||
|
||||
The ``-d`` flag outputs debug information to the console. The ``--trace-calls`` flag
|
||||
outputs extensive, nested trace calls to the console and highlights any errors
|
||||
in red.
|
||||
|
|
@ -1,158 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="193.58089"
|
||||
height="100.32214"
|
||||
id="svg2"
|
||||
version="1.1"
|
||||
inkscape:version="0.48.0 r9654"
|
||||
sodipodi:docname="proxyAuth.svg">
|
||||
<defs
|
||||
id="defs4" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.98901497"
|
||||
inkscape:cx="134.39587"
|
||||
inkscape:cy="72.635488"
|
||||
inkscape:document-units="px"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:window-width="912"
|
||||
inkscape:window-height="842"
|
||||
inkscape:window-x="66"
|
||||
inkscape:window-y="87"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata7">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(-240.60414,-504.67553)">
|
||||
<g
|
||||
id="1"
|
||||
transform="translate(239.41667,503.49764)">
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="25.6"
|
||||
x="136"
|
||||
xml:space="preserve"
|
||||
id="2">Request</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="36"
|
||||
x="136"
|
||||
xml:space="preserve"
|
||||
id="3">service directly</text>
|
||||
<path
|
||||
d="m 1.85,14.45 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="4"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 1.85,43.25 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="5"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="25.6"
|
||||
x="24.799999"
|
||||
xml:space="preserve"
|
||||
id="6">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="37.599998"
|
||||
x="8.8000002"
|
||||
xml:space="preserve"
|
||||
id="7">Component</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="53.599998"
|
||||
x="79.199997"
|
||||
xml:space="preserve"
|
||||
id="8">305 </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="53.599998"
|
||||
x="96"
|
||||
xml:space="preserve"
|
||||
id="9">Use proxy to </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="63.200001"
|
||||
x="79.199997"
|
||||
xml:space="preserve"
|
||||
id="10">redirect to Auth</text>
|
||||
<path
|
||||
d="M 64.25,72.05 C 83.45,33.65 87.8,15.9 75.1,6.45 67.75,1 54.85,-1.65 42.3,7.85"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="11"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 45.35,9.75 -9.9,4.7 5.1,-9.65 4.8,4.95 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="12"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 154.25,14.45 c 0,0 -4.85,0.5 -9.45,0.95 -7,0.7 -13.45,1.2 -17.85,5.1 -2.95,2.65 -5.05,6.8 -3.6,10.1 2.65,6.1 17.05,9.3 23.85,14 5,3.45 5.95,7.65 4.9,11.1 -1.9,6.35 -10.5,10 -23.85,16.2 -8.35,3.9 -18.6,8.85 -26.1,11.85"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="13"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="M 104,86.8 93.05,86.45 102,80.2 l 2,6.6 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="14"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 25.85,72.05 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="15"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 25.85,100.85 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="16"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="83.199997"
|
||||
x="34.400002"
|
||||
xml:space="preserve"
|
||||
id="17">OpenStack</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="95.199997"
|
||||
x="42.400002"
|
||||
xml:space="preserve"
|
||||
id="18">Service</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 6.1 KiB |
|
@ -1,135 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="68.500092"
|
||||
height="110.50006"
|
||||
id="svg2"
|
||||
version="1.1"
|
||||
inkscape:version="0.48.0 r9654"
|
||||
sodipodi:docname="mapper.svg">
|
||||
<defs
|
||||
id="defs4" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.98901497"
|
||||
inkscape:cx="34.262561"
|
||||
inkscape:cy="55.237534"
|
||||
inkscape:document-units="px"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:window-width="912"
|
||||
inkscape:window-height="842"
|
||||
inkscape:window-x="66"
|
||||
inkscape:window-y="87"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata7">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(-340.73745,-315.32253)">
|
||||
<g
|
||||
id="1"
|
||||
transform="translate(339.55001,314.13506)">
|
||||
<path
|
||||
d="m 1.85,1.85 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="2"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 1.85,30.65 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="3"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="13.6"
|
||||
x="24.799999"
|
||||
xml:space="preserve"
|
||||
id="4">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="24.799999"
|
||||
x="8.8000002"
|
||||
xml:space="preserve"
|
||||
id="5">Component</text>
|
||||
<path
|
||||
d="m 1.85,81.05 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#a6a6a6;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="6"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#bfbfbf;font-family:Arial"
|
||||
y="64"
|
||||
x="24.799999"
|
||||
xml:space="preserve"
|
||||
id="7">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#bfbfbf;font-family:Arial"
|
||||
y="75.199997"
|
||||
x="8.8000002"
|
||||
xml:space="preserve"
|
||||
id="8">Component</text>
|
||||
<path
|
||||
d="m 1.85,82.25 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="9"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 1.85,111.05 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="10"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="93.599998"
|
||||
x="10.4"
|
||||
xml:space="preserve"
|
||||
id="11">OpenStack</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="105.6"
|
||||
x="18.4"
|
||||
xml:space="preserve"
|
||||
id="12">Service</text>
|
||||
<path
|
||||
d="m 35.45,30.65 0,40.9"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="13"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="M 38.9,70.7 35.45,81.05 32,70.7 l 6.9,0 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="14"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 4.9 KiB |
|
@ -1,52 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545)
|
||||
-->
|
||||
<!-- Title: DelegateAcceptAuth Pages: 1 -->
|
||||
<svg width="656pt" height="81pt"
|
||||
viewBox="0.00 0.00 656.00 81.23" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 77.234)">
|
||||
<title>DelegateAcceptAuth</title>
|
||||
<polygon fill="white" stroke="white" points="-4,5 -4,-77.234 653,-77.234 653,5 -4,5"/>
|
||||
<!-- Start -->
|
||||
<!-- AuthComp -->
|
||||
<g id="node4" class="node"><title>AuthComp</title>
|
||||
<polygon fill="#fdefe3" stroke="#c00000" points="348,-48.234 250,-48.234 250,-8.23398 348,-8.23398 348,-48.234"/>
|
||||
<text text-anchor="middle" x="299" y="-31.634" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text>
|
||||
<text text-anchor="middle" x="299" y="-15.634" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text>
|
||||
</g>
|
||||
<!-- Start->AuthComp -->
|
||||
<g id="edge3" class="edge"><title>Start->AuthComp</title>
|
||||
<path fill="none" stroke="black" d="M54.0748,-28.234C97.1107,-28.234 182.142,-28.234 239.791,-28.234"/>
|
||||
<polygon fill="black" stroke="black" points="239.864,-31.7341 249.863,-28.234 239.863,-24.7341 239.864,-31.7341"/>
|
||||
<text text-anchor="middle" x="152" y="-30.634" font-family="Times,serif" font-size="14.00">Authorization: Basic VTpQ</text>
|
||||
</g>
|
||||
<!-- AuthComp->Start -->
|
||||
<g id="edge9" class="edge"><title>AuthComp->Start</title>
|
||||
<path fill="none" stroke="black" d="M249.934,-12.6562C243.944,-11.2496 237.868,-10.0499 232,-9.23398 161.567,0.55976 141.697,4.87673 72,-9.23398 69.1948,-9.80192 66.3471,-10.5503 63.5169,-11.4218"/>
|
||||
<polygon fill="black" stroke="black" points="62.3066,-8.13733 54.0489,-14.7751 64.6436,-14.7357 62.3066,-8.13733"/>
|
||||
<text text-anchor="middle" x="152" y="-11.634" font-family="Times,serif" font-size="14.00">200 Okay</text>
|
||||
</g>
|
||||
<!-- Service -->
|
||||
<g id="node6" class="node"><title>Service</title>
|
||||
<polygon fill="#d1ebf1" stroke="#1f477d" points="648,-48.234 554,-48.234 554,-8.23398 648,-8.23398 648,-48.234"/>
|
||||
<text text-anchor="middle" x="601" y="-31.634" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text>
|
||||
<text text-anchor="middle" x="601" y="-15.634" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text>
|
||||
</g>
|
||||
<!-- AuthComp->Service -->
|
||||
<g id="edge5" class="edge"><title>AuthComp->Service</title>
|
||||
<path fill="none" stroke="black" d="M348.194,-28.234C401.691,-28.234 487.101,-28.234 543.616,-28.234"/>
|
||||
<polygon fill="black" stroke="black" points="543.818,-31.7341 553.818,-28.234 543.818,-24.7341 543.818,-31.7341"/>
|
||||
<text text-anchor="middle" x="451" y="-60.634" font-family="Times,serif" font-size="14.00">Authorization: Basic dTpw</text>
|
||||
<text text-anchor="middle" x="451" y="-45.634" font-family="Times,serif" font-size="14.00">X-Authorization: Proxy U</text>
|
||||
<text text-anchor="middle" x="451" y="-30.634" font-family="Times,serif" font-size="14.00">X-Identity-Status: Confirmed</text>
|
||||
</g>
|
||||
<!-- Service->AuthComp -->
|
||||
<g id="edge7" class="edge"><title>Service->AuthComp</title>
|
||||
<path fill="none" stroke="black" d="M553.774,-12.7435C547.845,-11.2995 541.819,-10.067 536,-9.23398 461.207,1.47328 440.836,1.17187 366,-9.23398 363.341,-9.6037 360.639,-10.0522 357.922,-10.5631"/>
|
||||
<polygon fill="black" stroke="black" points="357.121,-7.15517 348.066,-12.6562 358.575,-14.0025 357.121,-7.15517"/>
|
||||
<text text-anchor="middle" x="451" y="-11.634" font-family="Times,serif" font-size="14.00">200 Okay</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 3.6 KiB |
|
@ -1,30 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545)
|
||||
-->
|
||||
<!-- Title: Seperate Pages: 1 -->
|
||||
<svg width="106pt" height="124pt"
|
||||
viewBox="0.00 0.00 106.00 124.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 120)">
|
||||
<title>Seperate</title>
|
||||
<polygon fill="white" stroke="white" points="-4,5 -4,-120 103,-120 103,5 -4,5"/>
|
||||
<!-- AuthComp -->
|
||||
<g id="node2" class="node"><title>AuthComp</title>
|
||||
<polygon fill="#fdefe3" stroke="#c00000" points="98,-116 0,-116 0,-76 98,-76 98,-116"/>
|
||||
<text text-anchor="middle" x="49" y="-99.4" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text>
|
||||
<text text-anchor="middle" x="49" y="-83.4" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text>
|
||||
</g>
|
||||
<!-- Service -->
|
||||
<g id="node4" class="node"><title>Service</title>
|
||||
<polygon fill="#d1ebf1" stroke="#1f477d" points="96,-40 2,-40 2,-0 96,-0 96,-40"/>
|
||||
<text text-anchor="middle" x="49" y="-23.4" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text>
|
||||
<text text-anchor="middle" x="49" y="-7.4" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text>
|
||||
</g>
|
||||
<!-- AuthComp->Service -->
|
||||
<g id="edge3" class="edge"><title>AuthComp->Service</title>
|
||||
<path fill="none" stroke="black" d="M49,-75.6334C49,-67.8186 49,-58.7253 49,-50.183"/>
|
||||
<polygon fill="black" stroke="black" points="52.5001,-50.1593 49,-40.1593 45.5001,-50.1593 52.5001,-50.1593"/>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 1.6 KiB |
|
@ -1,51 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545)
|
||||
-->
|
||||
<!-- Title: StandardAcceptAuth Pages: 1 -->
|
||||
<svg width="644pt" height="66pt"
|
||||
viewBox="0.00 0.00 644.00 66.23" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 62.234)">
|
||||
<title>StandardAcceptAuth</title>
|
||||
<polygon fill="white" stroke="white" points="-4,5 -4,-62.234 641,-62.234 641,5 -4,5"/>
|
||||
<!-- Start -->
|
||||
<!-- AuthComp -->
|
||||
<g id="node4" class="node"><title>AuthComp</title>
|
||||
<polygon fill="#fdefe3" stroke="#c00000" points="348,-48.234 250,-48.234 250,-8.23398 348,-8.23398 348,-48.234"/>
|
||||
<text text-anchor="middle" x="299" y="-31.634" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text>
|
||||
<text text-anchor="middle" x="299" y="-15.634" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text>
|
||||
</g>
|
||||
<!-- Start->AuthComp -->
|
||||
<g id="edge3" class="edge"><title>Start->AuthComp</title>
|
||||
<path fill="none" stroke="black" d="M54.0748,-28.234C97.1107,-28.234 182.142,-28.234 239.791,-28.234"/>
|
||||
<polygon fill="black" stroke="black" points="239.864,-31.7341 249.863,-28.234 239.863,-24.7341 239.864,-31.7341"/>
|
||||
<text text-anchor="middle" x="152" y="-30.634" font-family="Times,serif" font-size="14.00">Authorization: Basic VTpQ</text>
|
||||
</g>
|
||||
<!-- AuthComp->Start -->
|
||||
<g id="edge9" class="edge"><title>AuthComp->Start</title>
|
||||
<path fill="none" stroke="black" d="M249.934,-12.6562C243.944,-11.2496 237.868,-10.0499 232,-9.23398 161.567,0.55976 141.697,4.87673 72,-9.23398 69.1948,-9.80192 66.3471,-10.5503 63.5169,-11.4218"/>
|
||||
<polygon fill="black" stroke="black" points="62.3066,-8.13733 54.0489,-14.7751 64.6436,-14.7357 62.3066,-8.13733"/>
|
||||
<text text-anchor="middle" x="152" y="-11.634" font-family="Times,serif" font-size="14.00">200 Okay</text>
|
||||
</g>
|
||||
<!-- Service -->
|
||||
<g id="node6" class="node"><title>Service</title>
|
||||
<polygon fill="#d1ebf1" stroke="#1f477d" points="636,-48.234 542,-48.234 542,-8.23398 636,-8.23398 636,-48.234"/>
|
||||
<text text-anchor="middle" x="589" y="-31.634" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text>
|
||||
<text text-anchor="middle" x="589" y="-15.634" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text>
|
||||
</g>
|
||||
<!-- AuthComp->Service -->
|
||||
<g id="edge5" class="edge"><title>AuthComp->Service</title>
|
||||
<path fill="none" stroke="black" d="M348.195,-28.234C399.052,-28.234 478.372,-28.234 531.947,-28.234"/>
|
||||
<polygon fill="black" stroke="black" points="531.971,-31.7341 541.971,-28.234 531.971,-24.7341 531.971,-31.7341"/>
|
||||
<text text-anchor="middle" x="445" y="-45.634" font-family="Times,serif" font-size="14.00">Authorization: Basic dTpw</text>
|
||||
<text text-anchor="middle" x="445" y="-30.634" font-family="Times,serif" font-size="14.00">X-Authorization: Proxy U</text>
|
||||
</g>
|
||||
<!-- Service->AuthComp -->
|
||||
<g id="edge7" class="edge"><title>Service->AuthComp</title>
|
||||
<path fill="none" stroke="black" d="M541.774,-12.7435C535.845,-11.2995 529.819,-10.067 524,-9.23398 454.486,0.717471 435.553,0.437338 366,-9.23398 363.341,-9.6037 360.639,-10.0522 357.922,-10.5631"/>
|
||||
<polygon fill="black" stroke="black" points="357.121,-7.15517 348.066,-12.6562 358.575,-14.0025 357.121,-7.15517"/>
|
||||
<text text-anchor="middle" x="445" y="-11.634" font-family="Times,serif" font-size="14.00">200 Okay</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 3.5 KiB |
|
@ -1,39 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545)
|
||||
-->
|
||||
<!-- Title: StandardRejectAuth Pages: 1 -->
|
||||
<svg width="590pt" height="84pt"
|
||||
viewBox="0.00 0.00 590.00 84.11" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 80.1142)">
|
||||
<title>StandardRejectAuth</title>
|
||||
<polygon fill="white" stroke="white" points="-4,5 -4,-80.1142 587,-80.1142 587,5 -4,5"/>
|
||||
<!-- Start -->
|
||||
<!-- AuthComp -->
|
||||
<g id="node4" class="node"><title>AuthComp</title>
|
||||
<polygon fill="#fdefe3" stroke="#c00000" points="470,-72.1142 372,-72.1142 372,-32.1142 470,-32.1142 470,-72.1142"/>
|
||||
<text text-anchor="middle" x="421" y="-55.5142" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text>
|
||||
<text text-anchor="middle" x="421" y="-39.5142" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text>
|
||||
</g>
|
||||
<!-- Start->AuthComp -->
|
||||
<g id="edge3" class="edge"><title>Start->AuthComp</title>
|
||||
<path fill="none" stroke="black" d="M54.087,-55.6146C59.9818,-56.239 66.1921,-56.7925 72,-57.1142 197.142,-64.0451 228.754,-61.7811 354,-57.1142 356.55,-57.0192 359.153,-56.9039 361.782,-56.7725"/>
|
||||
<polygon fill="black" stroke="black" points="362.204,-60.2543 371.991,-56.1946 361.809,-53.2655 362.204,-60.2543"/>
|
||||
<text text-anchor="middle" x="213" y="-63.5142" font-family="Times,serif" font-size="14.00">Authorization: Basic Yjpw</text>
|
||||
</g>
|
||||
<!-- AuthComp->Start -->
|
||||
<g id="edge5" class="edge"><title>AuthComp->Start</title>
|
||||
<path fill="none" stroke="black" d="M381.842,-32.0145C372.913,-28.3297 363.309,-25.0423 354,-23.1142 231.272,2.30687 192.234,12.2721 72,-23.1142 67.3413,-24.4853 62.7097,-26.5048 58.2883,-28.8508"/>
|
||||
<polygon fill="black" stroke="black" points="56.3831,-25.9114 49.5663,-34.022 59.9531,-31.9327 56.3831,-25.9114"/>
|
||||
<text text-anchor="middle" x="213" y="-40.5142" font-family="Times,serif" font-size="14.00">401 Unauthorized</text>
|
||||
<text text-anchor="middle" x="213" y="-25.5142" font-family="Times,serif" font-size="14.00">WWW-Authenticate: Basic Realm="API Realm"</text>
|
||||
</g>
|
||||
<!-- Service -->
|
||||
<g id="node8" class="node"><title>Service</title>
|
||||
<polygon fill="#d1ebf1" stroke="#1f477d" points="582,-72.1142 488,-72.1142 488,-32.1142 582,-32.1142 582,-72.1142"/>
|
||||
<text text-anchor="middle" x="535" y="-55.5142" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text>
|
||||
<text text-anchor="middle" x="535" y="-39.5142" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 2.7 KiB |
|
@ -1,24 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN"
|
||||
"http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
|
||||
<!-- Generated by graphviz version 2.27.20101213.0545 (20101213.0545)
|
||||
-->
|
||||
<!-- Title: Together Pages: 1 -->
|
||||
<svg width="116pt" height="104pt"
|
||||
viewBox="0.00 0.00 116.00 104.00" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink">
|
||||
<g id="graph1" class="graph" transform="scale(1 1) rotate(0) translate(4 100)">
|
||||
<title>Together</title>
|
||||
<polygon fill="white" stroke="white" points="-4,5 -4,-100 113,-100 113,5 -4,5"/>
|
||||
<!-- Together -->
|
||||
<g id="node2" class="node"><title>Together</title>
|
||||
<polygon fill="#fdefe3" stroke="#fdefe3" points="8,-47 8,-91 101,-91 101,-47 8,-47"/>
|
||||
<polygon fill="none" stroke="#c00000" points="8,-47 8,-91 101,-91 101,-47 8,-47"/>
|
||||
<text text-anchor="start" x="38" y="-75.2333" font-family="Helvetica,sans-Serif" font-size="14.00">Auth</text>
|
||||
<text text-anchor="start" x="13.5" y="-58.4333" font-family="Helvetica,sans-Serif" font-size="14.00">Component</text>
|
||||
<polygon fill="#d1ebf1" stroke="#d1ebf1" points="8,-4 8,-47 101,-47 101,-4 8,-4"/>
|
||||
<polygon fill="none" stroke="#1f477d" points="8,-4 8,-47 101,-47 101,-4 8,-4"/>
|
||||
<text text-anchor="start" x="15.5" y="-31.7333" font-family="Helvetica,sans-Serif" font-size="14.00">OpenStack</text>
|
||||
<text text-anchor="start" x="28" y="-14.9333" font-family="Helvetica,sans-Serif" font-size="14.00">Service</text>
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 1.4 KiB |
|
@ -1,215 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="183.71901"
|
||||
height="100.41289"
|
||||
id="svg2"
|
||||
version="1.1"
|
||||
inkscape:version="0.48.0 r9654"
|
||||
sodipodi:docname="authComp.svg">
|
||||
<defs
|
||||
id="defs4" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.98901497"
|
||||
inkscape:cx="69.71099"
|
||||
inkscape:cy="-12.532713"
|
||||
inkscape:document-units="px"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:window-width="912"
|
||||
inkscape:window-height="842"
|
||||
inkscape:window-x="66"
|
||||
inkscape:window-y="87"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata7">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(-305.28902,-419.41658)">
|
||||
<g
|
||||
id="1"
|
||||
transform="translate(304.10174,415.42322)">
|
||||
<path
|
||||
d="m 117.05,14.8 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="2"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 117.05,43.6 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="3"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="26.4"
|
||||
x="140"
|
||||
xml:space="preserve"
|
||||
id="4">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="37.599998"
|
||||
x="124"
|
||||
xml:space="preserve"
|
||||
id="5">Component</text>
|
||||
<path
|
||||
d="m 117.05,72.4 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="6"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 117.05,101.2 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="7"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="84"
|
||||
x="125.6"
|
||||
xml:space="preserve"
|
||||
id="8">OpenStack</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="95.199997"
|
||||
x="133.60001"
|
||||
xml:space="preserve"
|
||||
id="9">Service</text>
|
||||
<path
|
||||
d="m 150.65,43.6 0,19.3"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="10"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 154.1,62.05 -3.45,10.35 -3.45,-10.35 6.9,0 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="11"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="131.2"
|
||||
xml:space="preserve"
|
||||
id="12">Option </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="158.39999"
|
||||
xml:space="preserve"
|
||||
id="13">(</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="161.60001"
|
||||
xml:space="preserve"
|
||||
id="14">b</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="166.39999"
|
||||
xml:space="preserve"
|
||||
id="15">)</text>
|
||||
<path
|
||||
d="m 1.85,14.8 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="16"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 1.85,43.6 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="17"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="26.4"
|
||||
x="24.799999"
|
||||
xml:space="preserve"
|
||||
id="18">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="37.599998"
|
||||
x="8.8000002"
|
||||
xml:space="preserve"
|
||||
id="19">Component</text>
|
||||
<path
|
||||
d="m 1.85,44.8 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="20"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 1.85,73.6 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="21"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="56"
|
||||
x="10.4"
|
||||
xml:space="preserve"
|
||||
id="22">OpenStack</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="68"
|
||||
x="18.4"
|
||||
xml:space="preserve"
|
||||
id="23">Service</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="13.6"
|
||||
xml:space="preserve"
|
||||
id="24">Option </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="41.599998"
|
||||
xml:space="preserve"
|
||||
id="25">(</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="44"
|
||||
xml:space="preserve"
|
||||
id="26">a</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="48.799999"
|
||||
xml:space="preserve"
|
||||
id="27">)</text>
|
||||
<path
|
||||
d="m 93.45,5.2 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,5.6 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-5.6 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z m 0,9.6 0,2.4 c 0,0.25 -0.15,0.4 -0.4,0.4 -0.2,0 -0.4,-0.15 -0.4,-0.4 l 0,-2.4 c 0,-0.2 0.2,-0.4 0.4,-0.4 0.25,0 0.4,0.2 0.4,0.4 z"
|
||||
style="fill:#1f477d;fill-opacity:1;fill-rule:nonzero;stroke:#1f477d;stroke-width:0.80000001px;stroke-linecap:butt;stroke-linejoin:bevel;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="28"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 9.7 KiB |
|
@ -1,237 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="118.9"
|
||||
height="159.425"
|
||||
id="svg2"
|
||||
version="1.1"
|
||||
inkscape:version="0.48.0 r9654"
|
||||
sodipodi:docname="mapper.svg">
|
||||
<defs
|
||||
id="defs4" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="1"
|
||||
inkscape:cx="50.251985"
|
||||
inkscape:cy="133.71622"
|
||||
inkscape:document-units="px"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:window-width="1920"
|
||||
inkscape:window-height="1024"
|
||||
inkscape:window-x="-4"
|
||||
inkscape:window-y="-4"
|
||||
inkscape:window-maximized="1" />
|
||||
<metadata
|
||||
id="metadata7">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title />
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(106.03799,-264.63332)">
|
||||
<g
|
||||
id="g3015">
|
||||
<path
|
||||
d="m -80.18799,394.60832 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="2"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -80.18799,423.40832 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="3"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="405.85831"
|
||||
x="-72.037987"
|
||||
xml:space="preserve"
|
||||
id="4">OpenStack</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="417.85831"
|
||||
x="-64.037987"
|
||||
xml:space="preserve"
|
||||
id="5">Service</text>
|
||||
<path
|
||||
d="m -46.58799,265.00832 0,19.3"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="6"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -42.804657,340.4626 -3.45,10.35 -3.45,-10.35 6.9,0 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="7"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -46.58799,365.80832 0,19.3"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="10"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -43.13799,384.25832 -3.45,10.35 -3.45,-10.35 6.9,0 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="11"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -80.18799,322.60832 c -7.2,7.2 -7.2,13.45 -7.2,17.1 0,0.6 0,1.1 0,1.6"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="12"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -83.98799,340.25832 -2.8,10.55 -4.1,-10.15 6.9,-0.4 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="13"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -12.98799,322.60832 c 4.4,7 5.3,13.3 4.9,18.7"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="14"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -4.68799,340.25832 -2.9,10.55 -4,-10.15 6.9,-0.4 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="15"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -6.98799,366.40832 -17.75,20.4"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="16"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -21.58799,388.45832 -9.4,5.55 4.2,-10.1 5.2,4.55 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="17"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -85.58799,366.40832 15.25,20.05"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="18"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -68.08799,383.65832 3.5,10.35 -9,-6.15 5.5,-4.2 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="19"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -80.18799,293.80832 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#ebf1de;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="20"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -80.18799,322.60832 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#688037;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="21"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="311.45834"
|
||||
x="-64.037987"
|
||||
xml:space="preserve"
|
||||
id="22">Mapper</text>
|
||||
<path
|
||||
d="m -105.38799,351.40832 0,14.4 38.4,0 0,-14.4 -38.4,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="23"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -105.38799,365.80832 38.4,0 0,-14.4 -38.4,0 0,14.4 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="24"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="361.85831"
|
||||
x="-100.03799"
|
||||
xml:space="preserve"
|
||||
id="25">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="361.85831"
|
||||
x="-77.637993"
|
||||
xml:space="preserve"
|
||||
id="26">1</text>
|
||||
<path
|
||||
d="m -65.78799,351.40832 0,14.4 38.4,0 0,-14.4 -38.4,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="27"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -65.78799,365.80832 38.4,0 0,-14.4 -38.4,0 0,14.4 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="28"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="361.85831"
|
||||
x="-60.037991"
|
||||
xml:space="preserve"
|
||||
id="29">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="361.85831"
|
||||
x="-38.437988"
|
||||
xml:space="preserve"
|
||||
id="30">2</text>
|
||||
<path
|
||||
d="m -26.18799,351.40832 0,14.4 38.4,0 0,-14.4 -38.4,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="31"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -26.18799,365.80832 38.4,0 0,-14.4 -38.4,0 0,14.4 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="32"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="361.85831"
|
||||
x="-20.837988"
|
||||
xml:space="preserve"
|
||||
id="33">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="361.85831"
|
||||
x="1.562013"
|
||||
xml:space="preserve"
|
||||
id="34">3</text>
|
||||
<path
|
||||
d="m -46.000001,323.49386 0,18.51832"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.73465496;stroke-linecap:round;stroke-linejoin:round;stroke-miterlimit:4;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="6-1"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m -42.883334,284.52051 -3.45,10.35 -3.45,-10.35 6.9,0 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="7-7"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 9.8 KiB |
|
@ -1,238 +0,0 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<!-- Created with Inkscape (http://www.inkscape.org/) -->
|
||||
|
||||
<svg
|
||||
xmlns:dc="http://purl.org/dc/elements/1.1/"
|
||||
xmlns:cc="http://creativecommons.org/ns#"
|
||||
xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"
|
||||
xmlns:svg="http://www.w3.org/2000/svg"
|
||||
xmlns="http://www.w3.org/2000/svg"
|
||||
xmlns:sodipodi="http://sodipodi.sourceforge.net/DTD/sodipodi-0.dtd"
|
||||
xmlns:inkscape="http://www.inkscape.org/namespaces/inkscape"
|
||||
width="360.43942"
|
||||
height="43.693935"
|
||||
id="svg2"
|
||||
version="1.1"
|
||||
inkscape:version="0.48.0 r9654"
|
||||
sodipodi:docname="layouts.svg">
|
||||
<defs
|
||||
id="defs4" />
|
||||
<sodipodi:namedview
|
||||
id="base"
|
||||
pagecolor="#ffffff"
|
||||
bordercolor="#666666"
|
||||
borderopacity="1.0"
|
||||
inkscape:pageopacity="0.0"
|
||||
inkscape:pageshadow="2"
|
||||
inkscape:zoom="0.98901497"
|
||||
inkscape:cx="238.80946"
|
||||
inkscape:cy="161.99774"
|
||||
inkscape:document-units="px"
|
||||
inkscape:current-layer="layer1"
|
||||
showgrid="false"
|
||||
fit-margin-top="0"
|
||||
fit-margin-left="0"
|
||||
fit-margin-right="0"
|
||||
fit-margin-bottom="0"
|
||||
inkscape:window-width="912"
|
||||
inkscape:window-height="842"
|
||||
inkscape:window-x="66"
|
||||
inkscape:window-y="87"
|
||||
inkscape:window-maximized="0" />
|
||||
<metadata
|
||||
id="metadata7">
|
||||
<rdf:RDF>
|
||||
<cc:Work
|
||||
rdf:about="">
|
||||
<dc:format>image/svg+xml</dc:format>
|
||||
<dc:type
|
||||
rdf:resource="http://purl.org/dc/dcmitype/StillImage" />
|
||||
<dc:title></dc:title>
|
||||
</cc:Work>
|
||||
</rdf:RDF>
|
||||
</metadata>
|
||||
<g
|
||||
inkscape:label="Layer 1"
|
||||
inkscape:groupmode="layer"
|
||||
id="layer1"
|
||||
transform="translate(-136.19055,-650.66599)">
|
||||
<g
|
||||
id="1"
|
||||
transform="translate(134.9737,646.56521)">
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="190.39999"
|
||||
xml:space="preserve"
|
||||
id="2">Authorization</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="240.8"
|
||||
xml:space="preserve"
|
||||
id="3">: </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="10.4"
|
||||
x="245.60001"
|
||||
xml:space="preserve"
|
||||
id="4">Basic dTpw</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="190.39999"
|
||||
xml:space="preserve"
|
||||
id="5">X</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="196"
|
||||
xml:space="preserve"
|
||||
id="6">-</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="199.2"
|
||||
xml:space="preserve"
|
||||
id="7">Authorization</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="248.8"
|
||||
xml:space="preserve"
|
||||
id="8">: </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="253.60001"
|
||||
xml:space="preserve"
|
||||
id="9">Proxy U</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="5.5999999"
|
||||
xml:space="preserve"
|
||||
id="10">Authorization</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="56"
|
||||
xml:space="preserve"
|
||||
id="11">: </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#1f477d;font-family:Arial"
|
||||
y="20"
|
||||
x="60.799999"
|
||||
xml:space="preserve"
|
||||
id="12">Basic VTpQ</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#ff0000;font-family:Arial"
|
||||
y="31.200001"
|
||||
x="34.400002"
|
||||
xml:space="preserve"
|
||||
id="13">500 </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#ff0000;font-family:Arial"
|
||||
y="31.200001"
|
||||
x="50.400002"
|
||||
xml:space="preserve"
|
||||
id="14">Internal Error</text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#ff0000;font-family:Arial"
|
||||
y="32.799999"
|
||||
x="190.39999"
|
||||
xml:space="preserve"
|
||||
id="15">403 </text>
|
||||
<text
|
||||
style="font-size:8.80000019px;font-style:italic;font-weight:normal;text-align:start;text-anchor:start;fill:#ff0000;font-family:Arial"
|
||||
y="32.799999"
|
||||
x="206.39999"
|
||||
xml:space="preserve"
|
||||
id="16">Proxy Unauthorized</text>
|
||||
<path
|
||||
d="m 114.4,23.3 c 1,12.6 -38.55,19.05 -91.35,14.85"
|
||||
style="fill:none;stroke:#ff0000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="17"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 23.6,41.65 -10,-4.35 10.65,-2.55 -0.65,6.9 z"
|
||||
style="fill:#ff0000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="18"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 115.6,8.5 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#fdefe3;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="19"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 115.6,37.3 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#c00000;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="20"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="20"
|
||||
x="138.39999"
|
||||
xml:space="preserve"
|
||||
id="21">Auth</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="31.200001"
|
||||
x="122.4"
|
||||
xml:space="preserve"
|
||||
id="22">Component</text>
|
||||
<path
|
||||
d="M 292.6,22.9 C 295,47.25 251.2,54.6 192,39.75"
|
||||
style="fill:none;stroke:#ff0000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="23"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 191.95,43.3 -9.15,-6 10.9,-0.7 -1.75,6.7 z"
|
||||
style="fill:#ff0000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="24"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 293.8,8.5 0,28.8 67.2,0 0,-28.8 -67.2,0 z"
|
||||
style="fill:#d1ebf1;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="25"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 293.8,37.3 67.2,0 0,-28.8 -67.2,0 0,28.8 z"
|
||||
style="fill:none;stroke:#1f477d;stroke-width:1.29999995px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="26"
|
||||
inkscape:connector-curvature="0" />
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="20"
|
||||
x="302.39999"
|
||||
xml:space="preserve"
|
||||
id="27">OpenStack</text>
|
||||
<text
|
||||
style="font-size:9.60000038px;font-style:normal;font-weight:bold;text-align:start;text-anchor:start;fill:#000000;font-family:Arial"
|
||||
y="31.200001"
|
||||
x="310.39999"
|
||||
xml:space="preserve"
|
||||
id="28">Service</text>
|
||||
<path
|
||||
d="m 182.8,22.9 101.5,0"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="29"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 283.45,19.4 10.35,3.5 -10.35,3.45 0,-6.95 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="30"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="M 1.6,22.9 106.7,22.85"
|
||||
style="fill:none;stroke:#000000;stroke-width:0.75px;stroke-linecap:round;stroke-linejoin:round;stroke-opacity:1;stroke-dasharray:none"
|
||||
id="31"
|
||||
inkscape:connector-curvature="0" />
|
||||
<path
|
||||
d="m 105.85,19.35 10.35,3.5 -10.35,3.45 0,-6.95 z"
|
||||
style="fill:#000000;fill-opacity:1;fill-rule:evenodd;stroke:none"
|
||||
id="32"
|
||||
inkscape:connector-curvature="0" />
|
||||
</g>
|
||||
</g>
|
||||
</svg>
|
Before Width: | Height: | Size: 9.3 KiB |
|
@ -1,112 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
keystone.conf example
|
||||
=====================
|
||||
::
|
||||
|
||||
[DEFAULT]
|
||||
# Show more verbose log output (sets INFO log level output)
|
||||
verbose = False
|
||||
|
||||
# Show debugging output in logs (sets DEBUG log level output)
|
||||
debug = False
|
||||
|
||||
# Which backend store should Keystone use by default.
|
||||
# Default: 'sqlite'
|
||||
# Available choices are 'sqlite' [future will include LDAP, PAM, etc]
|
||||
default_store = sqlite
|
||||
|
||||
# Log to this file. Make sure you do not set the same log
|
||||
# file for both the API and registry servers!
|
||||
log_file = %DEST%/keystone/keystone.log
|
||||
|
||||
# List of backends to be configured
|
||||
backends = keystone.backends.sqlalchemy
|
||||
#For LDAP support, add: ,keystone.backends.ldap
|
||||
|
||||
# Dictionary Maps every service to a header.Missing services would get header
|
||||
# X_(SERVICE_NAME) Key => Service Name, Value => Header Name
|
||||
service-header-mappings = {
|
||||
'nova' : 'X-Server-Management-Url',
|
||||
'swift' : 'X-Storage-Url',
|
||||
'cdn' : 'X-CDN-Management-Url'}
|
||||
|
||||
#List of extensions currently loaded.
|
||||
#Refer docs for list of supported extensions.
|
||||
extensions= osksadm,oskscatalog
|
||||
|
||||
# Address to bind the API server
|
||||
# TODO Properties defined within app not available via pipeline.
|
||||
service_host = 0.0.0.0
|
||||
|
||||
# Port the bind the API server to
|
||||
service_port = 5000
|
||||
|
||||
# Address to bind the Admin API server
|
||||
admin_host = 0.0.0.0
|
||||
|
||||
# Port the bind the Admin API server to
|
||||
admin_port = 35357
|
||||
|
||||
#Role that allows to perform admin operations.
|
||||
keystone-admin-role = KeystoneAdmin
|
||||
|
||||
#Role that allows to perform service admin operations.
|
||||
keystone-service-admin-role = KeystoneServiceAdmin
|
||||
|
||||
[keystone.backends.sqlalchemy]
|
||||
# SQLAlchemy connection string for the reference implementation registry
|
||||
# server. Any valid SQLAlchemy connection string is fine.
|
||||
# See: http://bit.ly/ideIpI
|
||||
#sql_connection = sqlite:///keystone.db
|
||||
sql_connection = %SQL_CONN%
|
||||
backend_entities = ['UserRoleAssociation', 'Endpoints', 'Role', 'Tenant',
|
||||
'User', 'Credentials', 'EndpointTemplates', 'Token',
|
||||
'Service']
|
||||
|
||||
# Period in seconds after which SQLAlchemy should reestablish its connection
|
||||
# to the database.
|
||||
sql_idle_timeout = 30
|
||||
|
||||
[pipeline:admin]
|
||||
pipeline =
|
||||
urlnormalizer
|
||||
d5_compat
|
||||
admin_api
|
||||
|
||||
[pipeline:keystone-legacy-auth]
|
||||
pipeline =
|
||||
urlnormalizer
|
||||
legacy_auth
|
||||
d5_compat
|
||||
service_api
|
||||
|
||||
[app:service_api]
|
||||
paste.app_factory = keystone.server:service_app_factory
|
||||
|
||||
[app:admin_api]
|
||||
paste.app_factory = keystone.server:admin_app_factory
|
||||
|
||||
[filter:urlnormalizer]
|
||||
paste.filter_factory = keystone.frontends.normalizer:filter_factory
|
||||
|
||||
[filter:legacy_auth]
|
||||
paste.filter_factory = keystone.frontends.legacy_token_auth:filter_factory
|
||||
|
||||
[filter:d5_compat]
|
||||
paste.filter_factory = keystone.frontends.d5_compat:filter_factory
|
||||
|
|
@ -1,87 +0,0 @@
|
|||
==============
|
||||
keystone-admin
|
||||
==============
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2011-10-31
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-admin [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-admin starts the administrative API server for Keystone.
|
||||
Use :doc:`keystone-control` to stop/start/restart and manage those services
|
||||
once started.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-admin [options]``
|
||||
|
||||
Common Options
|
||||
--------------
|
||||
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options
|
||||
---------------
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,87 +0,0 @@
|
|||
=============
|
||||
keystone-auth
|
||||
=============
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2011-10-31
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-auth [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-auth starts the service API server for Keystone.
|
||||
Use :doc:`keystone-control` to stop/start/restart and manage those services
|
||||
once started.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-auth [options]``
|
||||
|
||||
Common Options:
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options:
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,101 +0,0 @@
|
|||
================
|
||||
keystone-control
|
||||
================
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2011-10-31
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-control [options] <server> <commands> (<conf path>)
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-control is the command line tool that interacts with the keystone
|
||||
service to configure Keystone
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-control [options] <server> <command> (<conf path>)``
|
||||
|
||||
where server is one of:
|
||||
|
||||
* all
|
||||
* auth
|
||||
* admin
|
||||
|
||||
and command is one of:
|
||||
|
||||
* start
|
||||
* stop
|
||||
* shutdown
|
||||
* restart
|
||||
* reload
|
||||
* force-reload
|
||||
|
||||
Common Options:
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options:
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,86 +0,0 @@
|
|||
===============
|
||||
keystone-import
|
||||
===============
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2011-10-31
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-import [options] filename
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-import takes a file of commands written in the same format as using
|
||||
:doc:`keystone-manage` and imports that data into Keystone. It is intended to
|
||||
import users, tenants, and EC2 credentials from nova into keystone.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-import [options] filename``
|
||||
|
||||
Common Options:
|
||||
^^^^^^^^^^^^^^^
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options:
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,192 +0,0 @@
|
|||
===============
|
||||
keystone-manage
|
||||
===============
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2010-11-16
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-manage [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-manage is the command line tool that interacts with the keystone
|
||||
service to configure Keystone
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-manage [options] type action [additional args]``
|
||||
|
||||
user
|
||||
----
|
||||
|
||||
* **user add** [username] [password]
|
||||
|
||||
adds a user to Keystone's data store
|
||||
|
||||
* **user list**
|
||||
|
||||
lists all users
|
||||
|
||||
* **user disable** [username]
|
||||
|
||||
disables the user *username*
|
||||
|
||||
tenant
|
||||
------
|
||||
|
||||
* **tenant add** [tenant_name]
|
||||
|
||||
adds a tenant to Keystone's data store
|
||||
|
||||
* **tenant list**
|
||||
|
||||
lists all users
|
||||
|
||||
* **tenant disable** [tenant_name]
|
||||
|
||||
role
|
||||
----
|
||||
|
||||
Roles are used to associated users to tenants. Two roles are defined related
|
||||
to the Keystone service in it's configuration file :doc:`../keystone.conf`
|
||||
|
||||
* **role add** [role_name]
|
||||
|
||||
adds a role
|
||||
|
||||
* **role list** ([tenant_name])
|
||||
|
||||
lists all roles, or all roles for tenant, if tenant_name is provided
|
||||
|
||||
* **role grant** [role_name] [username] ([tenant])
|
||||
|
||||
grants a role to a specific user. Granted globally if tenant_name is not
|
||||
provided or granted for a specific tenant if tenant_name is provided.
|
||||
|
||||
service
|
||||
-------
|
||||
|
||||
* **service add** [name] [type] [description] [owner_id]
|
||||
|
||||
adds a service
|
||||
|
||||
* **service list**
|
||||
|
||||
lists all services with id, name, and type
|
||||
|
||||
endpointTemplate
|
||||
----------------
|
||||
|
||||
* **endpointTemplate add** [region] [service_name] [public_url] [admin_url] [internal_url] [enabled] [is_global]
|
||||
|
||||
Add a service endpoint for keystone.
|
||||
|
||||
example::
|
||||
|
||||
keystone-manage endpointTemplates add RegionOne \
|
||||
keystone \
|
||||
http://keystone_host:5000/v2.0 \
|
||||
http://keystone_host:35357/v2.0 \
|
||||
http://keystone_host:5000/v2.0 \
|
||||
1 1
|
||||
|
||||
* **endpointTemplate list** ([tenant_name])
|
||||
|
||||
lists endpoint templates with service, region, and public_url. Restricted to
|
||||
tenant endpoints if tenant_name is provided.
|
||||
|
||||
token
|
||||
-----
|
||||
|
||||
* **token add** [token] [username] [tenant] [expiration]
|
||||
|
||||
adds a token for a given user and tenant with an expiration
|
||||
|
||||
* **token list**
|
||||
|
||||
lists all tokens
|
||||
|
||||
* **token delete** [token]
|
||||
|
||||
deletes the identified token
|
||||
|
||||
endpoint
|
||||
--------
|
||||
|
||||
* **endpoint add** [tenant_name] [endpoint_template]
|
||||
|
||||
adds a tenant-specific endpoint
|
||||
|
||||
credentials
|
||||
-----------
|
||||
|
||||
* **credentials add** [username] [type] [key] [password] ([tenant_name])
|
||||
|
||||
OPTIONS
|
||||
=======
|
||||
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options:
|
||||
================
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,90 +0,0 @@
|
|||
========
|
||||
keystone
|
||||
========
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2010-11-16
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone starts both the service and administrative API servers for Keystone.
|
||||
Use :doc:`keystone-control` to stop/start/restart and manage those services
|
||||
once started.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
keystone ``keystone [options]``
|
||||
|
||||
Common Options:
|
||||
^^^^^^^^^^^^^^^
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
|
||||
The following configuration options are common to all keystone
|
||||
programs.::
|
||||
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options:
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.::
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,85 +0,0 @@
|
|||
==========
|
||||
sampledata
|
||||
==========
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2011-10-31
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
sampledata [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
sampledata creates a development set of sample data for use with testing
|
||||
keystone.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``sampledata [options]``
|
||||
|
||||
Common Options:
|
||||
^^^^^^^^^^^^^^^
|
||||
--version show program's version number and exit
|
||||
-h, --help show this help message and exit
|
||||
-v, --verbose Print more verbose output
|
||||
-d, --debug Print debugging output to console
|
||||
-c PATH, --config-file=PATH Path to the config file to use. When not
|
||||
specified (the default), we generally look at
|
||||
the first argument specified to be a config
|
||||
file, and if that is also missing, we search
|
||||
standard directories for a config file.
|
||||
-p BIND_PORT, --port=BIND_PORT, --bind-port=BIND_PORT
|
||||
specifies port to listen on (default is 5000)
|
||||
--host=BIND_HOST, --bind-host=BIND_HOST
|
||||
specifies host address to listen on (default
|
||||
is all or 0.0.0.0)
|
||||
-t, --trace-calls Turns on call tracing for troubleshooting
|
||||
-a PORT, --admin-port=PORT Specifies port for Admin API to listen on
|
||||
(default is 35357)
|
||||
|
||||
Logging Options:
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
The following configuration options are specific to logging
|
||||
functionality for this program.
|
||||
|
||||
--log-config=PATH If this option is specified, the logging
|
||||
configuration file specified is used and
|
||||
overrides any other logging options specified.
|
||||
Please see the Python logging module
|
||||
documentation for details on logging
|
||||
configuration files.
|
||||
--log-date-format=FORMAT Format string for %(asctime)s in log records.
|
||||
Default: %Y-%m-%d %H:%M:%S
|
||||
--log-file=PATH (Optional) Name of log file to output to. If
|
||||
not set, logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in
|
||||
(will be prepended to --logfile)
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -1,69 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
===============================
|
||||
Service API Examples Using Curl
|
||||
===============================
|
||||
|
||||
The service API is defined to be a subset of the Admin API and, by
|
||||
default, runs on port 5000.
|
||||
|
||||
GET /
|
||||
=====
|
||||
|
||||
This call is identical to that documented for the Admin API, except
|
||||
that it uses port 5000, instead of port 35357, by default::
|
||||
|
||||
$ curl http://0.0.0.0:5000
|
||||
|
||||
or::
|
||||
|
||||
$ curl http://0.0.0.0:5000/v2.0/
|
||||
|
||||
See the `Admin API Examples Using Curl`_ for more info.
|
||||
|
||||
.. _`Admin API Examples Using Curl`: adminAPI_curl_examples.html
|
||||
|
||||
GET /extensions
|
||||
===============
|
||||
|
||||
This call is identical to that documented for the Admin API.
|
||||
|
||||
POST /tokens
|
||||
============
|
||||
|
||||
This call is identical to that documented for the Admin API.
|
||||
|
||||
GET /tenants
|
||||
============
|
||||
|
||||
List all of the tenants your token can access::
|
||||
|
||||
$ curl -H "X-Auth-Token:887665443383838" http://localhost:5000/v2.0/tenants
|
||||
|
||||
Returns::
|
||||
|
||||
{
|
||||
"tenants_links": [],
|
||||
"tenants": [
|
||||
{
|
||||
"enabled": true,
|
||||
"description": "None",
|
||||
"name": "customer-x",
|
||||
"id": "1"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -1,77 +0,0 @@
|
|||
================
|
||||
Testing Keystone
|
||||
================
|
||||
|
||||
Keystone uses a number of testing methodologies to ensure correctness.
|
||||
|
||||
Running Built-In Tests
|
||||
======================
|
||||
|
||||
To run the full suites of tests maintained within Keystone, run::
|
||||
|
||||
$ ./run_tests.sh --with-progress
|
||||
|
||||
This shows realtime feedback during test execution, and iterates over
|
||||
multiple configuration variations.
|
||||
|
||||
This differs from how tests are executed from the continuous integration
|
||||
environment. Specifically, Jenkins doesn't care about realtime progress,
|
||||
and aborts after the first test failure (a fail-fast behavior)::
|
||||
|
||||
$ ./run_tests.sh
|
||||
|
||||
Testing Schema Migrations
|
||||
=========================
|
||||
|
||||
The application of schema migrations can be tested using SQLAlchemy Migrate’s built-in test runner, one migration at a time.
|
||||
|
||||
.. WARNING::
|
||||
|
||||
This may leave your database in an inconsistent state; attempt this in non-production environments only!
|
||||
|
||||
This is useful for testing the *next* migration in sequence (both forward & backward) in a database under version control::
|
||||
|
||||
$ python keystone/backends/sqlalchemy/migrate_repo/manage.py test --url=sqlite:///test.db --repository=keystone/backends/sqlalchemy/migrate_repo/
|
||||
|
||||
This command refers to a SQLite database used for testing purposes. Depending on the migration, this command alone does not make assertions as to the integrity of your data during migration.
|
||||
|
||||
Writing Tests
|
||||
=============
|
||||
|
||||
Tests are maintained in the ``keystone.test`` module. Unit tests are
|
||||
isolated from functional tests.
|
||||
|
||||
Functional Tests
|
||||
----------------
|
||||
|
||||
The ``keystone.test.functional.common`` module provides a ``unittest``-based
|
||||
``httplib`` client which you can extend and use for your own tests.
|
||||
Generally, functional tests should serve to illustrate intended use cases
|
||||
and API behaviors. To help make your tests easier to read, the test client:
|
||||
|
||||
- Authenticates with a known user name and password combination
|
||||
- Asserts 2xx HTTP status codes (unless told otherwise)
|
||||
- Abstracts keystone REST verbs & resources into single function calls
|
||||
|
||||
Testing Multiple Configurations
|
||||
-------------------------------
|
||||
|
||||
Several variations of the default configuration are iterated over to
|
||||
ensure test coverage of mutually exclusive featuresets, such as the
|
||||
various backend options.
|
||||
|
||||
These configuration templates are maintained in ``keystone/test/etc`` and
|
||||
are iterated over by ``run_tests.py``.
|
||||
|
||||
Further Testing
|
||||
===============
|
||||
|
||||
devstack_ is the *best* way to quickly deploy keystone with the rest of the
|
||||
OpenStack universe and should be critical step in your development workflow!
|
||||
|
||||
You may also be interested in either the `OpenStack Continuous Integration Project`_
|
||||
or the `OpenStack Integration Testing Project`_.
|
||||
|
||||
.. _devstack: http://devstack.org/
|
||||
.. _OpenStack Continuous Integration Project: https://github.com/openstack/openstack-ci
|
||||
.. _OpenStack Integration Testing Project: https://github.com/openstack/openstack-integration-tests
|
|
@ -1,28 +0,0 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
==============
|
||||
Using Keystone
|
||||
==============
|
||||
|
||||
Curl examples
|
||||
-------------
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
adminAPI_curl_examples
|
||||
serviceAPI_curl_examples
|
|
@ -0,0 +1,159 @@
|
|||
# Makefile for Sphinx documentation
|
||||
#
|
||||
|
||||
# You can set these variables from the command line.
|
||||
SPHINXOPTS =
|
||||
SPHINXBUILD = sphinx-build
|
||||
PAPER =
|
||||
BUILDDIR = build
|
||||
SOURCEDIR = source
|
||||
SPHINXAPIDOC = sphinx-apidoc
|
||||
|
||||
# Internal variables.
|
||||
PAPEROPT_a4 = -D latex_paper_size=a4
|
||||
PAPEROPT_letter = -D latex_paper_size=letter
|
||||
ALLSPHINXOPTS = -d $(BUILDDIR)/doctrees $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
# the i18n builder cannot share the environment and doctrees with the others
|
||||
I18NSPHINXOPTS = $(PAPEROPT_$(PAPER)) $(SPHINXOPTS) source
|
||||
|
||||
.PHONY: help clean html dirhtml singlehtml pickle json htmlhelp qthelp devhelp epub latex latexpdf text man changes linkcheck doctest gettext
|
||||
|
||||
help:
|
||||
@echo "Please use \`make <target>' where <target> is one of"
|
||||
@echo " autodoc generate the autodoc templates"
|
||||
@echo " html to make standalone HTML files"
|
||||
@echo " dirhtml to make HTML files named index.html in directories"
|
||||
@echo " singlehtml to make a single large HTML file"
|
||||
@echo " pickle to make pickle files"
|
||||
@echo " json to make JSON files"
|
||||
@echo " htmlhelp to make HTML files and a HTML help project"
|
||||
@echo " qthelp to make HTML files and a qthelp project"
|
||||
@echo " devhelp to make HTML files and a Devhelp project"
|
||||
@echo " epub to make an epub"
|
||||
@echo " latex to make LaTeX files, you can set PAPER=a4 or PAPER=letter"
|
||||
@echo " latexpdf to make LaTeX files and run them through pdflatex"
|
||||
@echo " text to make text files"
|
||||
@echo " man to make manual pages"
|
||||
@echo " texinfo to make Texinfo files"
|
||||
@echo " info to make Texinfo files and run them through makeinfo"
|
||||
@echo " gettext to make PO message catalogs"
|
||||
@echo " changes to make an overview of all changed/added/deprecated items"
|
||||
@echo " linkcheck to check all external links for integrity"
|
||||
@echo " doctest to run all doctests embedded in the documentation (if enabled)"
|
||||
|
||||
clean:
|
||||
-rm -rf $(BUILDDIR)/*
|
||||
|
||||
autodoc:
|
||||
$(SPHINXAPIDOC) -f -o $(SOURCEDIR) ../keystone
|
||||
|
||||
html: autodoc
|
||||
$(SPHINXBUILD) -b html $(ALLSPHINXOPTS) $(BUILDDIR)/html
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/html."
|
||||
|
||||
dirhtml:
|
||||
$(SPHINXBUILD) -b dirhtml $(ALLSPHINXOPTS) $(BUILDDIR)/dirhtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML pages are in $(BUILDDIR)/dirhtml."
|
||||
|
||||
singlehtml:
|
||||
$(SPHINXBUILD) -b singlehtml $(ALLSPHINXOPTS) $(BUILDDIR)/singlehtml
|
||||
@echo
|
||||
@echo "Build finished. The HTML page is in $(BUILDDIR)/singlehtml."
|
||||
|
||||
pickle:
|
||||
$(SPHINXBUILD) -b pickle $(ALLSPHINXOPTS) $(BUILDDIR)/pickle
|
||||
@echo
|
||||
@echo "Build finished; now you can process the pickle files."
|
||||
|
||||
json:
|
||||
$(SPHINXBUILD) -b json $(ALLSPHINXOPTS) $(BUILDDIR)/json
|
||||
@echo
|
||||
@echo "Build finished; now you can process the JSON files."
|
||||
|
||||
htmlhelp:
|
||||
$(SPHINXBUILD) -b htmlhelp $(ALLSPHINXOPTS) $(BUILDDIR)/htmlhelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run HTML Help Workshop with the" \
|
||||
".hhp project file in $(BUILDDIR)/htmlhelp."
|
||||
|
||||
qthelp:
|
||||
$(SPHINXBUILD) -b qthelp $(ALLSPHINXOPTS) $(BUILDDIR)/qthelp
|
||||
@echo
|
||||
@echo "Build finished; now you can run "qcollectiongenerator" with the" \
|
||||
".qhcp project file in $(BUILDDIR)/qthelp, like this:"
|
||||
@echo "# qcollectiongenerator $(BUILDDIR)/qthelp/keystone.qhcp"
|
||||
@echo "To view the help file:"
|
||||
@echo "# assistant -collectionFile $(BUILDDIR)/qthelp/keystone.qhc"
|
||||
|
||||
devhelp:
|
||||
$(SPHINXBUILD) -b devhelp $(ALLSPHINXOPTS) $(BUILDDIR)/devhelp
|
||||
@echo
|
||||
@echo "Build finished."
|
||||
@echo "To view the help file:"
|
||||
@echo "# mkdir -p $$HOME/.local/share/devhelp/keystone"
|
||||
@echo "# ln -s $(BUILDDIR)/devhelp $$HOME/.local/share/devhelp/keystone"
|
||||
@echo "# devhelp"
|
||||
|
||||
epub:
|
||||
$(SPHINXBUILD) -b epub $(ALLSPHINXOPTS) $(BUILDDIR)/epub
|
||||
@echo
|
||||
@echo "Build finished. The epub file is in $(BUILDDIR)/epub."
|
||||
|
||||
latex:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo
|
||||
@echo "Build finished; the LaTeX files are in $(BUILDDIR)/latex."
|
||||
@echo "Run \`make' in that directory to run these through (pdf)latex" \
|
||||
"(use \`make latexpdf' here to do that automatically)."
|
||||
|
||||
latexpdf:
|
||||
$(SPHINXBUILD) -b latex $(ALLSPHINXOPTS) $(BUILDDIR)/latex
|
||||
@echo "Running LaTeX files through pdflatex..."
|
||||
$(MAKE) -C $(BUILDDIR)/latex all-pdf
|
||||
@echo "pdflatex finished; the PDF files are in $(BUILDDIR)/latex."
|
||||
|
||||
text:
|
||||
$(SPHINXBUILD) -b text $(ALLSPHINXOPTS) $(BUILDDIR)/text
|
||||
@echo
|
||||
@echo "Build finished. The text files are in $(BUILDDIR)/text."
|
||||
|
||||
man:
|
||||
$(SPHINXBUILD) -b man $(ALLSPHINXOPTS) $(BUILDDIR)/man
|
||||
@echo
|
||||
@echo "Build finished. The manual pages are in $(BUILDDIR)/man."
|
||||
|
||||
texinfo:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo
|
||||
@echo "Build finished. The Texinfo files are in $(BUILDDIR)/texinfo."
|
||||
@echo "Run \`make' in that directory to run these through makeinfo" \
|
||||
"(use \`make info' here to do that automatically)."
|
||||
|
||||
info:
|
||||
$(SPHINXBUILD) -b texinfo $(ALLSPHINXOPTS) $(BUILDDIR)/texinfo
|
||||
@echo "Running Texinfo files through makeinfo..."
|
||||
make -C $(BUILDDIR)/texinfo info
|
||||
@echo "makeinfo finished; the Info files are in $(BUILDDIR)/texinfo."
|
||||
|
||||
gettext:
|
||||
$(SPHINXBUILD) -b gettext $(I18NSPHINXOPTS) $(BUILDDIR)/locale
|
||||
@echo
|
||||
@echo "Build finished. The message catalogs are in $(BUILDDIR)/locale."
|
||||
|
||||
changes:
|
||||
$(SPHINXBUILD) -b changes $(ALLSPHINXOPTS) $(BUILDDIR)/changes
|
||||
@echo
|
||||
@echo "The overview file is in $(BUILDDIR)/changes."
|
||||
|
||||
linkcheck:
|
||||
$(SPHINXBUILD) -b linkcheck $(ALLSPHINXOPTS) $(BUILDDIR)/linkcheck
|
||||
@echo
|
||||
@echo "Link check complete; look for any errors in the above output " \
|
||||
"or in $(BUILDDIR)/linkcheck/output.txt."
|
||||
|
||||
doctest:
|
||||
$(SPHINXBUILD) -b doctest $(ALLSPHINXOPTS) $(BUILDDIR)/doctest
|
||||
@echo "Testing of doctests in the sources finished, look at the " \
|
||||
"results in $(BUILDDIR)/doctest/output.txt."
|
|
@ -1,37 +1,39 @@
|
|||
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
|
||||
<diagram>
|
||||
<source><![CDATA[#!>>
|
||||
#!Keystone Admin registers an openstack service as a service supported by keystone.
|
||||
#!Service credentials returned are provided to the actual service.
|
||||
#!
|
||||
#!Actual services use the service credentials to fetch the service token to create roles, endpoints templates,
|
||||
#!endpoints specific to service and also to validate tokens.
|
||||
#!
|
||||
#!We could extend this behavior to allow any keystone operations carried on behalf of the service to happen
|
||||
#!only using the service token.
|
||||
#!
|
||||
#!Keystone has its own roles to manage itself.Roles specific to a service are available only for that service.
|
||||
#!<<
|
||||
keystone-admin:Actor
|
||||
/queue:FIFO
|
||||
openstack:Service
|
||||
keystone:Service
|
||||
<source><![CDATA[client:client "Client"
|
||||
compat:compat "Compat"
|
||||
token:token "Token Service"
|
||||
identity:identity "Identity Service"
|
||||
catalog:catalog "Catalog Service"
|
||||
|
||||
[c:Register_Service]
|
||||
keystone-admin:keystone.Register Openstack Service (Service Details)
|
||||
keystone:keystone-admin.Provide Service Credentials
|
||||
keystone-admin:openstack.Provide Service Credentials
|
||||
[c "Auth, No Tenant"]
|
||||
client:{token, user, service_catalog}=compat.POST /v2.0/tokens {'username': user, 'password': password}
|
||||
compat:(user, password, None)=identity.authenticate(user, password, tenant=None)
|
||||
compat:(id, user, password, None)=token.create_token(user, password, tenant=None)
|
||||
compat:{service_catalog (includes all tenants)}=catalog.get_catalog(user, None)
|
||||
[/c]
|
||||
|
||||
[c:Authenticate]
|
||||
openstack:service_token=keystone.Service Credentials
|
||||
[c "Auth, With Tenant"]
|
||||
client:{scoped_token, user, service_catalog}=compat.POST /v2.0/tokens {'username': user, 'password': password, 'tenant': tenant}
|
||||
compat:(user, password, tenant)=identity.authenticate(user, password, tenant)
|
||||
compat:(id, user, password, tenant)=token.create_token(user, password, tenant)
|
||||
compat:{service_catalog (includes all tenants)}=catalog.get_catalog(user, tenant)
|
||||
[/c]
|
||||
|
||||
[c:Service_Operations]
|
||||
openstack:keystone.Add Service Specific Roles<service_token>
|
||||
openstack:keystone.Add Service Specific Endpoint Templates<service_token>
|
||||
openstack:keystone.Add Service Specific Endpoints<service_token>
|
||||
openstack:keystone.Validate Token<service_token>
|
||||
[c "Validate Token, Unscoped"]
|
||||
client:{token, user, tenant=None}=compat.GET /v2.0/tokens/$token
|
||||
compat:{token, user, tenant}=token.get_token($token)
|
||||
[/c]
|
||||
|
||||
[c "Validate Token, With Tenant"]
|
||||
client:{token, user, tenant}=compat.GET /v2.0/tokens/$token?belongs_to=$tenant
|
||||
compat:{token, user, tenant}=token.get_token($token)
|
||||
[/c]
|
||||
|
||||
[c "Tenants for Token"]
|
||||
client:{tenants}=compat.(X-Auth-Token: $token) GET /v2.0/tenants
|
||||
compat:{token, user, tenant}=token.get_token($token)
|
||||
compat:{token, user, tenant}=identity.get_tenants($user)
|
||||
[/c]]]></source>
|
||||
<configuration>
|
||||
<property name="activationBarBorderThickness" value="1"/>
|
|
@ -14,6 +14,61 @@
|
|||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
|
||||
===============================
|
||||
Service API Examples Using Curl
|
||||
===============================
|
||||
|
||||
The service API is defined to be a subset of the Admin API and, by
|
||||
default, runs on port 5000.
|
||||
|
||||
GET /
|
||||
=====
|
||||
|
||||
This call is identical to that documented for the Admin API, except
|
||||
that it uses port 5000, instead of port 35357, by default::
|
||||
|
||||
$ curl http://0.0.0.0:5000
|
||||
|
||||
or::
|
||||
|
||||
$ curl http://0.0.0.0:5000/v2.0/
|
||||
|
||||
See the `Admin API Examples Using Curl`_ for more info.
|
||||
|
||||
.. _`Admin API Examples Using Curl`: adminAPI_curl_examples.html
|
||||
|
||||
GET /extensions
|
||||
===============
|
||||
|
||||
This call is identical to that documented for the Admin API.
|
||||
|
||||
POST /tokens
|
||||
============
|
||||
|
||||
This call is identical to that documented for the Admin API.
|
||||
|
||||
GET /tenants
|
||||
============
|
||||
|
||||
List all of the tenants your token can access::
|
||||
|
||||
$ curl -H "X-Auth-Token:887665443383838" http://localhost:5000/v2.0/tenants
|
||||
|
||||
Returns::
|
||||
|
||||
{
|
||||
"tenants_links": [],
|
||||
"tenants": [
|
||||
{
|
||||
"enabled": true,
|
||||
"description": "None",
|
||||
"name": "customer-x",
|
||||
"id": "1"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
=============================
|
||||
Admin API Examples Using Curl
|
||||
=============================
|
|
@ -0,0 +1,203 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
Keystone Architecture
|
||||
=====================
|
||||
|
||||
Much of the design is precipitated from the expectation that the auth backends
|
||||
for most deployments will actually be shims in front of existing user systems.
|
||||
|
||||
------------
|
||||
The Services
|
||||
------------
|
||||
|
||||
Keystone is organized as a group of services exposed on one or many endpoints.
|
||||
Many of these services are used in a combined fashion by the frontend, for
|
||||
example an authenticate call will validate user/tenant credentials with the
|
||||
Identity service and, upon success, create and return a token with the Token
|
||||
service.
|
||||
|
||||
|
||||
Identity
|
||||
--------
|
||||
|
||||
The Identity service provides auth credential validation and data about Users,
|
||||
Tenants and Roles, as well as any associated metadata.
|
||||
|
||||
In the basic case all this data is managed by the service, allowing the service
|
||||
to manage all the CRUD associated with the data.
|
||||
|
||||
In other cases, this data is pulled, by varying degrees, from an authoritative
|
||||
backend service. An example of this would be when backending on LDAP. See
|
||||
`LDAP Backend` below for more details.
|
||||
|
||||
|
||||
Token
|
||||
-----
|
||||
|
||||
The Token service validates and manages Tokens used for authenticating requests
|
||||
once a user/tenant's credentials have already been verified.
|
||||
|
||||
|
||||
Catalog
|
||||
-------
|
||||
|
||||
The Catalog service provides an endpoint registry used for endpoint discovery.
|
||||
|
||||
|
||||
Policy
|
||||
------
|
||||
|
||||
The Policy service provides a rule-based authorization engine and the
|
||||
associated rule management interface.
|
||||
|
||||
----------
|
||||
Data Model
|
||||
----------
|
||||
|
||||
Keystone was designed from the ground up to be amenable to multiple styles of
|
||||
backends and as such many of the methods and data types will happily accept
|
||||
more data than they know what to do with and pass them on to a backend.
|
||||
|
||||
There are a few main data types:
|
||||
|
||||
* **User**: has account credentials, is associated with one or more tenants
|
||||
* **Tenant**: unit of ownership in openstack, contains one or more users
|
||||
* **Role**: a first-class piece of metadata associated with many user-tenant pairs.
|
||||
* **Token**: identifying credential associated with a user or user and tenant
|
||||
* **Extras**: bucket of key-value metadata associated with a user-tenant pair.
|
||||
* **Rule**: describes a set of requirements for performing an action.
|
||||
|
||||
While the general data model allows a many-to-many relationship between Users
|
||||
and Tenants and a many-to-one relationship between Extras and User-Tenant pairs,
|
||||
the actual backend implementations take varying levels of advantage of that
|
||||
functionality.
|
||||
|
||||
|
||||
KVS Backend
|
||||
-----------
|
||||
|
||||
A simple backend interface meant to be further backended on anything that can
|
||||
support primary key lookups, the most trivial implementation being an in-memory
|
||||
dict.
|
||||
|
||||
Supports all features of the general data model.
|
||||
|
||||
|
||||
PAM Backend
|
||||
-----------
|
||||
|
||||
Extra simple backend that uses the current system's PAM service to authenticate,
|
||||
providing a one-to-one relationship between Users and Tenants with the `root`
|
||||
User also having the 'admin' role.
|
||||
|
||||
|
||||
Templated Backend
|
||||
-----------------
|
||||
|
||||
Largely designed for a common use case around service catalogs in the Keystone
|
||||
project, a Catalog backend that simply expands pre-configured templates to
|
||||
provide catalog data.
|
||||
|
||||
Example paste.deploy config (uses $ instead of % to avoid ConfigParser's
|
||||
interpolation)::
|
||||
|
||||
[DEFAULT]
|
||||
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
|
||||
catalog.RegionOne.identity.name = 'Identity Service'
|
||||
|
||||
|
||||
----------------
|
||||
Approach to CRUD
|
||||
----------------
|
||||
|
||||
While it is expected that any "real" deployment at a large company will manage
|
||||
their users, tenants and other metadata in their existing user systems, a
|
||||
variety of CRUD operations are provided for the sake of development and testing.
|
||||
|
||||
CRUD is treated as an extension or additional feature to the core feature set in
|
||||
that it is not required that a backend support it.
|
||||
|
||||
|
||||
----------------------------------
|
||||
Approach to Authorization (Policy)
|
||||
----------------------------------
|
||||
|
||||
Various components in the system require that different actions are allowed
|
||||
based on whether the user is authorized to perform that action.
|
||||
|
||||
For the purposes of Keystone Light there are only a couple levels of
|
||||
authorization being checked for:
|
||||
|
||||
* Require that the performing user is considered an admin.
|
||||
* Require that the performing user matches the user being referenced.
|
||||
|
||||
Other systems wishing to use the policy engine will require additional styles
|
||||
of checks and will possibly write completely custom backends. Backends included
|
||||
in Keystone Light are:
|
||||
|
||||
|
||||
Trivial True
|
||||
------------
|
||||
|
||||
Allows all actions.
|
||||
|
||||
|
||||
Simple Match
|
||||
------------
|
||||
|
||||
Given a list of matches to check for, simply verify that the credentials
|
||||
contain the matches. For example::
|
||||
|
||||
credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']}
|
||||
|
||||
# An admin only call:
|
||||
policy_api.can_haz(('is_admin:1',), credentials)
|
||||
|
||||
# An admin or owner call:
|
||||
policy_api.can_haz(('is_admin:1', 'user_id:foo'),
|
||||
credentials)
|
||||
|
||||
# A netadmin call:
|
||||
policy_api.can_haz(('roles:nova:netadmin',),
|
||||
credentials)
|
||||
|
||||
|
||||
Credentials are generally built from the user metadata in the 'extras' part
|
||||
of the Identity API. So, adding a 'role' to the user just means adding the role
|
||||
to the user metadata.
|
||||
|
||||
|
||||
Capability RBAC
|
||||
---------------
|
||||
|
||||
(Not yet implemented.)
|
||||
|
||||
Another approach to authorization can be action-based, with a mapping of roles
|
||||
to which capabilities are allowed for that role. For example::
|
||||
|
||||
credentials = {'user_id': 'foo', 'is_admin': 1, 'roles': ['nova:netadmin']}
|
||||
|
||||
# add a policy
|
||||
policy_api.add_policy('action:nova:add_network', ('roles:nova:netadmin',))
|
||||
|
||||
policy_api.can_haz(('action:nova:add_network',), credentials)
|
||||
|
||||
|
||||
In the backend this would look up the policy for 'action:nova:add_network' and
|
||||
then do what is effectively a 'Simple Match' style match against the creds.
|
|
@ -33,20 +33,6 @@ from blueprint designs to documentation to testing to deployment scripts.
|
|||
.. _Launchpad: https://launchpad.net/keystone
|
||||
.. _wiki: http://wiki.openstack.org/
|
||||
|
||||
|
||||
|
||||
Contributing Code
|
||||
-----------------
|
||||
|
||||
To contribute code, sign up for a Launchpad account and sign a contributor license agreement,
|
||||
available on the `<http://wiki.openstack.org/CLA>`_. Once the CLA is signed you
|
||||
can contribute code through the Gerrit version control system which is related to your Launchpad account.
|
||||
|
||||
To contribute tests, docs, code, etc, refer to our `Gerrit-Jenkins-Github Workflow`_.
|
||||
|
||||
.. _`Gerrit-Jenkins-Github Workflow`: http://wiki.openstack.org/GerritJenkinsGithub
|
||||
|
||||
|
||||
#openstack on Freenode IRC Network
|
||||
----------------------------------
|
||||
|
||||
|
@ -68,10 +54,10 @@ to write drafts for specs or documentation, describe a blueprint, or collaborate
|
|||
Keystone on Launchpad
|
||||
---------------------
|
||||
|
||||
Launchpad is a code hosting service that hosts the Keystone source code. From
|
||||
Launchpad you can report bugs, ask questions, and register blueprints (feature requests).
|
||||
Launchpad is a code hosting that OpenStack is using to track bugs, feature work, and releases of OpenStack. Like other OpenStack projects, Keystone source code is hosted on GitHub
|
||||
|
||||
* `Launchpad Keystone Page <http://launchpad.net/keystone>`_
|
||||
* `Keystone Project Page on Launchpad <http://launchpad.net/keystone>`_
|
||||
* `Keystone Source Repository on GitHub <http://github.com/openstack/keystone>`_
|
||||
|
||||
OpenStack Blog
|
||||
--------------
|
||||
|
@ -82,9 +68,9 @@ events and posts from OpenStack contributors.
|
|||
|
||||
`OpenStack Blog <http://openstack.org/blog>`_
|
||||
|
||||
See also: `Planet OpenStack <http://planet.openstack.org/>`_, aggregating blogs
|
||||
about OpenStack from around the internet into a single feed. If you'd like to contribute to this blog
|
||||
aggregation with your blog posts, there are instructions for `adding your blog <http://wiki.openstack.org/AddingYourBlog>`_.
|
||||
See also: `Planet OpenStack <http://planet.openstack.org/>`_, an aggregation of blogs
|
||||
about OpenStack from around the internet, combined into a web site and RSS feed. If you'd like to
|
||||
contribute with your blog posts, there are instructions for `adding your blog <http://wiki.openstack.org/AddingYourBlog>`_.
|
||||
|
||||
Twitter
|
||||
-------
|
|
@ -1,25 +1,9 @@
|
|||
# -*- coding: utf-8 -*-
|
||||
# Copyright (c) 2010 OpenStack, LLC.
|
||||
#
|
||||
# Licensed under the Apache License, Version 2.0 (the "License");
|
||||
# you may not use this file except in compliance with the License.
|
||||
# You may obtain a copy of the License at
|
||||
# keystone documentation build configuration file, created by
|
||||
# sphinx-quickstart on Mon Jan 9 12:02:59 2012.
|
||||
#
|
||||
# http://www.apache.org/licenses/LICENSE-2.0
|
||||
#
|
||||
# Unless required by applicable law or agreed to in writing, software
|
||||
# distributed under the License is distributed on an "AS IS" BASIS,
|
||||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
|
||||
# implied.
|
||||
# See the License for the specific language governing permissions and
|
||||
# limitations under the License.
|
||||
|
||||
#
|
||||
# Keystone documentation build configuration file, created by
|
||||
# sphinx-quickstart on Tue May 18 13:50:15 2010.
|
||||
#
|
||||
# This file is execfile()'d with the current directory set to it's containing
|
||||
# dir.
|
||||
# This file is execfile()d with the current directory set to its containing dir.
|
||||
#
|
||||
# Note that not all possible configuration values are present in this
|
||||
# autogenerated file.
|
||||
|
@ -27,29 +11,26 @@
|
|||
# All configuration values have a default; values that are commented out
|
||||
# serve to show the default.
|
||||
|
||||
import os
|
||||
import sys
|
||||
import os
|
||||
|
||||
# If extensions (or modules to document with autodoc) are in another directory,
|
||||
# add these directories to sys.path here. If the directory is relative to the
|
||||
# documentation root, use os.path.abspath to make it absolute, like shown here.
|
||||
sys.path = [os.path.abspath('../../keystone'),
|
||||
os.path.abspath('../..'),
|
||||
os.path.abspath('../../bin')
|
||||
] + sys.path
|
||||
sys.path.insert(0, os.path.abspath('../..'))
|
||||
|
||||
# -- General configuration ---------------------------------------------------
|
||||
# -- General configuration -----------------------------------------------------
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be
|
||||
# extensions coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
|
||||
# If your documentation needs a minimal Sphinx version, state it here.
|
||||
#needs_sphinx = '1.0'
|
||||
|
||||
# Add any Sphinx extension module names here, as strings. They can be extensions
|
||||
# coming with Sphinx (named 'sphinx.ext.*') or your custom ones.
|
||||
#extensions = ['sphinx.ext.autodoc', 'sphinx.ext.intersphinx', 'sphinx.ext.todo', 'sphinx.ext.coverage']
|
||||
extensions = ['sphinx.ext.autodoc',
|
||||
'sphinx.ext.coverage',
|
||||
'sphinx.ext.viewcode',
|
||||
'sphinx.ext.ifconfig',
|
||||
'sphinx.ext.intersphinx',
|
||||
'sphinx.ext.pngmath',
|
||||
'sphinx.ext.graphviz',
|
||||
'sphinx.ext.todo']
|
||||
'sphinx.ext.todo',
|
||||
# 'sphinx.ect.intersphinx',
|
||||
'sphinx.ext.coverage']
|
||||
|
||||
todo_include_todos = True
|
||||
|
||||
|
@ -64,25 +45,23 @@ else:
|
|||
source_suffix = '.rst'
|
||||
|
||||
# The encoding of source files.
|
||||
#source_encoding = 'utf-8'
|
||||
#source_encoding = 'utf-8-sig'
|
||||
|
||||
# The master toctree document.
|
||||
master_doc = 'index'
|
||||
|
||||
# General information about the project.
|
||||
project = u'Keystone'
|
||||
copyright = u'2011-present, OpenStack, LLC.'
|
||||
project = u'keystone'
|
||||
copyright = u'2012, OpenStack, LLC'
|
||||
|
||||
# The version info for the project you're documenting, acts as replacement for
|
||||
# |version| and |release|, also used in various other places throughout the
|
||||
# built documents.
|
||||
#
|
||||
# The short X.Y version.
|
||||
from keystone import version
|
||||
version = '2012.1'
|
||||
# The full version, including alpha/beta/rc tags.
|
||||
release = version.version()
|
||||
# The short X.Y version.
|
||||
version = version.canonical_version()
|
||||
release = '2012.1-dev'
|
||||
|
||||
# The language for content autogenerated by Sphinx. Refer to documentation
|
||||
# for a list of supported languages.
|
||||
|
@ -94,14 +73,11 @@ version = version.canonical_version()
|
|||
# Else, today_fmt is used as the format for a strftime call.
|
||||
#today_fmt = '%B %d, %Y'
|
||||
|
||||
# List of documents that shouldn't be included in the build.
|
||||
#unused_docs = []
|
||||
# List of patterns, relative to source directory, that match files and
|
||||
# directories to ignore when looking for source files.
|
||||
exclude_patterns = []
|
||||
|
||||
# List of directories, relative to source directory, that shouldn't be searched
|
||||
# for source files.
|
||||
exclude_trees = []
|
||||
|
||||
# The reST default role (for this markup: `text`) to use for all documents.
|
||||
# The reST default role (used for this markup: `text`) to use for all documents.
|
||||
#default_role = None
|
||||
|
||||
# If true, '()' will be appended to :func: etc. cross-reference text.
|
||||
|
@ -129,23 +105,15 @@ modindex_common_prefix = ['keystone.']
|
|||
man_pages = [
|
||||
('man/keystone-manage', 'keystone-manage', u'Keystone Management Utility',
|
||||
[u'OpenStack'], 1),
|
||||
('man/keystone', 'keystone', u'Keystone Startup Command',
|
||||
('man/keystone-all', 'keystone-all', u'Keystone Startup Command',
|
||||
[u'OpenStack'], 1),
|
||||
('man/keystone-auth', 'keystone-auth', u'Keystone Startup Command',
|
||||
[u'OpenStack'], 1),
|
||||
('man/keystone-admin', 'keystone-admin', u'Keystone Startup Command',
|
||||
[u'OpenStack'], 1),
|
||||
('man/keystone-import', 'keystone-import', u'Keystone Management Utility',
|
||||
[u'OpenStack'], 1),
|
||||
('man/keystone-control', 'keystone-control',
|
||||
u'Keystone Management Utility', [u'OpenStack'], 1)
|
||||
]
|
||||
|
||||
|
||||
# -- Options for HTML output -------------------------------------------------
|
||||
# -- Options for HTML output ---------------------------------------------------
|
||||
|
||||
# The theme to use for HTML and HTML Help pages. Major themes that come with
|
||||
# Sphinx are currently 'default' and 'sphinxdoc'.
|
||||
# The theme to use for HTML and HTML Help pages. See the documentation for
|
||||
# a list of builtin themes.
|
||||
html_theme_path = ["."]
|
||||
html_theme = '_theme'
|
||||
|
||||
|
@ -155,7 +123,7 @@ html_theme = '_theme'
|
|||
#html_theme_options = {}
|
||||
|
||||
# Add any paths that contain custom themes here, relative to this directory.
|
||||
#html_theme_path = ['_theme']
|
||||
#html_theme_path = []
|
||||
|
||||
# The name for this set of Sphinx documents. If None, it defaults to
|
||||
# "<project> v<release> documentation".
|
||||
|
@ -176,7 +144,7 @@ html_theme = '_theme'
|
|||
# Add any paths that contain custom static files (such as style sheets) here,
|
||||
# relative to this directory. They are copied after the builtin static files,
|
||||
# so a file named "default.css" will overwrite the builtin "default.css".
|
||||
html_static_path = ['_static', 'images']
|
||||
html_static_path = ['static', 'images']
|
||||
|
||||
# If not '', a 'Last updated on:' timestamp is inserted at every page bottom,
|
||||
# using the given strftime format.
|
||||
|
@ -194,7 +162,7 @@ html_static_path = ['_static', 'images']
|
|||
#html_additional_pages = {}
|
||||
|
||||
# If false, no module index is generated.
|
||||
#html_use_modindex = True
|
||||
#html_domain_indices = True
|
||||
|
||||
# If false, no index is generated.
|
||||
#html_use_index = True
|
||||
|
@ -205,32 +173,42 @@ html_static_path = ['_static', 'images']
|
|||
# If true, links to the reST sources are added to the pages.
|
||||
#html_show_sourcelink = True
|
||||
|
||||
# If true, "Created using Sphinx" is shown in the HTML footer. Default is True.
|
||||
#html_show_sphinx = True
|
||||
|
||||
# If true, "(C) Copyright ..." is shown in the HTML footer. Default is True.
|
||||
#html_show_copyright = True
|
||||
|
||||
# If true, an OpenSearch description file will be output, and all pages will
|
||||
# contain a <link> tag referring to it. The value of this option must be the
|
||||
# base URL from which the finished HTML is served.
|
||||
#html_use_opensearch = ''
|
||||
|
||||
# If nonempty, this is the file name suffix for HTML files (e.g. ".xhtml").
|
||||
#html_file_suffix = ''
|
||||
# This is the file name suffix for HTML files (e.g. ".xhtml").
|
||||
#html_file_suffix = None
|
||||
|
||||
# Output file base name for HTML help builder.
|
||||
htmlhelp_basename = 'keystonedoc'
|
||||
|
||||
|
||||
# -- Options for LaTeX output ------------------------------------------------
|
||||
# -- Options for LaTeX output --------------------------------------------------
|
||||
|
||||
# The paper size ('letter' or 'a4').
|
||||
#latex_paper_size = 'letter'
|
||||
latex_elements = {
|
||||
# The paper size ('letterpaper' or 'a4paper').
|
||||
#'papersize': 'letterpaper',
|
||||
|
||||
# The font size ('10pt', '11pt' or '12pt').
|
||||
#latex_font_size = '10pt'
|
||||
#'pointsize': '10pt',
|
||||
|
||||
# Additional stuff for the LaTeX preamble.
|
||||
#'preamble': '',
|
||||
}
|
||||
|
||||
# Grouping the document tree into LaTeX files. List of tuples
|
||||
# (source start file, target name, title, author,
|
||||
# documentclass [howto/manual]).
|
||||
# (source start file, target name, title, author, documentclass [howto/manual]).
|
||||
latex_documents = [
|
||||
('index', 'Keystone.tex', u'Keystone Documentation',
|
||||
u'Keystone Team', 'manual'),
|
||||
('index', 'keystone.tex', u'Keystone Documentation',
|
||||
u'OpenStack', 'manual'),
|
||||
]
|
||||
|
||||
# The name of an image file (relative to this directory) to place at the top of
|
||||
|
@ -241,16 +219,55 @@ latex_documents = [
|
|||
# not chapters.
|
||||
#latex_use_parts = False
|
||||
|
||||
# Additional stuff for the LaTeX preamble.
|
||||
#latex_preamble = ''
|
||||
# If true, show page references after internal links.
|
||||
#latex_show_pagerefs = False
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#latex_show_urls = False
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#latex_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#latex_use_modindex = True
|
||||
#latex_domain_indices = True
|
||||
|
||||
|
||||
# -- Options for manual page output --------------------------------------------
|
||||
|
||||
# One entry per manual page. List of tuples
|
||||
# (source start file, name, description, authors, manual section).
|
||||
man_pages = [
|
||||
('index', 'keystone', u'Keystone Documentation',
|
||||
[u'OpenStack'], 1)
|
||||
]
|
||||
|
||||
# If true, show URL addresses after external links.
|
||||
#man_show_urls = False
|
||||
|
||||
|
||||
# -- Options for Texinfo output ------------------------------------------------
|
||||
|
||||
# Grouping the document tree into Texinfo files. List of tuples
|
||||
# (source start file, target name, title, author,
|
||||
# dir menu entry, description, category)
|
||||
texinfo_documents = [
|
||||
('index', 'keystone', u'Keystone Documentation',
|
||||
u'OpenStack', 'keystone', 'One line description of project.',
|
||||
'Miscellaneous'),
|
||||
]
|
||||
|
||||
# Documents to append as an appendix to all manuals.
|
||||
#texinfo_appendices = []
|
||||
|
||||
# If false, no module index is generated.
|
||||
#texinfo_domain_indices = True
|
||||
|
||||
# How to display URL addresses: 'footnote', 'no', or 'inline'.
|
||||
#texinfo_show_urls = 'footnote'
|
||||
|
||||
|
||||
# Example configuration for intersphinx: refer to the Python standard library.
|
||||
#intersphinx_mapping = {'http://docs.python.org/': None}
|
||||
intersphinx_mapping = {'python': ('http://docs.python.org/', None),
|
||||
'nova': ('http://nova.openstack.org', None),
|
||||
'swift': ('http://swift.openstack.org', None),
|
|
@ -0,0 +1,488 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
====================
|
||||
Configuring Keystone
|
||||
====================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
man/keystone-manage
|
||||
man/keystone-all
|
||||
|
||||
Once Keystone is installed, it is configured via a primary configuration file
|
||||
(``etc/keystone.conf``), possibly a separate logging configuration file, and
|
||||
initializing data into keystone using the command line client.
|
||||
|
||||
|
||||
Keystone Configuration File
|
||||
===========================
|
||||
|
||||
The keystone configuration file is an 'ini' file format with sections,
|
||||
extended from Paste_, a common system used to configure python WSGI based
|
||||
applications. In addition to the paste config entries, general configuration
|
||||
values are stored under ``[DEFAULT]``, ``[sql]``, ``[ec2]`` and then drivers
|
||||
for the various services are included under their individual sections.
|
||||
|
||||
The services include:
|
||||
* ``[identity]`` - the python module that backends the identity system
|
||||
* ``[catalog]`` - the python module that backends the service catalog
|
||||
* ``[token]`` - the python module that backends the token providing mechanisms
|
||||
* ``[policy]`` - the python module that drives the policy system for RBAC
|
||||
|
||||
The keystone configuration file is expected to be named ``keystone.conf``.
|
||||
When starting up Keystone, you can specify a different configuration file to
|
||||
use with ``--config-file``. If you do **not** specify a configuration file,
|
||||
keystone will look in the following directories for a configuration file, in
|
||||
order:
|
||||
|
||||
* ``~/.keystone``
|
||||
* ``~/``
|
||||
* ``/etc/keystone``
|
||||
* ``/etc``
|
||||
|
||||
Logging is configured externally to the rest of keystone, the file specifying
|
||||
the logging configuration is in the [DEFAULT] section of the keystone conf
|
||||
file under ``log_config``. If you wish to route all your logging through
|
||||
syslog, there is a ``use_syslog`` option also in the [DEFAULT] section that
|
||||
easy.
|
||||
|
||||
A sample logging file is available with the project in the directory
|
||||
``etc/logging.conf.sample``. Like other OpenStack projects, keystone uses the
|
||||
`python logging module`, which includes extensive configuration options for
|
||||
choosing the output levels and formats.
|
||||
|
||||
In addition to this documentation page, you can check the ``etc/keystone.conf``
|
||||
sample configuration files distributed with keystone for example configuration
|
||||
files for each server application.
|
||||
|
||||
.. _Paste: http://pythonpaste.org/
|
||||
.. _`python logging module`: http://docs.python.org/library/logging.html
|
||||
|
||||
Sample Configuration Files
|
||||
--------------------------
|
||||
|
||||
* ``etc/keystone.conf``
|
||||
* ``etc/logging.conf.sample``
|
||||
|
||||
Running Keystone
|
||||
================
|
||||
|
||||
Running keystone is simply starting the services by using the command::
|
||||
|
||||
keystone-all
|
||||
|
||||
Invoking this command starts up two wsgi.Server instances, configured by the
|
||||
``keystone.conf`` file as described above. One of these wsgi 'servers' is
|
||||
``admin`` (the administration API) and the other is ``main`` (the
|
||||
primary/public API interface). Both of these run in a single process.
|
||||
|
||||
Migrating from legacy versions of keystone
|
||||
==========================================
|
||||
Migration support is provided for the following legacy keystone versions:
|
||||
|
||||
* diablo-5
|
||||
* stable/diablo
|
||||
* essex-2
|
||||
* essex-3
|
||||
|
||||
To migrate from legacy versions of keystone, use the following steps:
|
||||
|
||||
Step 1: Configure keystone.conf
|
||||
-------------------------------
|
||||
It is important that the database that you specify be different from the one
|
||||
containing your existing install.
|
||||
|
||||
Step 2: db_sync your new, empty database
|
||||
----------------------------------------
|
||||
Run the following command to configure the most recent schema in your new
|
||||
keystone installation::
|
||||
|
||||
keystone-manage db_sync
|
||||
|
||||
Step 3: Import your legacy data
|
||||
-------------------------------
|
||||
Use the following command to import your old data::
|
||||
|
||||
keystone-manage import_legacy [db_url, e.g. 'mysql://root@foobar/keystone']
|
||||
|
||||
Specify db_url as the connection string that was present in your old
|
||||
keystone.conf file.
|
||||
|
||||
Step 3: Import your legacy service catalog
|
||||
------------------------------------------
|
||||
While the older keystone stored the service catalog in the database,
|
||||
the updated version configures the service catalog using a template file.
|
||||
An example service catalog template file may be found in
|
||||
etc/default_catalog.templates.
|
||||
|
||||
To import your legacy catalog, run this command::
|
||||
|
||||
keystone-manage export_legacy_catalog \
|
||||
[db_url e.g. 'mysql://root@foobar/keystone'] > \
|
||||
[path_to_templates e.g. 'etc/default_catalog.templates']
|
||||
|
||||
After executing this command, you will need to restart the keystone service to
|
||||
see your changes.
|
||||
|
||||
Initializing Keystone
|
||||
=====================
|
||||
|
||||
keystone-manage is designed to execute commands that cannot be administered
|
||||
through the normal REST api. At the moment, the following calls are supported:
|
||||
|
||||
* ``db_sync``: Sync the database.
|
||||
* ``import_legacy``: Import a legacy (pre-essex) version of the db.
|
||||
* ``export_legacy_catalog``: Export service catalog from a legacy (pre-essex) db.
|
||||
|
||||
|
||||
Generally, the following is the first step after a source installation::
|
||||
|
||||
keystone-manage db_sync
|
||||
|
||||
Invoking keystone-manage by itself will give you additional usage information.
|
||||
|
||||
Adding Users, Tenants, and Roles with python-keystoneclient
|
||||
===========================================================
|
||||
|
||||
User, tenants, and roles must be administered using admin credentials.
|
||||
There are two ways to configure python-keystoneclient to use admin
|
||||
credentials, using the token auth method, or password auth method.
|
||||
|
||||
Token Auth Method
|
||||
-----------------
|
||||
To use keystone client using token auth, set the following flags
|
||||
|
||||
* ``--endpoint SERVIVE_ENDPOINT`` : allows you to specify the keystone endpoint to communicate
|
||||
with. The default endpoint is http://localhost:35357/v2.0'
|
||||
* ``--token SERVIVE_TOKEN`` : your administrator service token.
|
||||
|
||||
Password Auth Method
|
||||
--------------------
|
||||
|
||||
* ``--username OS_USERNAME`` : allows you to specify the keystone endpoint to communicate
|
||||
with. For example, http://localhost:35357/v2.0'
|
||||
* ``--password OS_PASSWORD`` : Your administrator password
|
||||
* ``--tenant_name OS_TENANT_NAME`` : Name of your tenant
|
||||
* ``--auth_url OS_AUTH_URL`` : url of your keystone auth server, for example
|
||||
http://localhost:5000/v2.0'
|
||||
|
||||
Example usage
|
||||
-------------
|
||||
``keystone`` is set up to expect commands in the general form of
|
||||
``keystone`` ``command`` ``argument``, followed by flag-like keyword arguments to
|
||||
provide additional (often optional) information. For example, the command
|
||||
``user-list`` and ``tenant-create`` can be invoked as follows::
|
||||
|
||||
# Using token auth env variables
|
||||
export SERVICE_ENDPOINT=http://127.0.0.1:5000/v2.0/
|
||||
export SERVICE_TOKEN=secrete_token
|
||||
keystone user-list
|
||||
keystone tenant-create --name=demo
|
||||
|
||||
# Using token auth flags
|
||||
keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ user-list
|
||||
keystone --token=secrete --endpoint=http://127.0.0.1:5000/v2.0/ tenant-create --name=demo
|
||||
|
||||
# Using user + password + tenant_name env variables
|
||||
export OS_USERNAME=admin
|
||||
export OS_PASSWORD=secrete
|
||||
export OS_TENANT_NAME=admin
|
||||
keystone user-list
|
||||
keystone tenant-create --name=demo
|
||||
|
||||
# Using user + password + tenant_name flags
|
||||
keystone --username=admin --password=secrete --tenant_name=admin user-list
|
||||
keystone --username=admin --password=secrete --tenant_name=admin tenant-create --name=demo
|
||||
|
||||
Tenants
|
||||
-------
|
||||
|
||||
Tenants are the high level grouping within Keystone that represent groups of
|
||||
users. A tenant is the grouping that owns virtual machines within Nova, or
|
||||
containers within Swift. A tenant can have zero or more users, Users can
|
||||
be associated with more than one tenant, and each tenant - user pairing can
|
||||
have a role associated with it.
|
||||
|
||||
``tenant-create``
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
keyword arguments
|
||||
|
||||
* name
|
||||
* description (optional, defaults to None)
|
||||
* enabled (optional, defaults to True)
|
||||
|
||||
example::
|
||||
|
||||
keystone tenant-create --name=demo
|
||||
|
||||
creates a tenant named "demo".
|
||||
|
||||
``tenant-delete``
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* tenant_id
|
||||
|
||||
example::
|
||||
|
||||
keystone tenant-delete f2b7b39c860840dfa47d9ee4adffa0b3
|
||||
|
||||
``tenant-enable``
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* tenant_id
|
||||
|
||||
example::
|
||||
|
||||
keystone tenant-enable f2b7b39c860840dfa47d9ee4adffa0b3
|
||||
|
||||
``tenant-disable``
|
||||
^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* tenant_id
|
||||
|
||||
example::
|
||||
|
||||
keystone tenant-disable f2b7b39c860840dfa47d9ee4adffa0b3
|
||||
|
||||
Users
|
||||
-----
|
||||
|
||||
``user-create``
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
keyword arguments
|
||||
|
||||
* name
|
||||
* pass
|
||||
* email
|
||||
* default_tenant (optional, defaults to None)
|
||||
* enabled (optional, defaults to True)
|
||||
|
||||
example::
|
||||
|
||||
keystone user-create
|
||||
--name=admin \
|
||||
--pass=secrete \
|
||||
--email=admin@example.com
|
||||
|
||||
``user-delete``
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
keyword arguments
|
||||
|
||||
* user
|
||||
|
||||
example::
|
||||
|
||||
keystone user-delete f2b7b39c860840dfa47d9ee4adffa0b3
|
||||
|
||||
``user-list``
|
||||
^^^^^^^^^^^^^
|
||||
|
||||
list users in the system, optionally by a specific tenant (identified by tenant_id)
|
||||
|
||||
arguments
|
||||
|
||||
* tenant_id (optional, defaults to None)
|
||||
|
||||
example::
|
||||
|
||||
keystone user-list
|
||||
|
||||
``user-update-email``
|
||||
^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
* user_id
|
||||
* email
|
||||
|
||||
|
||||
example::
|
||||
|
||||
keystone user-update-email 03c84b51574841ba9a0d8db7882ac645 "someone@somewhere.com"
|
||||
|
||||
``user-enable``
|
||||
^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* user_id
|
||||
|
||||
example::
|
||||
|
||||
keystone user-enable 03c84b51574841ba9a0d8db7882ac645
|
||||
|
||||
``user-disable``
|
||||
^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* user_id
|
||||
|
||||
example::
|
||||
|
||||
keystone user-disable 03c84b51574841ba9a0d8db7882ac645
|
||||
|
||||
|
||||
``user-update-password``
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* user_id
|
||||
* password
|
||||
|
||||
example::
|
||||
|
||||
keystone user-update-password 03c84b51574841ba9a0d8db7882ac645 foo
|
||||
|
||||
Roles
|
||||
-----
|
||||
|
||||
``role-create``
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* name
|
||||
|
||||
exmaple::
|
||||
|
||||
keystone role-create --name=demo
|
||||
|
||||
``role-delete``
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* role_id
|
||||
|
||||
exmaple::
|
||||
|
||||
keystone role-delete 19d1d3344873464d819c45f521ff9890
|
||||
|
||||
``role-list``
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
exmaple::
|
||||
|
||||
keystone role-list
|
||||
|
||||
``role-get``
|
||||
^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* role_id
|
||||
|
||||
exmaple::
|
||||
|
||||
keystone role-get role=19d1d3344873464d819c45f521ff9890
|
||||
|
||||
|
||||
``add-user-role``
|
||||
^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* role_id
|
||||
* user_id
|
||||
* tenant_id
|
||||
|
||||
example::
|
||||
|
||||
keystone role add-user-role \
|
||||
3a751f78ef4c412b827540b829e2d7dd \
|
||||
03c84b51574841ba9a0d8db7882ac645 \
|
||||
20601a7f1d94447daa4dff438cb1c209
|
||||
|
||||
``remove-user-role``
|
||||
^^^^^^^^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* role_id
|
||||
* user_id
|
||||
* tenant_id
|
||||
|
||||
example::
|
||||
|
||||
keystone remove-user-role \
|
||||
19d1d3344873464d819c45f521ff9890 \
|
||||
08741d8ed88242ca88d1f61484a0fe3b \
|
||||
20601a7f1d94447daa4dff438cb1c209
|
||||
|
||||
Services
|
||||
--------
|
||||
|
||||
``service-create``
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
keyword arguments
|
||||
|
||||
* name
|
||||
* type
|
||||
* description
|
||||
|
||||
example::
|
||||
|
||||
keystone service create \
|
||||
--name=nova \
|
||||
--type=compute \
|
||||
--description="Nova Compute Service"
|
||||
|
||||
``service-list``
|
||||
^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* service_id
|
||||
|
||||
example::
|
||||
|
||||
keystone service-list
|
||||
|
||||
``service-get``
|
||||
^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* service_id
|
||||
|
||||
example::
|
||||
|
||||
keystone service-get 08741d8ed88242ca88d1f61484a0fe3b
|
||||
|
||||
``service-delete``
|
||||
^^^^^^^^^^^^^^^^^^
|
||||
|
||||
arguments
|
||||
|
||||
* service_id
|
||||
|
||||
example::
|
||||
|
||||
keystone service-delete 08741d8ed88242ca88d1f61484a0fe3b
|
||||
|
|
@ -0,0 +1,197 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
==========================================
|
||||
Configuring Services to work with Keystone
|
||||
==========================================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
nova-api-paste
|
||||
middleware_architecture
|
||||
|
||||
Once Keystone is installed and running (see :doc:`configuration`), services
|
||||
need to be configured to work with it. To do this, we primarily install and
|
||||
configure middleware for the OpenStack service to handle authentication tasks
|
||||
or otherwise interact with Keystone.
|
||||
|
||||
In general:
|
||||
* Clients making calls to the service will pass in an authentication token.
|
||||
* The Keystone middleware will look for and validate that token, taking the
|
||||
appropriate action.
|
||||
* It will also retrive additional information from the token such as user
|
||||
name, id, tenant name, id, roles, etc...
|
||||
|
||||
The middleware will pass those data down to the service as headers. More
|
||||
details on the architecture of that setup is described in
|
||||
:doc:`middleware_architecture`
|
||||
|
||||
Setting up credentials
|
||||
======================
|
||||
|
||||
Admin Token
|
||||
-----------
|
||||
|
||||
For a default installation of Keystone, before you can use the REST API, you
|
||||
need to define an authorization token. This is configured in ``keystone.conf``
|
||||
file under the section ``[DEFAULT]``. In the sample file provided with the
|
||||
keystone project, the line defining this token is
|
||||
|
||||
[DEFAULT]
|
||||
admin_token = ADMIN
|
||||
|
||||
This configured token is a "shared secret" between keystone and other
|
||||
openstack services (for example: nova, swift, glance, or horizon), and will
|
||||
need to be set the same between those services in order for keystone services
|
||||
to function correctly.
|
||||
|
||||
Setting up tenants, users, and roles
|
||||
------------------------------------
|
||||
|
||||
You need to minimally define a tenant, user, and role to link the tenant and
|
||||
user as the most basic set of details to get other services authenticating
|
||||
and authorizing with keystone. See doc:`configuration` for a walk through on
|
||||
how to create tenants, users, and roles.
|
||||
|
||||
Setting up services
|
||||
===================
|
||||
|
||||
Defining Services
|
||||
-----------------
|
||||
|
||||
Keystone also acts as a service catalog to let other OpenStack systems know
|
||||
where relevant API endpoints exist for OpenStack Services. The OpenStack
|
||||
Dashboard, in particular, uses this heavily - and this **must** be configured
|
||||
for the OpenStack Dashboard to properly function.
|
||||
|
||||
Here's how we define the services::
|
||||
|
||||
keystone service-create --name=nova \
|
||||
--type=compute \
|
||||
--description="Nova Compute Service"
|
||||
keystone service-create --name=ec2 \
|
||||
--type=ec2 \
|
||||
--description="EC2 Compatibility Layer"
|
||||
keystone service-create --name=glance \
|
||||
--type=image \
|
||||
--description="Glance Image Service"
|
||||
keystone service-create --name=keystone \
|
||||
--type=identity \
|
||||
--description="Keystone Identity Service"
|
||||
keystone service-create --name=swift \
|
||||
--type=object-store \
|
||||
--description="Swift Service"
|
||||
|
||||
The endpoints for these services are defined in a template, an example of
|
||||
which is in the project as the file ``etc/default_catalog.templates``.
|
||||
|
||||
Setting Up Middleware
|
||||
=====================
|
||||
|
||||
Keystone Auth-Token Middleware
|
||||
--------------------------------
|
||||
|
||||
The Keystone auth_token middleware is a WSGI component that can be inserted in
|
||||
the WSGI pipeline to handle authenticating tokens with Keystone.
|
||||
|
||||
Configuring Nova to use Keystone
|
||||
--------------------------------
|
||||
|
||||
To configure Nova to use Keystone for authentication, the Nova API service
|
||||
can be run against the api-paste file provided by Keystone. This is most
|
||||
easily accomplished by setting the `--api_paste_config` flag in nova.conf to
|
||||
point to `examples/paste/nova-api-paste.ini` from Keystone. This paste file
|
||||
included references to the WSGI authentication middleware provided with the
|
||||
keystone installation.
|
||||
|
||||
When configuring Nova, it is important to create a admin service token for
|
||||
the service (from the Configuration step above) and include that as the key
|
||||
'admin_token' in the nova-api-paste.ini. See the documented
|
||||
:doc:`nova-api-paste` file for references.
|
||||
|
||||
Configuring Swift to use Keystone
|
||||
---------------------------------
|
||||
|
||||
Similar to Nova, swift can be configured to use Keystone for authentication
|
||||
rather than it's built in 'tempauth'.
|
||||
|
||||
1. Add a service endpoint for Swift to Keystone
|
||||
|
||||
2. Configure the paste file for swift-proxy (`/etc/swift/swift-proxy.conf`)
|
||||
|
||||
3. Reconfigure Swift's proxy server to use Keystone instead of TempAuth.
|
||||
Here's an example `/etc/swift/proxy-server.conf`::
|
||||
|
||||
[DEFAULT]
|
||||
bind_port = 8888
|
||||
user = <user>
|
||||
|
||||
[pipeline:main]
|
||||
pipeline = catch_errors cache keystone proxy-server
|
||||
|
||||
[app:proxy-server]
|
||||
use = egg:swift#proxy
|
||||
account_autocreate = true
|
||||
|
||||
[filter:keystone]
|
||||
use = egg:keystone#tokenauth
|
||||
auth_protocol = http
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 35357
|
||||
admin_token = 999888777666
|
||||
delay_auth_decision = 0
|
||||
service_protocol = http
|
||||
service_host = 127.0.0.1
|
||||
service_port = 8100
|
||||
service_pass = dTpw
|
||||
cache = swift.cache
|
||||
|
||||
[filter:cache]
|
||||
use = egg:swift#memcache
|
||||
set log_name = cache
|
||||
|
||||
[filter:catch_errors]
|
||||
use = egg:swift#catch_errors
|
||||
|
||||
Note that the optional "cache" property in the keystone filter allows any
|
||||
service (not just Swift) to register its memcache client in the WSGI
|
||||
environment. If such a cache exists, Keystone middleware will utilize it
|
||||
to store validated token information, which could result in better overall
|
||||
performance.
|
||||
|
||||
4. Restart swift
|
||||
|
||||
5. Verify that keystone is providing authentication to Swift
|
||||
|
||||
Use `swift` to check everything works (note: you currently have to create a
|
||||
container or upload something as your first action to have the account
|
||||
created; there's a Swift bug to be fixed soon)::
|
||||
|
||||
$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete post container
|
||||
$ swift -A http://127.0.0.1:5000/v1.0 -U joeuser -K secrete stat -v
|
||||
StorageURL: http://127.0.0.1:8888/v1/AUTH_1234
|
||||
Auth Token: 74ce1b05-e839-43b7-bd76-85ef178726c3
|
||||
Account: AUTH_1234
|
||||
Containers: 1
|
||||
Objects: 0
|
||||
Bytes: 0
|
||||
Accept-Ranges: bytes
|
||||
X-Trans-Id: tx25c1a6969d8f4372b63912f411de3c3b
|
||||
|
||||
.. WARNING::
|
||||
Keystone currently allows any valid token to do anything with any account.
|
||||
|
|
@ -0,0 +1,150 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
========================
|
||||
Developing with Keystone
|
||||
========================
|
||||
|
||||
Contributing Code
|
||||
=================
|
||||
|
||||
To contribute code, sign up for a Launchpad account and sign a contributor license agreement,
|
||||
available on the `<http://wiki.openstack.org/CLA>`_. Once the CLA is signed you
|
||||
can contribute code through the Gerrit version control system which is related to your Launchpad account.
|
||||
|
||||
To contribute tests, docs, code, etc, refer to our `Gerrit-Jenkins-Github Workflow`_.
|
||||
|
||||
.. _`Gerrit-Jenkins-Github Workflow`: http://wiki.openstack.org/GerritJenkinsGithub
|
||||
|
||||
Setup
|
||||
-----
|
||||
|
||||
Get your development environment set up according to :doc:`setup`. The instructions from here will
|
||||
assume that you have installed keystone into a virtualenv. If you chose not to, simply exclude "tools/with_venv.sh" from the example commands below.
|
||||
|
||||
Running Keystone
|
||||
----------------
|
||||
|
||||
To run the keystone Admin and API server instances, use::
|
||||
|
||||
$ tools/with_venv.sh bin/keystone-all
|
||||
|
||||
this runs keystone with the configuration the etc/ directory of the project. See :doc:`configuration` for details on how Keystone is configured.
|
||||
|
||||
Interacting with Keystone
|
||||
-------------------------
|
||||
|
||||
You can interact with Keystone through the command line using :doc:`man/keystone-manage`
|
||||
which allows you to establish tenants, users, etc.
|
||||
|
||||
You can also interact with Keystone through it's REST API. There is a python
|
||||
keystone client library `python-keystoneclient`_ which interacts exclusively through
|
||||
the REST API, and which keystone itself uses to provide it's command-line interface.
|
||||
|
||||
When initially getting set up, after you've configured which databases to use,
|
||||
you're probably going to need to run the following to your database schema in place ::
|
||||
|
||||
$ bin/keystone-manage db_sync
|
||||
|
||||
|
||||
.. _`python-keystoneclient`: https://github.com/openstack/python-keystoneclient
|
||||
|
||||
Running Tests
|
||||
=============
|
||||
|
||||
To run the full suites of tests maintained within Keystone, run::
|
||||
|
||||
$ ./run_tests.sh
|
||||
|
||||
This shows realtime feedback during test execution, iterates over
|
||||
multiple configuration variations, and uses external projects to do
|
||||
light integration testing to verify the keystone API against other projects.
|
||||
|
||||
Test Structure
|
||||
--------------
|
||||
|
||||
``./run_test.sh`` uses its python cohort (``run_tests.py``) to iterate
|
||||
through the ``tests`` directory, using Nosetest to collect the tests and
|
||||
invoke them using an OpenStack custom test running that displays the tests
|
||||
as well as the time taken to
|
||||
run those tests.
|
||||
|
||||
Within the tests directory, the general structure of the tests is a basic
|
||||
set of tests represented under a test class, and then subclasses of those
|
||||
tests under other classes with different configurations to drive different
|
||||
backends through the APIs.
|
||||
|
||||
For example, ``test_backend.py`` has a sequence of tests under the class
|
||||
``IdentityTests`` that will work with the default drivers as configured in
|
||||
this projects etc/ directory. ``test_backend_sql.py`` subclasses those tests,
|
||||
changing the configuration by overriding with configuration files stored in
|
||||
the tests directory aimed at enabling the SQL backend for the Identity module.
|
||||
|
||||
Likewise, ``test_cli.py`` takes advantage of the tests written aainst
|
||||
``test_keystoneclient`` to verify the same tests function through different
|
||||
drivers.
|
||||
|
||||
Testing Schema Migrations
|
||||
-------------------------
|
||||
|
||||
The application of schema migrations can be tested using SQLAlchemy Migrate’s
|
||||
built-in test runner, one migration at a time.
|
||||
|
||||
.. WARNING::
|
||||
|
||||
This may leave your database in an inconsistent state; attempt this in non-production environments only!
|
||||
|
||||
This is useful for testing the *next* migration in sequence (both forward & backward) in a database under version control::
|
||||
|
||||
python keystone/common/sql/migrate_repo/manage.py test \
|
||||
--url=sqlite:///test.db \
|
||||
--repository=keystone/common/sql/migrate_repo/
|
||||
|
||||
This command references to a SQLite database (test.db) to be used. Depending on the migration, this command alone does not make assertions as to the integrity of your data during migration.
|
||||
|
||||
Writing Tests
|
||||
-------------
|
||||
|
||||
To add tests covering all drivers, update the base test class (``test_backend.py``, ``test_legacy_compat.py``, and ``test_keystoneclient.py``).
|
||||
|
||||
To add new drivers, subclass the ``test_backend.py`` (look towards ``test_backend_sql.py`` or ``test_backend_kvs.py`` for examples) and update the configuration of the test class in ``setUp()``.
|
||||
|
||||
Further Testing
|
||||
---------------
|
||||
|
||||
devstack_ is the *best* way to quickly deploy keystone with the rest of the
|
||||
OpenStack universe and should be critical step in your development workflow!
|
||||
|
||||
You may also be interested in either the `OpenStack Continuous Integration Project`_
|
||||
or the `OpenStack Integration Testing Project`_.
|
||||
|
||||
.. _devstack: http://devstack.org/
|
||||
.. _OpenStack Continuous Integration Project: https://github.com/openstack/openstack-ci
|
||||
.. _OpenStack Integration Testing Project: https://github.com/openstack/tempest
|
||||
|
||||
Building the Documentation
|
||||
==========================
|
||||
|
||||
The documentation is all generated with Sphinx from within the docs directory.
|
||||
To generate the full set of HTML documentation:
|
||||
|
||||
cd docs
|
||||
make autodoc
|
||||
make html
|
||||
make man
|
||||
|
||||
the results are in the docs/build/html and docs/build/man directories
|
||||
respectively.
|
Before Width: | Height: | Size: 6.6 KiB After Width: | Height: | Size: 6.6 KiB |
Before Width: | Height: | Size: 2.6 KiB After Width: | Height: | Size: 2.6 KiB |
Before Width: | Height: | Size: 2.9 KiB After Width: | Height: | Size: 2.9 KiB |
Before Width: | Height: | Size: 3.5 KiB After Width: | Height: | Size: 3.5 KiB |
Before Width: | Height: | Size: 2.2 KiB After Width: | Height: | Size: 2.2 KiB |
Before Width: | Height: | Size: 3.9 KiB After Width: | Height: | Size: 3.9 KiB |
Before Width: | Height: | Size: 3.6 KiB After Width: | Height: | Size: 3.6 KiB |
Before Width: | Height: | Size: 4.2 KiB After Width: | Height: | Size: 4.2 KiB |
Before Width: | Height: | Size: 4.3 KiB After Width: | Height: | Size: 4.3 KiB |
Before Width: | Height: | Size: 3.9 KiB After Width: | Height: | Size: 3.9 KiB |
Before Width: | Height: | Size: 4.3 KiB After Width: | Height: | Size: 4.3 KiB |
Before Width: | Height: | Size: 3.5 KiB After Width: | Height: | Size: 3.5 KiB |
Before Width: | Height: | Size: 5.7 KiB After Width: | Height: | Size: 5.7 KiB |
|
@ -18,9 +18,9 @@
|
|||
Welcome to Keystone, the OpenStack Identity Service!
|
||||
====================================================
|
||||
|
||||
Keystone is a cloud identity service written in Python, which provides
|
||||
authentication, authorization, and an OpenStack service catalog. It
|
||||
implements `OpenStack's Identity API`_.
|
||||
Keystone is an OpenStack project that provides Identity, Token, Catalog and
|
||||
Policy services for use specifically by projects in the OpenStack family.
|
||||
It implements `OpenStack's Identity API`_.
|
||||
|
||||
This document describes Keystone for contributors of the project, and assumes
|
||||
that you are already familiar with Keystone from an `end-user perspective`_.
|
||||
|
@ -41,81 +41,35 @@ Getting Started
|
|||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
releases
|
||||
setup
|
||||
testing
|
||||
migration
|
||||
extensions
|
||||
configuration
|
||||
controllingservers
|
||||
configuringservices
|
||||
community
|
||||
usingkeystone
|
||||
|
||||
Administration
|
||||
==============
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
backends
|
||||
migration
|
||||
controllingservers
|
||||
configuringservices
|
||||
ssl
|
||||
|
||||
Entities
|
||||
========
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
endpoints
|
||||
services
|
||||
|
||||
API Use Case Examples
|
||||
=====================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
adminAPI_curl_examples
|
||||
serviceAPI_curl_examples
|
||||
|
||||
Configuration File Examples
|
||||
===========================
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
nova-api-paste
|
||||
keystone.conf
|
||||
|
||||
Man Pages
|
||||
=========
|
||||
---------
|
||||
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
man/keystone-manage
|
||||
man/keystone
|
||||
man/keystone-auth
|
||||
man/keystone-admin
|
||||
man/keystone-import
|
||||
man/keystone-control
|
||||
man/sampledata
|
||||
|
||||
Developer Docs
|
||||
==============
|
||||
man/keystone-manage
|
||||
|
||||
Developers Documentation
|
||||
========================
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
:maxdepth: 1
|
||||
|
||||
developing
|
||||
architecture
|
||||
middleware
|
||||
middleware_architecture
|
||||
sourcecode/autoindex
|
||||
developing
|
||||
architecture
|
||||
api_curl_examples
|
||||
|
||||
Code Documentation
|
||||
==================
|
||||
.. toctree::
|
||||
:maxdepth: 1
|
||||
|
||||
modules
|
||||
|
||||
Indices and tables
|
||||
==================
|
||||
|
@ -123,3 +77,4 @@ Indices and tables
|
|||
* :ref:`genindex`
|
||||
* :ref:`modindex`
|
||||
* :ref:`search`
|
||||
|
|
@ -0,0 +1,83 @@
|
|||
========
|
||||
keystone
|
||||
========
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2010-11-16
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-all [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-all starts both the service and administrative APIs in a single
|
||||
process to provide catalog, authorization, and authentication services for
|
||||
OpenStack.
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-all [options]``
|
||||
|
||||
Common Options:
|
||||
^^^^^^^^^^^^^^^
|
||||
-h, --help show this help message and exit
|
||||
|
||||
The following configuration options are common to all keystone
|
||||
programs.::
|
||||
|
||||
-h, --help show this help message and exit
|
||||
--config-file=PATH Path to a config file to use. Multiple config files
|
||||
can be specified, with values in later files taking
|
||||
precedence. The default files used are: []
|
||||
-d, --debug Print debugging output
|
||||
--nodebug Print debugging output
|
||||
-v, --verbose Print more verbose output
|
||||
--noverbose Print more verbose output
|
||||
--log-config=PATH If this option is specified, the logging configuration
|
||||
file specified is used and overrides any other logging
|
||||
options specified. Please see the Python logging
|
||||
module documentation for details on logging
|
||||
configuration files.
|
||||
--log-format=FORMAT A logging.Formatter log message format string which
|
||||
may use any of the available logging.LogRecord
|
||||
attributes. Default: none
|
||||
--log-date-format=DATE_FORMAT
|
||||
Format string for %(asctime)s in log records. Default:
|
||||
none
|
||||
--log-file=PATH (Optional) Name of log file to output to. If not set,
|
||||
logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in (will be
|
||||
prepended to --logfile)
|
||||
--syslog-log-facility=SYSLOG_LOG_FACILITY
|
||||
(Optional) The syslog facility to use when logging to
|
||||
syslog (defaults to LOG_USER)
|
||||
--use-syslog Use syslog for logging.
|
||||
--nouse-syslog Use syslog for logging.
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone source is managed in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -0,0 +1,97 @@
|
|||
===============
|
||||
keystone-manage
|
||||
===============
|
||||
|
||||
---------------------------
|
||||
Keystone Management Utility
|
||||
---------------------------
|
||||
|
||||
:Author: keystone@lists.launchpad.net
|
||||
:Date: 2010-11-16
|
||||
:Copyright: OpenStack LLC
|
||||
:Version: 0.1.2
|
||||
:Manual section: 1
|
||||
:Manual group: cloud computing
|
||||
|
||||
SYNOPSIS
|
||||
========
|
||||
|
||||
keystone-manage [options]
|
||||
|
||||
DESCRIPTION
|
||||
===========
|
||||
|
||||
keystone-manage is the command line tool that interacts with the keystone
|
||||
service to initialize and update data within Keystone. Generally,
|
||||
keystone-manage is only used for operations that can not be accomplished
|
||||
with through the keystone REST api, such data import/export and schema
|
||||
migrations.
|
||||
|
||||
|
||||
USAGE
|
||||
=====
|
||||
|
||||
``keystone-manage [options] action [additional args]``
|
||||
|
||||
|
||||
General keystone-manage options:
|
||||
--------------------------------
|
||||
|
||||
* ``--help`` : display verbose help output.
|
||||
|
||||
Invoking keystone-manage by itself will give you some usage information.
|
||||
|
||||
Available keystone-manage commands:
|
||||
db_sync: Sync the database.
|
||||
import_legacy: Import a legacy (pre-essex) version of the db.
|
||||
export_legacy_catalog: Export service catalog from a legacy (pre-essex) db.
|
||||
|
||||
|
||||
OPTIONS
|
||||
=======
|
||||
|
||||
Options:
|
||||
-h, --help show this help message and exit
|
||||
--config-file=PATH Path to a config file to use. Multiple config files
|
||||
can be specified, with values in later files taking
|
||||
precedence. The default files used are: []
|
||||
-d, --debug Print debugging output
|
||||
--nodebug Print debugging output
|
||||
-v, --verbose Print more verbose output
|
||||
--noverbose Print more verbose output
|
||||
--log-config=PATH If this option is specified, the logging configuration
|
||||
file specified is used and overrides any other logging
|
||||
options specified. Please see the Python logging
|
||||
module documentation for details on logging
|
||||
configuration files.
|
||||
--log-format=FORMAT A logging.Formatter log message format string which
|
||||
may use any of the available logging.LogRecord
|
||||
attributes. Default: none
|
||||
--log-date-format=DATE_FORMAT
|
||||
Format string for %(asctime)s in log records. Default:
|
||||
none
|
||||
--log-file=PATH (Optional) Name of log file to output to. If not set,
|
||||
logging will go to stdout.
|
||||
--log-dir=LOG_DIR (Optional) The directory to keep log files in (will be
|
||||
prepended to --logfile)
|
||||
--syslog-log-facility=SYSLOG_LOG_FACILITY
|
||||
(Optional) The syslog facility to use when logging to
|
||||
syslog (defaults to LOG_USER)
|
||||
--use-syslog Use syslog for logging.
|
||||
--nouse-syslog Use syslog for logging.
|
||||
|
||||
FILES
|
||||
=====
|
||||
|
||||
None
|
||||
|
||||
SEE ALSO
|
||||
========
|
||||
|
||||
* `Keystone <http://github.com/openstack/keystone>`__
|
||||
|
||||
SOURCE
|
||||
======
|
||||
|
||||
* Keystone is sourced in GitHub `Keystone <http://github.com/openstack/keystone>`__
|
||||
* Keystone bugs are managed at Launchpad `Launchpad Keystone <https://bugs.launchpad.net/keystone>`__
|
|
@ -0,0 +1,143 @@
|
|||
..
|
||||
Copyright 2011 OpenStack, LLC
|
||||
All Rights Reserved.
|
||||
|
||||
Licensed under the Apache License, Version 2.0 (the "License"); you may
|
||||
not use this file except in compliance with the License. You may obtain
|
||||
a copy of the License at
|
||||
|
||||
http://www.apache.org/licenses/LICENSE-2.0
|
||||
|
||||
Unless required by applicable law or agreed to in writing, software
|
||||
distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
|
||||
WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
|
||||
License for the specific language governing permissions and limitations
|
||||
under the License.
|
||||
|
||||
nova-api-paste example
|
||||
======================
|
||||
::
|
||||
|
||||
#######
|
||||
# EC2 #
|
||||
#######
|
||||
|
||||
[composite:ec2]
|
||||
use = egg:Paste#urlmap
|
||||
/: ec2versions
|
||||
/services/Cloud: ec2cloud
|
||||
/services/Admin: ec2admin
|
||||
/latest: ec2metadata
|
||||
/2007-01-19: ec2metadata
|
||||
/2007-03-01: ec2metadata
|
||||
/2007-08-29: ec2metadata
|
||||
/2007-10-10: ec2metadata
|
||||
/2007-12-15: ec2metadata
|
||||
/2008-02-01: ec2metadata
|
||||
/2008-09-01: ec2metadata
|
||||
/2009-04-04: ec2metadata
|
||||
/1.0: ec2metadata
|
||||
|
||||
[pipeline:ec2cloud]
|
||||
pipeline = logrequest totoken authtoken keystonecontext cloudrequest authorizer ec2executor
|
||||
|
||||
[pipeline:ec2admin]
|
||||
pipeline = logrequest totoken authtoken keystonecontext adminrequest authorizer ec2executor
|
||||
|
||||
[pipeline:ec2metadata]
|
||||
pipeline = logrequest ec2md
|
||||
|
||||
[pipeline:ec2versions]
|
||||
pipeline = logrequest ec2ver
|
||||
|
||||
[filter:logrequest]
|
||||
paste.filter_factory = nova.api.ec2:RequestLogging.factory
|
||||
|
||||
[filter:ec2lockout]
|
||||
paste.filter_factory = nova.api.ec2:Lockout.factory
|
||||
|
||||
[filter:totoken]
|
||||
paste.filter_factory = keystone.middleware.ec2_token:EC2Token.factory
|
||||
|
||||
[filter:ec2noauth]
|
||||
paste.filter_factory = nova.api.ec2:NoAuth.factory
|
||||
|
||||
[filter:authenticate]
|
||||
paste.filter_factory = nova.api.ec2:Authenticate.factory
|
||||
|
||||
[filter:cloudrequest]
|
||||
controller = nova.api.ec2.cloud.CloudController
|
||||
paste.filter_factory = nova.api.ec2:Requestify.factory
|
||||
|
||||
[filter:adminrequest]
|
||||
controller = nova.api.ec2.admin.AdminController
|
||||
paste.filter_factory = nova.api.ec2:Requestify.factory
|
||||
|
||||
[filter:authorizer]
|
||||
paste.filter_factory = nova.api.ec2:Authorizer.factory
|
||||
|
||||
[app:ec2executor]
|
||||
paste.app_factory = nova.api.ec2:Executor.factory
|
||||
|
||||
[app:ec2ver]
|
||||
paste.app_factory = nova.api.ec2:Versions.factory
|
||||
|
||||
[app:ec2md]
|
||||
paste.app_factory = nova.api.ec2.metadatarequesthandler:MetadataRequestHandler.factory
|
||||
|
||||
#############
|
||||
# Openstack #
|
||||
#############
|
||||
|
||||
[composite:osapi]
|
||||
use = egg:Paste#urlmap
|
||||
/: osversions
|
||||
/v1.1: openstackapi
|
||||
|
||||
[pipeline:openstackapi]
|
||||
pipeline = faultwrap authtoken keystonecontext ratelimit extensions osapiapp
|
||||
|
||||
[filter:faultwrap]
|
||||
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
|
||||
|
||||
[filter:auth]
|
||||
paste.filter_factory = nova.api.openstack.auth:AuthMiddleware.factory
|
||||
|
||||
[filter:noauth]
|
||||
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
|
||||
|
||||
[filter:ratelimit]
|
||||
paste.filter_factory = nova.api.openstack.limits:RateLimitingMiddleware.factory
|
||||
|
||||
[filter:extensions]
|
||||
paste.filter_factory = nova.api.openstack.extensions:ExtensionMiddleware.factory
|
||||
|
||||
[app:osapiapp]
|
||||
paste.app_factory = nova.api.openstack:APIRouter.factory
|
||||
|
||||
[pipeline:osversions]
|
||||
pipeline = faultwrap osversionapp
|
||||
|
||||
[app:osversionapp]
|
||||
paste.app_factory = nova.api.openstack.versions:Versions.factory
|
||||
|
||||
##########
|
||||
# Shared #
|
||||
##########
|
||||
|
||||
[filter:keystonecontext]
|
||||
paste.filter_factory = keystone.middleware.nova_keystone_context:NovaKeystoneContext.factory
|
||||
|
||||
[filter:authtoken]
|
||||
paste.filter_factory = keystone.middleware.auth_token:filter_factory
|
||||
service_protocol = http
|
||||
service_host = 127.0.0.1
|
||||
service_port = 5000
|
||||
auth_host = 127.0.0.1
|
||||
auth_port = 35357
|
||||
auth_protocol = http
|
||||
auth_uri = http://your_keystone_host.com:5000/
|
||||
;identical to the admin token defined in keystone.conf
|
||||
admin_token = 999888777666
|
||||
;Uncomment next line and check ip:port to use memcached to cache token requests
|
||||
;memcache_hosts = 127.0.0.1:11211
|
|
@ -18,12 +18,12 @@
|
|||
Setting up a Keystone development environment
|
||||
=============================================
|
||||
|
||||
This document describes setting up keystone directly from GitHub_
|
||||
This document describes getting the source from keystone's `GitHub repository`_
|
||||
for development purposes.
|
||||
|
||||
To install keystone from packaging, refer instead to Keystone's `User Documentation`_.
|
||||
|
||||
.. _GitHub: http://github.com/openstack/keystone
|
||||
.. _`GitHub Repository`: http://github.com/openstack/keystone
|
||||
.. _`User Documentation`: http://docs.openstack.org/
|
||||
|
||||
Prerequisites
|
||||
|
@ -31,7 +31,7 @@ Prerequisites
|
|||
|
||||
This document assumes you are using:
|
||||
|
||||
- Ubuntu 11.10, Fedora 15, openSUSE 11.4, 12.1 or Mac OS X Lion
|
||||
- Ubuntu 11.10, Fedora 15, or Mac OS X Lion
|
||||
- `Python 2.7`_
|
||||
|
||||
.. _`Python 2.7`: http://www.python.org/
|
||||
|
@ -51,7 +51,7 @@ different version of the above, please document your configuration here!
|
|||
Getting the latest code
|
||||
=======================
|
||||
|
||||
You can clone our latest code from our `Github repository`::
|
||||
Make a clone of the code from our `Github repository`::
|
||||
|
||||
$ git clone https://github.com/openstack/keystone.git
|
||||
|
||||
|
@ -59,13 +59,17 @@ When that is complete, you can::
|
|||
|
||||
$ cd keystone
|
||||
|
||||
.. _`Github repository`: https://github.com/openstack/keystone
|
||||
|
||||
Installing dependencies
|
||||
=======================
|
||||
|
||||
Keystone maintains a list of PyPi_ dependencies, designed for use by
|
||||
pip_.
|
||||
Keystone maintains two lists of dependencies::
|
||||
|
||||
tools/pip-requires
|
||||
tools/pip-requires-test
|
||||
|
||||
The first is the list of dependencies needed for running keystone, the second list includes dependencies used for active development and testing of keystone itself.
|
||||
|
||||
These depdendencies can be installed from PyPi_ using the python tool pip_.
|
||||
|
||||
.. _PyPi: http://pypi.python.org/
|
||||
.. _pip: http://pypi.python.org/pypi/pip
|
||||
|
@ -83,53 +87,65 @@ Fedora 15::
|
|||
|
||||
$ sudo yum install python-sqlite2 python-lxml python-greenlet-devel python-ldap
|
||||
|
||||
openSUSE 11.4, 12.1::
|
||||
|
||||
$ sudo zypper in python-devel python-xml gcc libxslt-devel python-ldap openldap2-devel
|
||||
|
||||
Mac OS X Lion (requires MacPorts_)::
|
||||
|
||||
$ sudo port install py-ldap
|
||||
|
||||
.. _MacPorts: http://www.macports.org/
|
||||
|
||||
PyPi Packages
|
||||
-------------
|
||||
PyPi Packages and VirtualEnv
|
||||
----------------------------
|
||||
|
||||
Assuming you have any necessary binary packages & header files available
|
||||
on your system, you can then install PyPi dependencies.
|
||||
We recommend establishing a virtualenv to run keystone within. Virtualenv limits the python environment
|
||||
to just what you're installing as depdendencies, useful to keep a clean environment for working on
|
||||
Keystone. The tools directory in keystone has a script already created to make this very simple::
|
||||
|
||||
You may also need to prefix `pip install` with `sudo`, depending on your
|
||||
environment::
|
||||
$ python tools/install_venv.py
|
||||
|
||||
# Describe dependencies (including non-PyPi dependencies)
|
||||
$ cat tools/pip-requires
|
||||
This will create a local virtual environment in the directory ``.venv``.
|
||||
Once created, you can activate this virtualenv for your current shell using::
|
||||
|
||||
# Install all PyPi dependencies (for production, testing, and development)
|
||||
$ source .venv/bin/activate
|
||||
|
||||
The virtual environment can be disabled using the command::
|
||||
|
||||
$ deactivate
|
||||
|
||||
You can also use ``tools\with_venv.sh`` to prefix commands so that they run
|
||||
within the virtual environment. For more information on virtual environments,
|
||||
see virtualenv_.
|
||||
|
||||
.. _virtualenv: http://www.virtualenv.org/
|
||||
|
||||
If you want to run keystone outside of a virtualenv, you can install the dependencies directly
|
||||
into your system from the requires files::
|
||||
|
||||
# Install the dependencies for running keystone
|
||||
$ pip install -r tools/pip-requires
|
||||
|
||||
Updating your PYTHONPATH
|
||||
========================
|
||||
|
||||
There are a number of methods for getting Keystone into your PYTHON PATH,
|
||||
the easiest of which is::
|
||||
# Install the dependencies for developing, testing, and running keystone
|
||||
$ pip install -r tools/pip-requires-test
|
||||
|
||||
# Fake-install the project by symlinking Keystone into your Python site-packages
|
||||
$ python setup.py develop
|
||||
|
||||
|
||||
Verifying Keystone is set up
|
||||
============================
|
||||
|
||||
Once set up, either directly or within a virtualenv, you should be able to invoke python and import
|
||||
the libraries. If you're using a virtualenv, don't forget to activate it::
|
||||
|
||||
$ source .venv/bin/activate
|
||||
$ python
|
||||
|
||||
You should then be able to `import keystone` from your Python shell
|
||||
without issue::
|
||||
|
||||
>>> import keystone.version
|
||||
>>> import keystone
|
||||
>>>
|
||||
|
||||
If you want to check the version of Keystone you are running:
|
||||
|
||||
>>> print keystone.version.version()
|
||||
2012.1-dev
|
||||
|
||||
|
||||
If you can import keystone successfully, you should be ready to move on to :doc:`testing`.
|
||||
If you can import keystone successfully, you should be ready to move on to :doc:`developing`
|
||||
|
||||
Troubleshooting
|
||||
===============
|