Virtual private network services for OpenStack Neutron.
f6c958956a
The CI team is developing a new tool, git-review: https://github.com/openstack-ci/git-review which is intendend to replace rfc.sh. This adds a .gitreview file so that it can automatically determine the canonical gerrit location for the repository when first run. Later, rfc.sh will be updated to indicate it is deprecated, and then eventually removed. Change-Id: I49edfa303671de58f54eae4e1d7c27916c41dda7 |
||
---|---|---|
bin | ||
doc | ||
etc | ||
extensions | ||
quantum | ||
tests | ||
tools | ||
.bzrignore | ||
.gitreview | ||
LICENSE | ||
README | ||
run_tests.py | ||
run_tests.sh | ||
setup.py | ||
TESTING |
# -- Welcome! You have come across a cloud computing network fabric controller. It has identified itself as "Quantum." It aims to tame your (cloud) networking! # -- Basics: 1) Quantum REST API: Quantum supports a REST-ful programmatic interface to manage your cloud networking fabric. 2) Quantum Plugins: Quantum sports a plug-able architecture that allows Quantum's REST API to be backed by various entities that can create a cloud-class virtual networking fabric. The advantages of this plug-able architecture is two-folds: a) Allows for ANY open-source project or commercial vendor to write a Quantum plug-in. b) Allows Quantum users to not be tied down to a single Quantum implementation and enables them to switch out a plug-in by simple editing a config file - plugins.ini # -- Dependencies The following python packages are required to run quantum. These can be installed using pip: eventlet>=0.9.12 nose Paste PasteDeploy pep8==0.5.0 python-gflags routes simplejson webob webtest 1) Install easy_install (there is probably a distribution specific package for this) 2) Install pip: $ easy_install pip==dev 3) Install packages with pip: $ pip install <package name> # -- Configuring Quantum plug-in 1) Identify your desired plug-in. Choose a plugin from one of he options in the quantum/plugins directory. 2) Update plug-in configuration by editing the quantum/plugins.ini file and modify "provider" property to point to the location of the Quantum plug-in. It should specify the class path to the plugin and the class name (i.e. for a plugin class MyPlugin in quantum/plugins/myplugin/myplugin.py the provider would be: quantum.plugins.myplugin.myplugin.MyPlugin) 3) Read the plugin specific README, this is usually found in the same directory as your Quantum plug-in, and follow configuration instructions. # -- Launching the Quantum Service 1) Start quantum using the following command [on the quantum service host]: ~/src/quantum$ PYTHONPATH=.:$PYTHONPATH python bin/quantum etc/quantum.conf # -- Making requests against the Quantum Service Please refer to sample Web Service client code in: ../quantum/test_scripts/miniclient.py # -- CLI tools to program the Quantum-managed Cloud networking fabric Quantum comes with a programmatic CLI that is driven by the Quantum Web Service. You can use the CLI by issuing the following command: ~/src/quantum$ PYTHONPATH=.:$PYTHONPATH python quantum/cli.py This will show help all of the available commands. An example session looks like this: $ export TENANT=t1 $ PYTHONPATH=. python quantum/cli.py -v create_net $TENANT network1 Created a new Virtual Network with ID:e754e7c0-a8eb-40e5-861a-b182d30c3441 # -- Authentication and Authorization Requests to Quantum API are authenticated with the Keystone identity service using a token-based authentication protocol. 1) Enabling Authentication and Authorization The Keystone identity service is a requirement. It must be installed, although not necessarily on the same machine where Quantum is running; both Keystone's admin API and service API should be running Authentication and Authorization middleware should be enabled in the Quantum pipeline. To this aim, uncomment the following line in /etc/quantum.conf: pipeline = authN authZ extensions quantumapiapp The final step concerns configuring access to Keystone. The following attributes must be specified in the [filter:authN] section of quantum.conf: auth_host IP address or host name of the server where Keystone is running auth_port Port where the Keystone Admin API is listening auth_protocol Protocol used for communicating with Keystone (http/https) auth_version Keystone API version (default: 2.0) auth_admin_token Keystone token for administrative access auth_admin_user Keystone user with administrative rights auth_admin_password Password for the user specified with auth_admin_user NOTE: aut_admin_token and auth_admin_user/password are exclusive. If both are specified, auth_admin_token has priority. 2) Authenticating and Authorizing request for Quantum API A user should first authenticate with Keystone, supplying user credentials; the Keystone service will return an authentication token, together with informations concerning token expirations and endpoint where that token can be used. The authentication token must be included in every request for the Quantum API, in the 'X_AUTH_TOKEN' header. Quantum will look for the authentication token in this header, and validate it with the Keystone service. In order to validate authentication tokens, Quantum uses Keystone's administrative API. It therefore requires credentials for an administrative user, which can be specified in Quantum's configuration file (etc/quantum.conf) Either username and password, or an authentication token for an administrative user can be specified in the configuration file: - Credentials: auth_admin_user = admin auth_admin_password = secrete - Admin token: auth_admin_token = 9a82c95a-99e9-4c3a-b5ee-199f6ba7ff04 As of the current release, any user for a tenant is allowed to perform every operation on the networks owned by the tenant itself, except for plugging interfaces. In order to perform such operation, the user must have the Quantum:NetworkAdmin roles. Roles can be configured in Keystone using the administrative API. # -- Writing your own Quantum plug-in If you wish the write your own Quantum plugin, please refer to some concrete as well as sample plugins available in: ../quantum/quantum/plugins/.. directory. There are a few requirements to writing your own plugin: 1) Your plugin should implement all methods defined in the quantum/quantum_plugin_base.QuantumPluginBase class 2) Copy your Quantum plug-in over to the quantum/quantum/plugins/.. directory 3) The next step is to edit the plugins.ini file in the same directory as QuantumPluginBase class and specify the location of your custom plugin as the "provider" 4) Launch the Quantum Service, and your plug-in is configured and ready to manage a Cloud Networking Fabric. # -- Extensions 1) Creating Extensions: a) Extension files should be placed under ./extensions folder. b) The extension file should have a class with the same name as the filename. This class should implement the contract required by the extension framework. See ExtensionDescriptor class in ./quantum/common/extensions.py for details c) To stop a file in ./extensions folder from being loaded as an extension, the filename should start with an "_" For an example of an extension file look at Foxinsocks class in ./tests/unit/extensions/foxinsocks.py The unit tests in ./tests/unit/test_extensions.py document all the ways in which you can use extensions 2) Associating plugins with extensions: a) A Plugin can advertize all the extensions it supports through the 'supported_extension_aliases' attribute. Eg: class SomePlugin: ... supported_extension_aliases = ['extension1_alias', 'extension2_alias', 'extension3_alias'] Any extension not in this list will not be loaded for the plugin b) Extension Interfaces for plugins (optional) The extension can mandate an interface that plugins have to support with the 'get_plugin_interface' method in the extension. For an example see the FoxInSocksPluginInterface in foxinsocks.py. The QuantumEchoPlugin lists foxinsox in its supported_extension_aliases and implements the method from FoxInSocksPluginInterface.