1)
* horizon uses the app "openstack_auth" for authentication
AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend',)
2)
* Horizon settings.py
./horizon/openstack_dashboard/settings.py
3)
* Horizon settings.py (Keystone settings)
AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend',)
OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"
OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'test_domain'
OPENSTACK_KEYSTONE_BACKEND = {
'name': 'native',
'can_edit_user': True,
'can_edit_group': True,
'can_edit_project': True,
'can_edit_domain': True,
'can_edit_role': True
}
POLICY_FILES = {
'identity': 'keystone_policy.json',
'compute': 'nova_policy.json'
}
Create User Flow
############
1)
* Url
http://192.168.56.101/admin/users/create/
2)
* urls.py
./horizon/openstack_dashboard/dashboards/admin/users/urls.py
3)
* views.py
./horizon/openstack_dashboard/dashboards/admin/users/views.py
import forms as project_forms
class CreateView(forms.ModalFormView):
form_class = project_forms.CreateUserForm
4)
* Keystone API
./horizon/openstack_dashboard/api/keystone.py
5)
* forms.py
./horizon/openstack_dashboard/dashboards/admin/users/forms.py
class CreateUserForm(BaseUserForm):
def handle(self, request, data):
##Keystone API call to create user
new_user = api.keystone.user_create()
Flow of Horizon Keystone API
######################
* How to call keystone API from Horizon
1)
* Keystone API
./horizon/openstack_dashboard/api/keystone.py
a)
* Get endpoing url
def _get_endpoint_url(request, endpoint_type, catalog=None):
auth_url = getattr(settings, 'OPENSTACK_KEYSTONE_URL')
return url
b)
* Get a client connected to the Keystone backend
def keystoneclient(request, admin=False):
api_version = VERSIONS.get_active_version()
cache_attr = "_keystoneclient_admin" if admin else backend.KEYSTONE_CLIENT_ATTR
endpoint = _get_endpoint_url(request, endpoint_type)
conn = api_version['client'].Client(token=user.token.id,
endpoint=endpoint)
setattr(request, cache_attr, conn)
return conn
c)
* Create User
def user_create(request, name=None, email=None, password=None, project=None, enabled=None, domain=None):
###Get a client connected to the Keystone backend
manager = keystoneclient(request, admin=True).users
if VERSIONS.active < 3:
###Make API call
user = manager.create(name, password, email, project, enabled)
return VERSIONS.upgrade_v2_user(user)
else:
###Make API call
return manager.create(name, password=password, email=email, project=project, enabled=enabled, domain=domain)
d)
VERSIONS = IdentityAPIVersionManager("identity", preferred_version=3)
e)
# Set up our data structure for managing Identity API versions, and
# add a couple utility methods to it.
class IdentityAPIVersionManager(base.APIVersionManager):
def upgrade_v2_user(self, user):
if getattr(user, "project_id", None) is None:
user.project_id = getattr(user, "tenantId", None)
return user
def get_project_manager(self, *args, **kwargs):
if VERSIONS.active < 3:
manager = keystoneclient(*args, **kwargs).tenants
else:
manager = keystoneclient(*args, **kwargs).projects
return manager
f)
./horizon/openstack_dashboard/api/base.py
class APIVersionManager(object):
Keystone Service Ports
###############
a)
Both ports 35357 and 5000 are used by keystone.
The first (35357) is used in internal and administrative requests while 5000 should be used by public requests.
https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/17
b)
Horizon using following endpoint of keystone service if we alogged in as horizon admin
*endpoint:http://10.0.3.15:35357/v3
c)
This endpoint http://10.0.3.15:35357/v3 is comming from the django app "django_openstack_auth"
*
https://github.com/gabrielhurley/django_openstack_auth
* Search for the port 35357
* ./django_openstack_auth/openstack_auth/tests/data_v3.py
##################