Monday, November 18, 2013

Openstack Horizon flow of create user action

1)
* horizon uses the app "openstack_auth" for authentication
AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend',)

2)
* Horizon settings.py

./horizon/openstack_dashboard/settings.py

3)
* Horizon settings.py (Keystone settings)

AUTHENTICATION_BACKENDS = ('openstack_auth.backend.KeystoneBackend',)
OPENSTACK_KEYSTONE_URL = "http://localhost:5000/v2.0"
OPENSTACK_KEYSTONE_DEFAULT_ROLE = "Member"

OPENSTACK_KEYSTONE_MULTIDOMAIN_SUPPORT = True
OPENSTACK_KEYSTONE_DEFAULT_DOMAIN = 'test_domain'

OPENSTACK_KEYSTONE_BACKEND = {
    'name': 'native',
    'can_edit_user': True,
    'can_edit_group': True,
    'can_edit_project': True,
    'can_edit_domain': True,
    'can_edit_role': True
}

POLICY_FILES = {
    'identity': 'keystone_policy.json',
    'compute': 'nova_policy.json'
}

Create User Flow
############

1)
* Url

http://192.168.56.101/admin/users/create/

2)
* urls.py

./horizon/openstack_dashboard/dashboards/admin/users/urls.py

3)
* views.py

./horizon/openstack_dashboard/dashboards/admin/users/views.py
import forms as project_forms
class CreateView(forms.ModalFormView):
    form_class = project_forms.CreateUserForm

4)
* Keystone API

./horizon/openstack_dashboard/api/keystone.py

5)
* forms.py

./horizon/openstack_dashboard/dashboards/admin/users/forms.py
class CreateUserForm(BaseUserForm):
    def handle(self, request, data):
        ##Keystone API call to create user
        new_user = api.keystone.user_create()

Flow of Horizon Keystone API
######################


* How to call keystone API from Horizon
1)
* Keystone API
./horizon/openstack_dashboard/api/keystone.py

a)
* Get endpoing url

def _get_endpoint_url(request, endpoint_type, catalog=None):
    auth_url = getattr(settings, 'OPENSTACK_KEYSTONE_URL')
    return url

b)
* Get a client connected to the Keystone backend

def keystoneclient(request, admin=False):
    api_version = VERSIONS.get_active_version()
    cache_attr = "_keystoneclient_admin" if admin else backend.KEYSTONE_CLIENT_ATTR
    endpoint = _get_endpoint_url(request, endpoint_type)
        conn = api_version['client'].Client(token=user.token.id,
                                            endpoint=endpoint)
        setattr(request, cache_attr, conn)
        return conn

c)
* Create User

def user_create(request, name=None, email=None, password=None, project=None, enabled=None, domain=None):
    ###Get a client connected to the Keystone backend
    manager = keystoneclient(request, admin=True).users
    if VERSIONS.active < 3:
    ###Make API call
        user = manager.create(name, password, email, project, enabled)
        return VERSIONS.upgrade_v2_user(user)
    else:
    ###Make API call
        return manager.create(name, password=password, email=email, project=project, enabled=enabled, domain=domain)

d)
VERSIONS = IdentityAPIVersionManager("identity", preferred_version=3)

e)

# Set up our data structure for managing Identity API versions, and
# add a couple utility methods to it.
class IdentityAPIVersionManager(base.APIVersionManager):
    def upgrade_v2_user(self, user):
        if getattr(user, "project_id", None) is None:
            user.project_id = getattr(user, "tenantId", None)
        return user

    def get_project_manager(self, *args, **kwargs):
        if VERSIONS.active < 3:
            manager = keystoneclient(*args, **kwargs).tenants
        else:
            manager = keystoneclient(*args, **kwargs).projects
        return manager

f)
./horizon/openstack_dashboard/api/base.py
class APIVersionManager(object):

Keystone Service Ports
###############

a)
Both ports 35357 and 5000 are used by keystone.
The first (35357) is used in internal and administrative requests while 5000 should be used by public requests.

https://github.com/mseknibilel/OpenStack-Folsom-Install-guide/issues/17
b)
Horizon using following endpoint of keystone service if we alogged in as horizon admin
*endpoint:http://10.0.3.15:35357/v3

c)
This endpoint http://10.0.3.15:35357/v3 is comming from the django app "django_openstack_auth"
* https://github.com/gabrielhurley/django_openstack_auth
* Search for the port 35357
* ./django_openstack_auth/openstack_auth/tests/data_v3.py

##################



No comments:

Post a Comment