2021SC@SDUSC
细嚼慢咽读源码
前置知识:
- Services概念:Services是由Nova组件提供的。一般来说,一个Nova组件作为一个进程运行在controller或compute节点来提供服务。这些services中是有面向最终使用者的,比如REST API service,但绝大部分是来和其它Nova services协同工作的。每个service状态由Nova监控,如果service它无法正常响应,Nova将调整它的状态,这样请求就不会再发给它。service也可以呗Administrator控制,用以运行维护或升级程序,或响应工作负载的变化。
下面介绍几个关键services:- nova-osapi_compute: 这个service为使用者提供REST API和application客户端【注意:OpenStack中组件间的通信通过REST API,组件内通信通过rpc机制,所以调用nova组件的请求最先交给osapi_compute处理】;
- nova-metadata: 这个service为servers提供Metadata API,这些metadata是用来配置正在运行的server的;
- nova-scheduler: 这个service提供计算请求调度,它是通过追踪可用资源找到最能满足请求的host;
- nova-conductor: 这个service为Nova和其它OpenStack service提供数据库访问服务,并处理由不同services运行不同版本的代码带来内部版本兼容性问题,它还负责处理需要长时间运行的请求。
- nova-compute: 这个service运行在每一个计算节点上,并与该节点上管理计算资源的hypervisor通信。
- Hosts概念:Host是为Nova创建的虚拟servers提供资源的物理机,它上面运行了一个hypervisor,用于实际处理虚拟servers的创建和管理。Host也运行Nova compute service,从Nova接受请求并与安装在该机器上的虚拟servers交互。当compute service收到一个请求,它为hypervisor调用driver中的相应方法来执行请求。driver扮演从抽象的Nova request到hypervisor能理解的调用的翻译官角色。Host将它们当前的状态返回给Nova,scheduler service追踪这一过程,即可把请求交给主机上的新的虚拟servers以便被最好地完成。
- horizon想开启nova的时候,会先找keystone要一个auth_token(via RESTful API),并将其放在向api发送的请求中(via RESTful API)。nova-api监听到请求后,先想keystone发送认证请求,查看token是否为有效用户和token,如有效则返回有效的认证和对应的角色(注:有些操作需要有角色权限才能操作),再开始干活。
request处理流程:OpenStack Paste.ini详解(二)
WSGI server接收到URL形式的request时,这些request首先会被Paste模块按照配置文件paste.ini进行处理,其过程大致如下:
- composite:将request和application进行映射。然后将request转发到pipeline或app中,最终到达指定的application;
- pipeline:包含filter和app;
- filter:调用具体的中间件(MiddleWare)对request进行过滤处理;
- app:具体的application实现对request的操作;
etc/nova/api-paste.ini:
############
# Metadata #
############
[composite:metadata]
use = egg:Paste#urlmap
/: meta
[pipeline:meta]
pipeline = cors metaapp
[app:metaapp]
paste.app_factory = nova.api.metadata.handler:MetadataRequestHandler.factory
#############
# OpenStack #
#############
[composite:osapi_compute]
use = call:nova.api.openstack.urlmap:urlmap_factory
/: oscomputeversions
/v2: oscomputeversion_legacy_v2
/v2.1: oscomputeversion_v2
# v21 is an exactly feature match for v2, except it has more stringent
# input validation on the wsgi surface (prevents fuzzing early on the
# API). It also provides new features via API microversions which are
# opt into for clients. Unaware clients will receive the same frozen
# v2 API feature set, but with some relaxed validation
/v2/+: openstack_compute_api_v21_legacy_v2_compatible
/v2.1/+: openstack_compute_api_v21
[composite:openstack_compute_api_v21]
use = call:nova.api.auth:pipeline_factory_v21
keystone = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler authtoken keystonecontext osapi_compute_app_v21
# DEPRECATED: The [api]auth_strategy conf option is deprecated and will be
# removed in a subsequent release, whereupon this pipeline will be unreachable.
noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler noauth2 osapi_compute_app_v21
[composite:openstack_compute_api_v21_legacy_v2_compatible]
use = call:nova.api.auth:pipeline_factory_v21
keystone = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler authtoken keystonecontext legacy_v2_compatible osapi_compute_app_v21
# DEPRECATED: The [api]auth_strategy conf option is deprecated and will be
# removed in a subsequent release, whereupon this pipeline will be unreachable.
noauth2 = cors http_proxy_to_wsgi compute_req_id faultwrap request_log sizelimit osprofiler noauth2 legacy_v2_compatible osapi_compute_app_v21
[filter:request_log]
paste.filter_factory = nova.api.openstack.requestlog:RequestLog.factory
[filter:compute_req_id]
paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.factory
[filter:faultwrap]
paste.filter_factory = nova.api.openstack:FaultWrapper.factory
# DEPRECATED: NoAuthMiddleware will be removed in a subsequent release,
# whereupon this filter will cease to function.
[filter:noauth2]
paste.filter_factory = nova.api.openstack.auth:NoAuthMiddleware.factory
[filter:osprofiler]
paste.filter_factory = nova.profiler:WsgiMiddleware.factory
[filter:sizelimit]
paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory
[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory
[filter:legacy_v2_compatible]
paste.filter_factory = nova.api.openstack:LegacyV2CompatibleWrapper.factory
[app:osapi_compute_app_v21]
paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory
[pipeline:oscomputeversions]
pipeline = cors faultwrap request_log http_proxy_to_wsgi oscomputeversionapp
[pipeline:oscomputeversion_v2]
pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi oscomputeversionapp_v2
[pipeline:oscomputeversion_legacy_v2]
pipeline = cors compute_req_id faultwrap request_log http_proxy_to_wsgi legacy_v2_compatible oscomputeversionapp_v2
[app:oscomputeversionapp]
paste.app_factory = nova.api.openstack.compute.versions:Versions.factory
[app:oscomputeversionapp_v2]
paste.app_factory = nova.api.openstack.compute.versions:VersionsV2.factory
##########
# Shared #
##########
[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = nova
[filter:keystonecontext]
paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory
[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory
结合前置知识来理解: