keystone基本概念的介绍
To access some service, users provide their credentials to Keystone and receive a token. The token is just a string that is connected to the user and tenant internally by Keystone. This token travels between services with every user request or requests generated by a service to another service to process the user’s request.The users find a URL of a service that they need. If the user, for example, wants to spawn a new VM instance in Nova, one can find an URL to Nova in the list of endpoints provided by Keystone and send an appropriate request.After that, Nova verifies the validity of the token in Keystone and should create an instance from some image by the provided image ID and plug it into some network. At first Nova passes this token to Glance to get the image stored somewhere in there. After that, it asks Quantum to plug this new instance into a network; Quantum verifies whether the user has access to the network in its own database and to the interface of VM by requesting info in Nova. All the way this token travels between services so that they can ask Keystone or each other for additional information or some actions.
直接上代码
/** *建立认证连接 **/
public OSClientV3 getOSClientV3(String tenantId,String userid,
String password,String region){
String url = "http://127.0.0.1:5000/v3";
if (tenantId == null || tenantId.equals("")) {
tenantId = "defaultTenantId";
}
OSClientV3 osv3 = OSFactory.builderV3().endpoint(url)
.credentials(userid, password)
.scopeToProject(Identifier.byId(tenantId)).authenticate();
if (region != null && !"".equals(region)) {
osv3.useRegion(region);
}
return osv3;
}