openstack中的paste和deploy

参考：http://techbackground.blogspot.tw/2013/03/if-you-are-new-to-openstack-you-may-be.html

Paste config in OpenStack

If you are new to OpenStack you may be wondering what  ini files like this are all about. OpenStack services (Nova, Glance, Quantum etc) use  Paste Deployment to wire up middleware like authorisation, API extensions, request rate limiting etc. It helps to have a basic knowledge of this stuff for installing and troubleshooting. This post is a simple example based on this  presentation. Here I have put the various parts in different modules.


First the application in a module named app_layer which uses  WebOb

from webob import Response

from webob.dec import wsgify

@wsgify

def application(request):

return Response('Hello, welcome to paste \n')

def app_factory(global_config, **local_config):

return application

view raw app_layer.py hosted with ❤ by GitHub

Then a filter that does simple authorisation in a module named auth_layer

from webob.dec import wsgify

from webob import exc

@wsgify.middleware

def auth_filter(request, app):

if request.headers.get('X-Auth-Token') != 'open-sesame':

return exc.HTTPForbidden()

return app(request)

def filter_factory(global_config, **local_config):

return auth_filter

view raw auth_layer.py hosted with ❤ by GitHub

Then the paste configuration file

[pipeline:main]

pipeline = auth hello

[app:hello]

paste.app_factory = app_layer:app_factory

[filter:auth]

paste.filter_factory = auth_layer:filter_factory

view raw paste.ini hosted with ❤ by GitHub

Finally a script to load the application based on the configuration file

from paste import httpserver

from paste.deploy import loadapp

wsgi_app = loadapp('config:' + '/etc/example/paste.ini')

httpserver.serve(wsgi_app, host='127.0.0.1', port=8080)

view raw start_app.py hosted with ❤ by GitHub

So this script reads the config file, and for each item in the pipeline list, it jumps to that section to find the module name and factory function name for it. Now it is possible to see how the http server can be setup so incoming requests will flow through a pipeline of functions that were returned by the factories.

$ python start_app.py

serving on http://127.0.0.1:8080

$ curl -H "X-Auth-Token:open-sesame" http://127.0.0.1:8080

Hello, welccome to paste

$ curl -H "X-Auth-Token:bad-token" http://127.0.0.1:8080

<html>

<head>

<title>403 Forbidden</title>

</head>

<body>

<h1>403 Forbidden</h1>

Access was denied to this resource.<br /><br />

</body>

</html>

view raw paste-console hosted with ❤ by GitHub

So now by just editing the config file, you can swap out the auth for a different implementation, or remove it completely, or add more filters.