OpenStack Paste.ini详解(一)

问题背景

最近在研究openstack 服务的源代码,由于项目代码较多对其又不熟悉,刚开始就不知道从哪里开始入手分析。经过分析发现,在正式分析源码之前需要对python的wsgi、paste、routes和webob这几个模块有所了解才可以继续深入。在此,就我对paste的学习理解首先分享出来,其余模块接下来会娓娓道来。

研究对象

  • Devstack 安装的OpenStack Pike版本的Cinder项目

研究过程

1、打开cinder项目下的paste.ini文件,如下所示:

[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
/v3: openstack_volume_api_v3

[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1

[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2

[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3

[filter:request_id]
paste.filter_factory = oslo_middleware.request_id:RequestId.factory

[filter:http_proxy_to_wsgi]
paste.filter_factory = oslo_middleware.http_proxy_to_wsgi:HTTPProxyToWSGI.factory

[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = cinder

[filter:faultwrap]
paste.filter_factory = cinder.api.middleware.fault:FaultWrapper.factory

[filter:osprofiler]
paste.filter_factory = osprofiler.web:WsgiMiddleware.factory

[filter:noauth]
paste.filter_factory = cinder.api.middleware.auth:NoAuthMiddleware.factory

[filter:sizelimit]
paste.filter_factory = oslo_middleware.sizelimit:RequestBodySizeLimiter.factory

[app:apiv1]
paste.app_factory = cinder.api.v1.router:APIRouter.factory

[app:apiv2]
paste.app_factory = cinder.api.v2.router:APIRouter.factory

[app:apiv3]
paste.app_factory = cinder.api.v3.router:APIRouter.factory

[pipeline:apiversions]
pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp

[app:osvolumeversionapp]
paste.app_factory = cinder.api.versions:Versions.factory

[filter:keystonecontext]
paste.filter_factory = cinder.api.middleware.auth:CinderKeystoneContext.factory

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

通过观察,我们很快就能发现这个文件的规律。都是以[type:name]的形式组织起来的,只不过type:name的名称和所包含的内容不太相同而已,接下来我们就对这个文件进行分析;

2、首先,我们需要明确几个概念:

  • 针对composite、app、filter或者pipeline这种带有[]的,我们称之为section;
  • composite:request进来后通过的第一个section,表示需要将一个http url request调度到一个或者多个application上;
  • filter:是一个实现了过滤功能的中间件(将application进行进一步的封装),用于过滤request和response;
  • pipeline:最后一个名字对应的一定是app类型,非最后一个名字对应的是filter;
  • app:一个app就是一个实现主要功能的具体application。所以,app必须是callable object类型,接受的参数(environ, start_response),这是WSGI server交给application的符合WSGI规范的参数。

3、下面对各个section进行简单介绍
(1)[composite:name]
composite section定义了一种application,表示将请求调度定向到多个或者多种应用上。composite section可以是WSGI application的集合,可以包括其他application section中定义的application,常用用法:

[composite:osapi_volume]
use = call:cinder.api:root_app_factory
/: apiversions
/v1: openstack_volume_api_v1
/v2: openstack_volume_api_v2
/v3: openstack_volume_api_v3

[composite:openstack_volume_api_v1]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv1
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv1

[composite:openstack_volume_api_v2]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv2
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv2

[composite:openstack_volume_api_v3]
use = call:cinder.api.middleware.auth:pipeline_factory
noauth = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler noauth apiv3
keystone = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3
keystone_nolimit = cors http_proxy_to_wsgi request_id faultwrap sizelimit osprofiler authtoken keystonecontext apiv3

(2)[filter:name]
filter section定义了一个过滤器,过滤器接收一个application参数作为对象,并返回一个封装后的application;

(3)[filter-app:name]
filter-app section定义的也是过滤器,这个过滤器直接作用在application上面。filter-app section表明对某个application进行修饰,需要修饰的application通过参数next指明,例如:
[filter-app:myblog]
use = egg:Authentication
next = myblogapp
这个字段表明在正式调用myblogapp之前,会调用egg:Authentication进行用户验证,随后才会调用myblogapp进行处理,这也就实现了对myblogapp的修饰。

(4)[pipeline:name]
当使用多个filter的时候需要使用pipeline的方式,它需要提供一个key参数pipeline,后面的值是一个列表,最后以应用结尾。如下:

[pipeline:apiversions]
pipeline = cors http_proxy_to_wsgi faultwrap osvolumeversionapp

(5)[app:name]
app section直接或间接地定义了一个符合WSGI协议的应用application,有以下几种使用方法:

  • 指向某个配置文件中的application
[app:app_1]
use = config:another_config_file.ini
  • 指向某个URL
    [app:app_2]
    use = egg:App_2
  • 指向从指定模块可调用的application
    [app:app_3]
    use = call:my.project:APP_3
  • 指向其他已经定义或即将定义的section
    [app:app_4]
    use = app_4
  • 直接指向具体的python代码(cinder中,应用的就是这种定义的section方式)
    [app:app_5]
    paste.app_factory = myapp.moudulename:app_factor
posted @ 2018-02-05 11:10  月缺一格  阅读(1048)  评论(0编辑  收藏  举报