[Openstack] Openstack Nova/Quantum :; api-paste.ini file
trinath.somanchi at gmail.com
Thu Dec 6 18:28:26 UTC 2012
Thanks a lot kevin..
Your explanation has cleared my doubts..
Keeping togethor what i understand...
Suppose, we have a resquest to Nova..
The following steps are performed...
1. The request is captured by webob and is authenticated by keystone and is
decorated to wsgi app
2. Nova-api maps the url params to extensions
3. Nova-api extensions return the data dict.. Which webob returns as
response to the request in json/xml format...
4. Paste-api helps the keystone and other modules for update of the
This the request is served...
In the above steps, i might be misunderstanding the concepts..
Kindly please help me by validating my understanding ...
On Dec 6, 2012 11:42 PM, "Kevin L. Mitchell" <kevin.mitchell at rackspace.com>
> It's probably best to ask these sorts of questions on the email list, as
> it gives an opportunity to others to answer them, as well as allowing
> others who may have similar questions to see the answers in the first
> On Thu, 2012-12-06 at 23:24 +0530, Trinath Somanchi wrote:
> >  In nova or quantum api,
> > We can access the .conf params,
> > This way...
> > cfg.Conf.xxxxx as per the soutce code... We can get the
> > api-paste-config too.. But i wonder how we can get the paste api confs
> > values too accessible this way.... Like, admin_user .....
> PasteDeploy passes configuration options as arguments to the
> constructors/factories for the various applications and middleware.
> But, as I say, we're trying to avoid relying on this data in nova; the
> only consumer of it I am aware of is the Keystone auth_token middleware,
> and it has the capability now of specifying its necessary configuration
> in the [keystone_authtoken] section of the nova/glance/quantum/cinder
> configuration files. (I suspect the Keystone team is deprecating the
> configuration through api-paste.ini.) This should all be documented in
> the PasteDeploy manual…
> >  since nova/quantum run as services, how do webob and wsgi play a
> > role to prepare the request dict?
> At this point, we leave behind PasteDeploy. To answer your second
> question first, WSGI is an interface specification; it describes how a
> web application can be called by the server which receives the HTTP
> request. You can find out more about WSGI from PEP-333, at:
> As for webob, that is another package used by nova, etc., which changes
> the interface we actually implement; that is, a WSGI application is a
> callable taking a dictionary with the environment and a "start_response"
> callback, but webob takes these two arguments and encapsulates them in a
> Request class, which provides simplified access to the environment data
> and some utility methods. In essence, webob implements the
> strange-looking parts of the WSGI interface spec for us, and we can
> concentrate on getting the job done.
> >  When does( at what level )keystone authentication happens for
> > given RESTful request...
> Keystone authentication happens, for most projects, in two separate
> pieces of middleware. The first is auth_token, contained in the
> python-keystoneclient package (it was just moved from the keystone
> package); this piece of middleware grabs the token out of the incoming
> request, verifies that it is a valid and unexpired token, then inserts
> various authentication data needed by the project (user and tenant IDs,
> for instance).
> The second piece of authentication is more or less a shim between the
> Keystone auth_token and the project; it extracts the data that
> auth_token injected into the request, then builds a project-specific
> authentication context. This context is how the various projects keep
> track of what user made the request, and is used in authorization checks
> ("Does this user have permission to take this action on this
> Kevin L. Mitchell <kevin.mitchell at rackspace.com>
> Mailing list: https://launchpad.net/~openstack
> Post to : openstack at lists.launchpad.net
> Unsubscribe : https://launchpad.net/~openstack
> More help : https://help.launchpad.net/ListHelp
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Openstack