[Openstack] Network setup - Swift / keystone location and configuraton?

Hugo tonytkdk at gmail.com
Mon Jan 21 11:44:53 UTC 2013


Exactly

從我的 iPhone 傳送

Brian Ipsen <brian.ipsen at ryesgade47c.dk> 於 2013/1/21 下午4:55 寫道:

> Hi,
>  
> Just to clear things up:
>  
> I am still trying to figure out how the different components interact, and exactly what the different parameters on the keystone command does. Once I get that understanding, things will probably be much easier J
> [Reply] 
> Yes , that's the keypoint. You must understand the workflow. 
> My assumption is your proxy pipline is using tokenauth and keystone even swift-auth .
> The full request workflow is :
> client send username/password --> keystone verify it --> return token and service(swift) url to client --> client use returned url and token to swift-proxy --> proxy verify the token by asking keystone immediately ---> keystone confirmed it with several information includes role etc. --> the request pass the token-auth filter --> check the role with swift-auth middleware --> do the operation for user --> returned the result(status) 
>  
> So the client contacts the keystone server first(directly) - on the URL it is listening on (NAT'ed from public network)? Keystone returns tokenand service URL - and then the client connects to the proxy using the token ?
>  
> Regards
> Brian
>  
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openstack.org/pipermail/openstack/attachments/20130121/a76be796/attachment.html>


More information about the Openstack mailing list