统一命令行客户端
OpenStack 统一客户端
#!wiki caution '''This document is potentially superceded''' A new project has been created along these lines: see [[UnifiedCLI]] for more information. FIXME: Ideally the valuable ideas in this document should be merged into [[UnifiedCLI]], and then this page removed to avoid confusion.
使用多个 OpenStack 项目可能非常繁琐,因为它们都有自己的命令行工具。拥有一个单一的命令行界面 (CLI) 将有助于统一项目开发人员,减少操作上的麻烦,并为用户提供更好的整体体验。
从认证/授权开始
如果调用我们统一 CLI 的第一步是对提供的认证端点(由 Keystone 兼容服务管理)进行认证,那么可以立即向用户提供有关可使用哪些服务的信息。
例如,如果提供不正确的认证信息,或者给出了无效/无法访问的 URL
$ os usage: os [--url URL] [--username USERNAME] [--apikey APIKEY] [--project PROJECT] Command-line interface for connecting to various OpenStack projects. Correct authentication URL and credentials must be supplied before more detailed options can be given.
一旦提供了有效的认证信息,我们可以为用户提供有关可用服务的更好概述
$ os usage: os <project> Command-line interface for connecting to various OpenStack projects. Supported projects: compute Manage compute nodes via the "Nova" API. image Manage disk images via the "Glance" API. queue Manage queues via the "Burrow" API. volume Manage remote disk volumes via the "Lunr" API. auth Manage authentication and authorization via the "Keystone" API. network Manage networks via the "Melange" API.
上述服务列表是通过读取 Keystone 服务提供的服务目录生成的,目前看起来像这样
{
"auth":{
"token":{
"id":"asdasdasd-adsasdads-asdasdasd-adsadsasd",
"expires":"2010-11-01T03:32:15-05:00"
},
"serviceCatalog":{
"service1":[
{
"region":"DFW",
"publicURL":"https://service1-public/v1/blah-blah",
"internalURL":"https://service1-internal/v1/blah-blah"
},
{
"region":"ORD",
"publicURL":"https://service1-public-ord/v1/blah-blah",
"internalURL":"https://service1-internal-ord/v1/blah-blah"
}
],
"service2":[
{
"region":"DFW",
"publicURL":"https://service2-public-dfw/v1/blah-blah"
},
{
"region":"ORD",
"publicURL":"https://service2-public-orf/v1/blah-blah"
}
],
"service3":[
{
"publicURL":"https://service3-public/v1/blah-blah"
}
]
}
}
}
当在命令行中选择一个服务时,将根据当前认证用户的授权生成详细信息。例如
$ os compute usage: os compute <command> Command-line interface for retrieving information from an OpenStack Compute service. Supported API versions: --version=1.0 --version=1.1 [Default] Supported commands: boot Boot a new server. delete Shut down and delete a server. flavor-list Print a list of available 'flavors'. image-list Print a list of available disk images. snapshot Create a new disk image based on a currently running server. list List active servers. reboot Reboot a server. rebuild Shutdown, re-image, and re-boot a server. rename Rename a server. resize Begin the resize process. resize-confirm Confirm a previously started resize. resize-revert Revert a previously started resize. admin:diagnostics Retrieve server diagnostics. admin:boot Boot a new server, with extra options. admin:lock Lock a server, preventing any changes. admin:unlock Remove server lock, allowing future changes. zone:list List zones underneath this endpoint. zone:info Get information on this endpoint's zone. zone:add Add a new child zone underneath this endpoint.
我们可以看到该用户可以访问许多常用的 Compute 任务,但他们也被授权使用“Compute 管理扩展”和“Compute 区域扩展”的功能。您可以看出这些命令是由扩展提供的,因为它们前面带有相关的...前缀。
必需选项
我理解这种讽刺(?)在于有必需的选项,但它们在技术上不是必需的,因为它们会默认使用环境变量,所以将它们作为命令行参数不是一个选项。
| 命令行选项 | 环境变量 |
| --url | OS_AUTH_URL |
| --project | OS_PROJECT_ID |
| --username | OS_AUTH_USER |
| --api_key | OS_AUTH_KEY |
潜在问题
- 在涉及缓存之前,此实现可能会很慢,因为即使是上述错误响应视图也需要与一个或多个 OpenStack 服务进行往返通信。缓存可以解决这个问题,但缓存不应被视为此客户端的第一个版本。
- 目前 Keystone 似乎正在返回版本化的服务 URL。例如,服务目录可能会返回 https://openstack.org/compute/v1.1 而不是 https://openstack.org/compute/。客户端应该能够像当前选择区域一样选择一个版本。
