Liberty nova-api HTTP请求执行流程

本博客欢迎转载，但请注明出处 http://blog.csdn.net/ringoshen/article/details/51387038

由于能力与时间有限，文章内容难免错漏，望大家多加指正，相互进步！

0. 前言

这次看了一下nova list命令的执行过程，整个过程可以分为几步：HTTP请求、URLMap分发、过滤、APIRouter到具体执行函数，接下来使用Postman组个包并发送http请求作为开始对各个模块进行跟踪和注解。

1. HTTP请求

OpenStack组件都是通过RESTful API向外提供服务，也就是说可以通过http的方式操作OpenStack。而操作的大致步骤分为两步：身份认证、发送任务，我们可以看一下http命令的实际操作情况。

首先是身份认证，这一步由keystone完成，返回token。



之后我们可以拿这个获取到的token去进行具体操作。

2. URLMap分发

还是先看一下代码，之前在Liberty nova-api启动流程分析的最后我们看到osapi_compute app负责监听8774端口，其实这个服务就是一个URLMap的callable对象，现在接收到8774端口的http请求时，调用URLMap的call()。

# nova/api/openstack/urlmap.py

class URLMap(paste.urlmap.URLMap):
def __call__(self, environ, start_response):
# host = '172.29.152.111:8774'
host = environ.get('HTTP_HOST', environ.get('SERVER_NAME')).lower()
... ...  ... ...
... ...  ... ...
# path_info = '/v2.1/35a94cc2b7bd4f088019dbc61f6dce37'
# mime_type = None, app_url = '/v2.1'
# app = <function wrap at 0x7ff89c03e410>
mime_type, app, app_url = self._path_strategy(host, port, path_info)
if (app_url and app_url + '/' == path_info) or path_info == '/':
supported_content_types.append('application/atom+xml')
... ...  ... ...
... ...  ... ...
if app:
# environ['nova.best_content_type'] = 'application/json'
environ['nova.best_content_type'] = mime_type
return app(environ, start_response)
... ...  ... ...
... ...  ... ...

# nova/api/openstack/urlmap.py

class URLMap(paste.urlmap.URLMap):
def _path_strategy(self, host, port, path_info):
... ...  ... ...
... ...  ... ...
# parts = ['', 'v2.1', '35a94cc2b7bd4f088019dbc61f6dce37']
parts = path_info.split('/')
if len(parts) > 1:
# possible_app = <oslo_middleware.cors.CORS object at 0x7ff89da5ff50>
# possible_app_url = '/v2.1'
# 这边开始进行版本匹配，获取相应的app
possible_app, possible_app_url = self._match(host, port, path_info)

if possible_app and possible_app_url:
# app_url = '/v2.1'
app_url = possible_app_url
# app = <function wrap at 0x7ff89c03e410>
app = self._munge_path(possible_app, path_info, app_url)
# mime_type = None
# app = <function wrap at 0x7ff89c03e410>
# app_url = '/v2.1'
return mime_type, app, app_url

之后的_match()方法真正实现根据版本调用app。

# nova/api/openstack/urlmap.py

class URLMap(paste.urlmap.URLMap):
# 下面涉及到初始化的时候设置的applications参数，这边列出初始化的结果
# self.applications =
#     [((None, '/v2.1'), <oslo_middleware.cors.CORS object at 0x7ff89da5ff50>),
#     ((None, '/v2'), <oslo_middleware.cors.CORS object at 0x7ff89e15a310>),
#     ((None, ''), <nova.api.openstack.FaultWrapper object at 0x7ff89d9e5950>)]

def _match(self, host, port, path_info):
"""Find longest match for a given URL path."""
# eg. v21版本对应的是openstack_compute_api_v21 app，根据pipeline的定义，
#     最后一个filter是cors，所以可以看见app的类型如下：
#     domain = None
#     app_url = '/v2.1'
#     app = <oslo_middleware.cors.CORS object at 0x7ff89da5ff50>
for (domain, app_url), app in self.applications:
if domain and domain != host and domain != host + ':' + port:
continue
# 这里根据之前初始化设置的urlmap进行匹配
if (path_info == app_url
or path_info.startswith(app_url + '/')):
return app, app_url
return None, None

3. 过滤

之前获取的app是经过filter包装的，接下来按顺序看一下各个filter。

[composite:openstack_compute_api_v21]
use = call:nova.api.auth:pipeline_factory_v21
keystone = cors compute_req_id faultwrap sizelimit authtoken keystonecontext osapi_compute_app_v21

3.1 cors

CORS（Cross-Origin Resource Sharing，跨域资源共享），比如在编写javascript应用时如果需要直接使用openstack api，有可能会遇到同源策略的问题，那这边就需要扩展一下跨域资源共享，从代码的角度而言就是在api返回的response的header中加入Access-Control-Request-XXX等信息，这边简单列一下响应代码。

[filter:cors]
paste.filter_factory = oslo_middleware.cors:filter_factory
oslo_config_project = nova

# oslo_middleware/base.py

class ConfigurableMiddleware(object):
@webob.dec.wsgify
def __call__(self, req):
response = self.process_request(req)
# response = None
if response:
return response
# 获取app响应（调用下一个filter）
response = req.get_response(self.application)
(args, varargs, varkw, defaults) = getargspec(self.process_response)
# 对返回的response进行处理
if 'request' in args:
return self.process_response(response, request=req)
return self.process_response(response)

# oslo_middleware/cors.py

class CORS(base.ConfigurableMiddleware):
def process_response(self, response, request=None):
if 'Access-Control-Allow-Origin' in response.headers:
return response
if request.method == 'OPTIONS':
return self._apply_cors_preflight_headers(request=request,
response=response)
# 设置CORS头信息
self._apply_cors_request_headers(request=request, response=response)

# Finally, return the response.
return response

# oslo_middleware/cors.py

class CORS(base.ConfigurableMiddleware):
def _apply_cors_preflight_headers(self, request, response):
... ...  ... ...
... ...  ... ...
response.headers['Vary'] = 'Origin'
response.headers['Access-Control-Allow-Origin'] = origin
if cors_config['allow_credentials']:
response.headers['Access-Control-Allow-Credentials'] = 'true'
if 'max_age' in cors_config and cors_config['max_age']:
response.headers['Access-Control-Max-Age'] = str(cors_config['max_age'])
response.headers['Access-Control-Allow-Methods'] = request_method
if request_headers:
response.headers['Access-Control-Allow-Headers'] = ','.join(request_headers)
return response

3.2 compute_req_id

此模块就是给接收到的request进行编号，这样可以方便对request任务进行跟踪。

[filter:compute_req_id]
paste.filter_factory = nova.api.compute_req_id:ComputeReqIdMiddleware.facto
12236
ry

# nova/api/compute_req_id.py

class ComputeReqIdMiddleware(base.Middleware):

@webob.dec.wsgify
def __call__(self, req):
# 创建一个uuid作为request id
req_id = context.generate_request_id()
# 在request的环境变量中加入req_id
req.environ[ENV_REQUEST_ID] = req_id
response = req.get_response(self.application)
# 如果'x-compute-request-id'不在response的header中，那就加上req_id
if HTTP_RESP_HEADER_REQUEST_ID not in response.headers:
response.headers.add(HTTP_RESP_HEADER_REQUEST_ID, req_id)
return response

# oslo_context/context.py

def generate_request_id():
# 其实就是直接生成uuid
return 'req-%s' % uuid.uuid4()

3.3 faultwrap

此模块只对错误进行包装处理。

[filter:faultwrap]
paste.filter_factory = nova.api.openstack:FaultWrapper.factory

# nova/api/openstack/__init__.py

class FaultWrapper(base_wsgi.Middleware):
@webob.dec.wsgify(RequestClass=wsgi.Request)
def __call__(self, req):
try:
return req.get_response(self.application)
except Exception as ex:
return self._error(ex, req)

3.4 sizelimit

此模块对request的body大小进行了限制，超出则抛出异常或者截取相应大小。

[filter:sizelimit]
paste.filter_factory = oslo_middleware:RequestBodySizeLimiter.factory

# oslo_middleware/sizelimit.py

class RequestBodySizeLimiter(base.ConfigurableMiddleware):
@webob.dec.wsgify
def __call__(self, req):
# 最大request body大小
max_size = self._conf_get('max_request_body_size')
# 超出默认大小的body则异常
if (req.content_length is not None and
req.content_length > max_size):
msg = _("Request is too large.")
raise webob.exc.HTTPRequestEntityTooLarge(explanation=msg)
# 没有content_length字段则截取max_size大小的body
if req.content_length is None and req.is_body_readable:
limiter = LimitingReader(req.body_file, max_size)
req.body_file = limiter
return self.application

3.5 authtoken

此模块主要是对token进行验证，并把token中的数据加到request的header中。

[filter:authtoken]
paste.filter_factory = keystonemiddleware.auth_token:filter_factory

# keystonemiddleware/auth_token/__init__.py

def filter_factory(global_conf, **local_conf):
"""Returns a WSGI filter app for use with paste.deploy."""
conf = global_conf.copy()
conf.update(local_conf)

def auth_filter(app):
return AuthProtocol(app, conf)
return auth_filter

# keystonemiddleware/auth_token/__init__.py

class BaseAuthProtocol(object):
@webob.dec.wsgify(RequestClass=_request._AuthTokenRequest)
def __call__(self, req):
"""Handle incoming request."""
response = self.process_request(req)
if response:
return response
response = req.get_response(self._app)
return self.process_response(response)

接下来看一下process_request方法怎过滤request。

# keystonemiddleware/auth_token/__init__.py

class AuthProtocol(BaseAuthProtocol):
def process_request(self, request):
# 删除指定的header，防止被人仿冒身份进行认证
request.remove_auth_headers()
self._token_cache.initialize(request.environ)
# 在基类的定义中完成token的验证
resp = super(AuthProtocol, self).process_request(request)
... ...  ... ...
... ...  ... ...
# 之后就是设置request header的相关参数
if request.user_token_valid:
user_auth_ref = request.token_auth._user_auth_ref
request.set_user_headers(user_auth_ref)
if self._include_service_catalog:
request.set_service_catalog_headers(user_auth_ref)
if request.service_token and request.service_token_valid:
request.set_service_headers(request.token_auth._serv_auth_ref)
if self.log.isEnabledFor(logging.DEBUG):
self.log.debug('Received request from %s',
request.token_auth._log_format)

在基类的process_request中完成了token的验证，具体过程涉及keystone

# keystonemiddleware/auth_token/__init__.py

class BaseAuthProtocol(object):
def process_request(self, request):
user_auth_ref = None
serv_auth_ref = None
# 获取request的token
if request.user_token:
self.log.debug('Authenticating user token')
try:
# 获取token的数据进行验证并转化成AccessInfo形式
# 这个动作稍复杂，主要是根据token是否在cache中进行不同的处理
data, user_auth_ref = self._do_fetch_token(request.user_token)

# 验证token是否快要过期等
self._validate_token(user_auth_ref)
self._confirm_token_bind(user_auth_ref, request)
except ksm_exceptions.InvalidToken:
self.log.info(_LI('Invalid user token'))
request.user_token_valid = False
else:
request.user_token_valid = True
request.token_info = data

... ...  ... ...
... ...  ... ...

request.token_auth = _user_plugin.UserAuthPlugin(user_auth_ref, serv_auth_ref)

# keystonemiddleware/auth_token/__init__.py

class BaseAuthProtocol(object):
def _do_fetch_token(self, token):
# 获取token并做验证
data = self.fetch_token(token)
try:
# 返回token数据以及转换成AccessInfo形式的token
return data, access.create(body=data, auth_token=token)
except Exception:
self.log.warning(_LW('Invalid token contents.'), exc_info=True)
raise ksm_exceptions.InvalidToken(_('Token authorization failed'))

# keystonemiddleware/auth_token/__init__.py

class AuthProtocol(BaseAuthProtocol):
def fetch_token(self, token):
data = None
token_hashes = None
try:
# 为token生成hash，hash应该是token的标识符
token_hashes = self._token_hashes(token)
# 根据hash在cache中获取token
cached = self._cache_get_hashes(token_hashes)

if cached:
# 如果token在cache中，则获取cache中的token
data = cached
# 进一步验证token是否被撤销
if self._check_revocations_for_cached:
self._revocations.check(token_hashes)
else:
# 如果token不在cache中，则根据不同类型（pkiz，pki，etc）的token进行相应的处理和验证
data = self._validate_offline(token, token_hashes)
if not data:
data = self._identity_server.verify_token(token)
# 将token存入cache
self._token_cache.store(token_hashes[0], data)
... ...  ... ...
... ...  ... ...
return data

3.6 keystonecontext

此模块负责把request header的内容读取出来赋值给context。

[filter:keystonecontext]
paste.filter_factory = nova.api.auth:NovaKeystoneContext.factory

# nova/api/auth.py

class NovaKeystoneContext(wsgi.Middleware):
@webob.dec.wsgify(RequestClass=wsgi.Request)
def __call__(self, req):
... ...  ... ...
... ...  ... ...
# 获取request的header中的值并用以初始化RequestContext
ctx = context.RequestContext(user_id,
project_id,
user_name=user_name,
project_name=project_name,
roles=roles,
auth_token=auth_token,
remote_address=remote_address,
service_catalog=service_catalog,
request_id=req_id,
user_auth_plugin=user_auth_plugin)
# 把上下文对象ctx加到request的环境变量
req.environ['nova.context'] = ctx
return self.application

4. APIRouter(V21)到具体执行函数

APIRouterV21继承自nova.wsgi.Router，主要完成对资源的加载以及http请求路由到具体方法。关于routes.mapper可以参考routes的官方文档 。

[app:osapi_compute_app_v21]
paste.app_factory = nova.api.openstack.compute:APIRouterV21.factory

这边首先看一下APIRouterV21的初始化部分，这一部分主要涉及资源的注册以及路由信息的创建。

# nova/api/openstack/compute/__init__.py

class APIRouterV21(nova.api.openstack.APIRouterV21):
def __init__(self, init_only=None):
# _loaded_extension_info = {}
self._loaded_extension_info = extension_info.LoadedExtensionInfo()
super(APIRouterV21, self).__init__(init_only)

# nova/api/openstack/__init__.py

class APIRouterV21(base_wsgi.Router):
@staticmethod
def api_extension_namespace():
return 'nova.api.v21.extensions'

def __init__(self, init_only=None, v3mode=False):
# 验证扩展资源是否在黑名单中
def _check_load_extension(ext):
if (self.init_only is None or ext.obj.alias in
self.init_only) and isinstance(ext.obj, extensions.V21APIExtensionBase):

if (not CONF.osapi_v21.extensions_whitelist or
ext.obj.alias in CONF.osapi_v21.extensions_whitelist):

blacklist = CONF.osapi_v21.extensions_blacklist
if ext.obj.alias not in blacklist:
return self._register_extension(ext)
return False

... ...  ... ...
... ...  ... ...
# 使用stevedore模块载入setup.cfg中'nova.api.v21.extensions'下的所有资源，
# 使用check_func对资源进行验证
self.api_extension_manager = stevedore.enabled.EnabledExtensionManager(
namespace=self.api_extension_namespace(),
check_func=_check_load_extension,
invoke_on_load=True,
invoke_kwds={"extension_info": self.loaded_extension_info})
if v3mode:
mapper = PlainMapper()
else:
mapper = ProjectMapper()
self.resources = {}
if list(self.api_extension_manager):
# 调用每个资源的get_resources()方法进行注册，同时使用
# mapper.resource()建立对应关系
self._register_resources_check_inherits(mapper)
# 调用资源的get_controller_extensions()方法进行资源扩展
self.api_extension_manager.map(self._register_controllers)

... ...  ... ...
... ...  ... ...

super(APIRouterV21, self).__init__(mapper)

# nova/api/openstack/__init__.py

class APIRouterV21(base_wsgi.Router):
def _register_resources_check_inherits(self, mapper):
... ...  ... ...
... ...  ... ...
self._register_resources_list(ext_no_inherits, mapper)
self._register_resources_list(ext_has_inherits, mapper)

# nova/api/openstack/__init__.py

class APIRouterV21(base_wsgi.Router):
def _register_resources_list(self, ext_list, mapper):
for ext in ext_list:
self._register_resources(ext, mapper)

接下来是真正实现资源注册和mapper初始化的部分。

# nova/api/openstack/__init__.py

class APIRouterV21(base_wsgi.Router):
def _register_resources(self, ext, mapper):
handler = ext.obj
LOG.debug("Running _register_resources on %s", ext.obj)
# 使用各个资源的get_resources()方法进行创建资源，并且使用mapper创建路由信息
for resource in handler.get_resources():
LOG.debug('Extended resource: %s', resource.collection)

inherits = None
if resource.inherits:
inherits = self.resources.get(resource.inherits)
if not resource.controller:
resource.controller = inherits.controller
# 创建一个ResourceV21对象作为之后mapper的controller
wsgi_resource = wsgi.ResourceV21(resource.controller,
inherits=inherits)
self.resources[resource.collection] = wsgi_resource

# 组建mapper.resource的kargs参数。
# 这边以keypairs为例：
# kargs = {'member': {},
#          'controller': <nova.api.openstack.wsgi.ResourceV21 object at 0x7fe6842b8990>,
#          'collection': {}}
# member和collection都为空说明除了标准映射之外不需要额外映射。
kargs = dict(
controller=wsgi_resource,
collection=resource.collection_actions,
member=resource.member_actions)

if resource.parent:
kargs['parent_resource'] = resource.parent
if resource.member_name:
member_name = resource.member_name
else:
# 以keypairs为例：
# member_name = resource.collection = 'os-keypairs'
member_name = resource.collection
# 创建mapper映射规则
mapper.resource(member_name, resource.collection,
**kargs)

if resource.custom_routes_fn:
resource.custom_routes_fn(mapper, wsgi_resource)

至此，APIRouterV21已经初始化的过程已经大致了解了，之后开始继续之前的请求调用流程。

之前我们看到mapper中的controller是

# nova/api/openstack/wsgi.py

# 直接继承了Resource类
class ResourceV21(Resource):
support_api_request_version = True

# nova/api/openstack/wsgi.py

class Resource(wsgi.Application):
@webob.dec.wsgify(RequestClass=Request)
def __call__(self, request):

... ...  ... ...
... ...  ... ...

# 获取request中的'wsgiorg.routing_args'值，
# 以nova list为例：action_args = {'action': u'detail', 'project_id': u'c884d1e936794f2a8e251342e1200c5d'}
action_args = self.get_action_args(request.environ)
# 获取方法名称
# action_args = {'project_id': u'c884d1e936794f2a8e251342e1200c5d'}
# action = 'detail'
action = action_args.pop('action', None)

try:
# 获取报文格式和内容
# content_type = 'text/plain'
# body = ''
content_type, body = self.get_body(request)

# 获取返回的报文类型，在初始化时进行过设定
# accept = 'application/json'
accept = request.best_match_content_type()
except exception.InvalidContentType:
msg = _("Unsupported Content-Type")
return Fault(webob.exc.HTTPBadRequest(explanation=msg))

# 调用具体方法处理请求
return self._process_stack(request, action, action_args,
content_type, body, accept)

接下来看一下调用处理请求的步骤。

# nova/api/openstack/wsgi.py

class Resource(wsgi.Application):
def _process_stack(self, request, action, action_args,
content_type, body, accept):
try:
# 获取处理的方法meth
# meth = <bound method ServersController.detail of <nova.api.openstack.compute.servers.ServersController object at 0x7f382bdcce90>>
meth, extensions = self.get_method(request, action,
content_type, body)
... ...  ... ...
... ...  ... ...
try:
contents = {}
if self._should_have_body(request):
if request.content_length == 0:
contents = {'body': None}
# 反序列化客户端request的body
contents = self.deserialize(body)
except exception.MalformedRequestBody:
msg = _("Malformed request body")
return Fault(webob.exc.HTTPBadRequest(explanation=msg))

# 更新请求的参数到action_args
# contents = {}
# action_args = {'project_id': u'c884d1e936794f2a8e251342e1200c5d'}
action_args.update(contents)

# 获取project_id(tenant_id)
# project_id = u'c884d1e936794f2a8e251342e1200c5d'
project_id = action_args.pop("project_id", None)
context = request.environ.get('nova.context')
... ...  ... ...
... ...  ... ...
# 执行前向扩展方法，扩展前序处理
response, post = self.pre_process_extensions(extensions,
request, action_args)
if not response:
try:
with ResourceExceptionHandler():
# ##### 执行controller中的请求处理方法 #####
# action_result = {'servers': []}
action_result = self.dispatch(meth, request, action_args)
except Fault as ex:
response = ex
... ...  ... ...
... ...  ... ...
if resp_obj:
# Do a preserialize to set up the response object
if hasattr(meth, 'wsgi_code'):
resp_obj._default_code = meth.wsgi_code
# 执行后向扩展
response = self.post_process_extensions(post, resp_obj,
request, action_args)

if resp_obj and not response:
response = resp_obj.serialize(request, accept)
... ...  ... ...
... ...  ... ...
# response = 200 OK
#            Content-Type: application/json
#            Content-Length: 15
#            X-OpenStack-Nova-API-Version: 2.1
#            Vary: X-OpenStack-Nova-API-Version
#
#            {"servers": []}
return response

这里可以看一下dispatch方法的定义，可以看见就是直接调用处理方法。

# nova/api/openstack/wsgi.py

class Resource(wsgi.Application):
def dispatch(self, method, request, action_args):
try:
# 直接调用method
return method(req=request, **action_args)
except exception.VersionNotFoundForAPIMethod:
return Fault(webob.exc.HTTPNotFound())

最后我们看一下Controller中方法的定义。

# nova/api/openstack/compute/servers.py

class ServersController(wsgi.Controller):
@extensions.expected_errors((400, 403))
def detail(self, req):
context = req.environ['nova.context']
authorize(context, action="detail")
try:
# 获取servers列表
servers = self._get_servers(req, is_detail=True)
except exception.Invalid as err:
raise exc.HTTPBadRequest(explanation=err.format_message())
return servers

到此为止，一个简单的nova list 的http请求执行流程就结束了，这边我的环境中没有开启虚拟机，所以这边servers为空。