Method and device for creating project resources based on Openstack system
阅读说明:本技术 一种基于Openstack系统的创建项目资源的方法和装置 (Method and device for creating project resources based on Openstack system ) 是由 马豹 苏广峰 轩艳东 于 2019-09-17 设计创作,主要内容包括:本发明公开了一种基于Openstack系统的创建项目资源的方法,该方法包括:在管理员在Openstack系统中下发项目资源分配请求后,根据截获的所述项目资源分配请求生成第一上下文信息;利用所述第一上下文信息更新已有的上下文信息;根据更新后的上下文信息和所述项目资源分配请求创建项目资源。本发明还公开了一种基于Openstack系统的创建项目资源的装置。本发明提供的方法和装置解决管理员在当前原生架构下不能进行项目资源创建的问题。(The invention discloses a method for creating project resources based on an Openstack system, which comprises the following steps: after an administrator issues a project resource allocation request in an Openstack system, generating first context information according to the intercepted project resource allocation request; updating existing context information with the first context information; and creating project resources according to the updated context information and the project resource allocation request. The invention also discloses a device for creating project resources based on the Openstack system. The method and the device provided by the invention solve the problem that an administrator cannot create project resources under the current native architecture.)
1. A method for creating project resources based on an Openstack system is characterized by comprising the following steps:
after an administrator issues a project resource allocation request in an Openstack system, generating first context information according to the intercepted project resource allocation request;
updating existing context information with the first context information;
and creating project resources according to the updated context information and the project resource allocation request.
2. The method of claim 1, prior to an administrator issuing a project resource allocation request in an Openstack system, comprising:
after the administrator receives a user request and logs in an Openstack system, parameters of project resources are created according to the user request;
and issuing a project resource allocation request according to the parameters of the project resources.
3. The method of claim 1, wherein said generating first context information from said intercepted project resource allocation request comprises:
intercepting the project resource allocation request, extracting a target user identification ID and a target project identification ID from the project resource allocation request, and generating first context information according to the target user ID and the target project ID.
4. The method of claim 3, wherein:
the generating of the first context information according to the target user ID and the target item ID includes:
and calling an authentication module of the Openstack system, and generating first context information according to the target user ID and the target project ID.
5. The method of claim 2, wherein:
the parameters of the project resource comprise a target user ID and a target project ID;
the first context information at least comprises a target user ID, a target item ID, authentication information and target user permission information.
6. An apparatus for creating project resource based on Openstack system, comprising: a memory and a processor; the method is characterized in that:
the memory is used for storing a program for creating project resources based on an Openstack system;
the processor is configured to read and execute the program for creating the project resource based on the Openstack system, and perform the following operations:
after an administrator issues a project resource allocation request in an Openstack system, generating first context information according to the intercepted project resource allocation request;
updating existing context information with the first context information;
and creating project resources according to the updated context information and the project resource allocation request.
7. The apparatus of claim 6, wherein:
the processor reads and executes the program for cloud host management based on the cloud management platform, and further performs the following operations:
after the administrator receives a user request and logs in an Openstack system, parameters of project resources are created according to the user request;
and issuing a project resource allocation request according to the parameters of the project resources.
8. The apparatus of claim 6, wherein:
the generating of the first context information according to the intercepted project resource allocation request comprises:
intercepting the project resource allocation request, extracting a target user identification ID and a target project identification ID from the project resource allocation request, and generating first context information according to the target user ID and the target project ID.
9. The apparatus of claim 8, wherein:
generating first context information according to the target user ID and the target item ID, wherein the first context information comprises:
and calling an authentication module of the Openstack system, and generating first context information according to the target user ID and the target project ID.
10. The apparatus of claim 7, wherein:
the parameters of the project resource at least comprise a target user ID and a target project ID;
the first context information at least comprises a target user ID, a target item ID, authentication information and target user permission information.
Technical Field
The invention relates to the technical field of Openstack, in particular to a method for creating project resources based on an Openstack system in the technical field of Openstack.
Background
Openstack is an open-source cloud platform technology, which comprises a tool set for deploying and running a cloud platform operating system. The cloud platform mainly builds and provides virtual computing service, storage service and network service for cloud service providers, and has a reliable cloud deployment scheme and good expansibility.
The Openstack user is a natural person who has account information such as a user name, a password, a mailbox and the like. The project of Openstack is understood to be a team or organization. After the user is created, a corresponding project must be specified to apply for the Openstack service. The role of Openstack is user operation authority in a specific project.
Users in the Openstack system are mainly classified into two types: administrators, and general users. The administrator refers to a user with an admin role and has the highest authority in the Openstack system. The normal user refers to a user having a _ member _ role, and can perform life cycle management on resources owned by the item in the bound item. Under the native framework, the project resource creation is completed by using a common user, and the specific flow is as follows: firstly, a user successfully logs in an interface of an affiliated item to generate context (context) information, wherein the context information comprises information such as a user id, an affiliated item id and authentication (token); secondly, extracting parameters (context, resource size, resource name, resource description and the like) necessary for distributing resources according to the information of the order; and thirdly, issuing an allocation request according to the parameters necessary for allocating the resources to complete an allocation task, wherein the flow comprises the verification of user permission, the update of a database, the allocation of bottom-layer resources and the like.
All project resources in the Openstack system belong to a project, and the current native implementation logic is as follows:
1, under the bound project, the ordinary user can perform the allocation (creation), deletion and related management operations of resources under the project.
The administrator can see the resources of all the items in the system, but can only delete and manage the resources, and cannot allocate (create) the resources.
The problem that the administrator cannot create project resources (virtual machines, volumes, snapshots, backups, etc.) is always that the administrator has the greatest authority to use the cloud platform client (the administrator has the greatest authority but cannot create physical resources, e.g., cannot create virtual machines, volumes, snapshots, backups, etc.), because the administrator of the organization and department using the cloud platform system wants to own authority to create resources for users in different departments, and also ensures that the created resources actually belong to the department where the user is located. Therefore, it is a problem to be solved urgently that the administrator can specify the user and the project to create the resource.
Disclosure of Invention
The technical problem to be solved by the invention is to provide a method for creating project resources based on an Openstack system, and solve the problem that an administrator cannot create the project resources under the current native architecture.
In order to solve the above technical problem, an embodiment of the present invention provides a method for creating a project resource based on an Openstack system, including:
after an administrator issues a project resource allocation request in an Openstack system, generating first context information according to the intercepted project resource allocation request;
updating existing context information with the first context information;
and creating project resources according to the updated context information and the project resource allocation request.
In an exemplary embodiment, the method further comprises the following features:
before an administrator issues a project resource allocation request in an Openstack system, the method comprises the following steps:
after the administrator receives a user request and logs in an Openstack system, parameters of project resources are created according to the user request;
and issuing a resource allocation request according to the parameter of the project resource.
In an exemplary embodiment, the method further comprises the following features:
the generating of the first context information according to the intercepted project resource allocation request comprises:
intercepting the project resource allocation request, extracting a target user identification ID and a target project identification ID from the project resource allocation request, and generating first context information according to the target user ID and the target project ID.
In an exemplary embodiment, the method further comprises the following features:
the generating of the first context information according to the target user ID and the target item ID includes:
and calling an authentication module of the Openstack system, and generating first context information according to the target user ID and the target project ID.
In an exemplary embodiment, the method further comprises the following features:
the parameters of the project resource comprise a target user ID and a target project ID;
the first context information at least comprises a target user ID, a target item ID, authentication information and target user permission information.
In order to solve the above problem, the present invention further provides an Openstack system-based device for creating project resources, including: a memory and a processor;
the memory is used for storing a program for creating project resources based on an Openstack system;
the processor is configured to read and execute the program for creating the project resource based on the Openstack system, and perform the following operations:
after an administrator issues a project resource allocation request in an Openstack system, generating first context information according to the intercepted project resource allocation request;
updating existing context information with the first context information;
and creating project resources according to the updated context information and the project resource allocation request.
In an exemplary embodiment, the apparatus further comprises the following features:
the processor reads and executes the program for cloud host management based on the cloud management platform, and further performs the following operations:
after the administrator receives a user request and logs in an Openstack system, parameters of project resources are created according to the user request;
and issuing a resource allocation request according to the parameter of the project resource.
In an exemplary embodiment, the apparatus further comprises the following features:
the generating of the first context information according to the intercepted project resource allocation request comprises:
intercepting the project resource allocation request, extracting a target user identification ID and a target project identification ID from the project resource allocation request, and generating first context information according to the target user ID and the target project ID.
In an exemplary embodiment, the apparatus further comprises the following features:
generating first context information according to the target user ID and the target item ID, wherein the first context information comprises:
and calling an authentication module of the Openstack system, and generating first context information according to the target user ID and the target project ID.
In an exemplary embodiment, the apparatus further comprises the following features:
the parameters of the project resource at least comprise a target user ID and a target project ID;
the first context information at least comprises a target user ID, a target item ID, authentication information and target user permission information.
To sum up, the embodiment of the present invention provides a method for creating a project resource based on an Openstack system, which calls an authentication module keystone in the Openstack system according to a specified target user ID and a specified target project ID to generate new context information (i.e., the first context information in the foregoing) to perform user right verification and update database information, so as to ensure that the ownership of the created resource meets the requirements, effectively solve the problem that an administrator cannot create the project resource under the current native architecture, expand the operating range of the administrator, and meet the requirements of a client using a cloud platform.
Drawings
Fig. 1 is a schematic diagram of a method for creating a project resource based on an Openstack system according to an embodiment of the present invention.
Fig. 2 is a flowchart of a method for creating a project resource based on an Openstack system according to an embodiment of the present invention.
Fig. 3 is a schematic diagram of an Openstack system-based device for creating a project resource according to an embodiment of the present invention.
Detailed Description
In order to make the objects, technical solutions and advantages of the present invention more apparent, embodiments of the present invention will be described in detail below with reference to the accompanying drawings. It should be noted that the embodiments and features of the embodiments in the present application may be arbitrarily combined with each other without conflict.
Fig. 1 is a schematic diagram of a method for creating a project resource based on an Openstack system according to an embodiment of the present invention, and as shown in fig. 1, the method according to the embodiment includes:
s11, after issuing a project resource allocation request in an Openstack system, an administrator generates first context information according to the intercepted project resource allocation request;
in an exemplary embodiment, before an administrator issues a project resource allocation request in the Openstack system, the method may include:
after the administrator receives a user request and logs in an Openstack system, second context information is generated, and parameters of project resources are created according to the user request; and issuing a resource allocation request according to the parameter of the project resource.
Wherein the user request may be a request to the administrator to create a project resource for. May include a target user ID, a target project ID, a resource size, a resource name, a resource description, and the like. The target user ID and the target item ID may not be included, but may be specified by the administrator.
In an exemplary embodiment, the generating first context information according to the intercepted project resource allocation request may include:
intercepting the project resource allocation request, extracting a target user identification ID and a target project identification ID from the project resource allocation request, and generating first context information according to the target user ID and the target project ID.
Wherein the parameters of the project resource may include a target user ID and a target project ID.
Wherein the second context information at least includes an administrator ID.
The administrator may be a person with the authority of an Openstack system administrator.
Wherein the project resource may include a virtual machine, a volume, a snapshot, a backup, and the like.
In an exemplary embodiment, an authentication module of the Openstack system may be invoked, and first context information may be generated according to the target user ID and the target item ID.
The first context information may at least include a target user ID, a target item ID, authentication information, and target user permission information. The authentication information is token, the token has a validity period (default 1 hour), and after the validity period is exceeded, the user has no authority to execute. The target user authority information refers to the role of the target user, where the role of the target user is _ member _, that is, the authority of the ordinary user in the Openstack system.
And S12, updating the existing context information by using the first context information.
In an exemplary embodiment, the second context information may be updated using the first context information.
And S13, creating project resources according to the updated context information and the project resource allocation request.
In an exemplary embodiment, creating project resources may include checking user permissions, updating databases, and allocating underlying resources, among other things.
According to the method and the system, the authentication module keystone in the Openstack system is called to generate new context information (namely the first context information in the text) according to the formulated target user ID and the formulated target project ID to carry out user authority verification and update of database information, the created resource attribution is ensured to be in accordance with the requirements, the problem that a manager cannot create project resources under the current native architecture can be effectively solved, the operation range of the manager is expanded, and the requirements of clients using a cloud platform are met.
Fig. 2 is a flowchart of a method for creating a project resource based on an Openstack system according to an embodiment of the present invention. As shown in fig. 2, the method comprises the following steps:
step 201: and after receiving a user request and logging in an interface of a default project of the Openstack system, an administrator generates context information.
The context information is the second context information, and may include information such as an administrator ID, a default item ID to which the second context information belongs, and authentication information (token).
Wherein the user request may be a request to the administrator to create a project resource for. May include a target user ID, a target project ID, a resource size, a resource name, a resource description, and the like. The target user ID and the target item ID may not be included, but may be specified by the administrator.
Step 202: parameters for creating project resources according to user requests.
The parameters of the project resource at least comprise a target user ID and a target project ID, and also can comprise a resource size, a resource name, a resource description and the like.
Step 203: and issuing a resource allocation request according to the parameters of the project resources.
The resource allocation request at least includes a target user ID, a target project ID, a resource size, a resource name, a resource description, and the like.
Step 204: and after the resource allocation request is issued, intercepting the project resource allocation request, and generating first context information according to the extracted target user identification ID and the target project identification ID.
The resource allocation request can be issued by using a post message, the post message is provided with a body, and after the resource allocation request is intercepted, the target user ID and the target project ID are extracted from the body. The resource allocation request can be intercepted by a module carried by the Openstack (the module is not present in the resource creation flow of the original administrator). According to the target user ID and the target item ID in the extracted and intercepted resource allocation request, calling an authentication module keystone according to the target user ID and the target item ID to generate new context information, wherein the new context information comprises information such as authentication information (token) and a _ member _ role necessary for executing a subsequent process by using the target user ID and the target item ID, and then executing a resource creation process by using the newly generated context information new _ context and the resource allocation request.
Step 205: and updating the existing context information by using the first context information, and creating project resources according to the updated context information and the resource allocation request.
The existing context information is context information automatically generated by the system when an administrator logs in the Openstack system.
It should be noted that: and a new context (mainly comprising token and _ member _ role information) must be regenerated by using the target user id and the target item id specified when the resource is created, otherwise, the item to which the created resource belongs is not qualified by the user. According to the method, the authentication module keystone is called to generate new context information according to the specified target user id and the target project id to carry out user right verification and database information updating, the created resource attribution is guaranteed to be in accordance with the requirement, and the problem of the method can be effectively solved.
Fig. 3 is a schematic diagram of a device for creating a project resource based on an Openstack system according to an embodiment of the present invention, and as shown in fig. 3, the performance testing device according to this embodiment includes: a memory and a processor;
the memory is used for storing a program for creating project resources based on an Openstack system;
the processor is configured to read and execute the program for creating the project resource based on the Openstack system, and perform the following operations:
after an administrator issues a project resource allocation request in an Openstack system, generating first context information according to the intercepted project resource allocation request;
updating existing context information with the first context information;
and creating project resources according to the updated context information and the project resource allocation request.
In an exemplary embodiment, the processor reads and executes the program for cloud host management based on a cloud management platform, and further performs the following operations:
after the administrator receives a user request and logs in an Openstack system, parameters of project resources are created according to the user request;
and issuing a resource allocation request according to the parameter of the project resource.
In an exemplary embodiment, the generating first context information according to the intercepted project resource allocation request includes:
intercepting the project resource allocation request, extracting a target user identification ID and a target project identification ID from the project resource allocation request, and generating first context information according to the target user ID and the target project ID.
In one exemplary embodiment, generating first context information based on the target user ID and the target item ID includes:
and calling an authentication module of the Openstack system, and generating first context information according to the target user ID and the target project ID.
In one exemplary embodiment, the parameters of the project resource include at least a target user ID and a target project ID;
the first context information at least comprises a target user ID, a target item ID, authentication information and target user permission information.
It will be understood by those skilled in the art that all or part of the steps of the above methods may be implemented by instructing the relevant hardware through a program, and the program may be stored in a computer readable storage medium, such as a read-only memory, a magnetic or optical disk, and the like. Alternatively, all or part of the steps of the above embodiments may be implemented using one or more integrated circuits. Accordingly, each module/unit in the above embodiments may be implemented in the form of hardware, and may also be implemented in the form of a software functional module. The present invention is not limited to any specific form of combination of hardware and software.
The foregoing is only a preferred embodiment of the present invention, and naturally there are many other embodiments of the present invention, and those skilled in the art can make various corresponding changes and modifications according to the present invention without departing from the spirit and the essence of the present invention, and these corresponding changes and modifications should fall within the scope of the appended claims.