Service Backends
Each of the services can configured to use a backend to allow Keystone to fit a variety of environments and needs. The backend for each service is defined in the keystone.conf file with the key driver under a group associated with each service.
A general class under each backend named Driver exists to provide an abstract base class for any implementations, identifying the expected service implementations. The drivers for the services are:
If you implement a backend driver for one of the keystone services, you’re expected to subclass from these classes. The default response for the defined apis in these Drivers is to raise a keystone.service.TokenController.
KVS Backend
A simple backend interface meant to be further backended on anything that can support primary key lookups, the most trivial implementation being an in-memory dict.
Supports all features of the general data model.
SQL Backend
A SQL based backend using SQLAlchemy to store data persistently. The keystone-manage command introspects the backends to identify SQL based backends when running “db_sync” to establish or upgrade schema. If the backend driver has a method db_sync(), it will be invoked to sync and/or migrate schema.
PAM Backend
Extra simple backend that uses the current system’s PAM service to authenticate, providing a one-to-one relationship between Users and Tenants with the root User also having the ‘admin’ role.
Templated Backend
Largely designed for a common use case around service catalogs in the Keystone project, a Catalog backend that simply expands pre-configured templates to provide catalog data.
Example paste.deploy config (uses $ instead of % to avoid ConfigParser’s interpolation):
[DEFAULT]
catalog.RegionOne.identity.publicURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.adminURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.internalURL = http://localhost:$(public_port)s/v2.0
catalog.RegionOne.identity.name = 'Identity Service'
LDAP Backend
The LDAP backend stored Users and Tenents in separate Subtrees. Roles are recorded as entries under the Tenants.
沒有留言:
張貼留言