基于OpenStack私有云资源访问控制的应用与研究

发布时间：2018-03-23 07:30

本文选题：私有云平台　切入点：访问控制　出处：《北方工业大学》2015年硕士论文　论文类型：学位论文

【摘要】：在云计算技术快速发展,网络速度的提升和硬件的计算能力大大增强的带动下,人类进入到互联网时代。全世界公司和组织都在使用云计算技术来构建各自的公有云和私有云。对于学校和小型组织,使用开源的云框架构建自己的私有云是一个很好的选择。利用搭建的私有云平台,对资源进行管理,提高资源的利用效率具有实际意义。首先本文从云计算技术的发展开始,研究了建立私有云的优势和需要解决的问题。通过比较几种开源的云平台框架的特点,选取OpenStack作为搭建私有云平台的开源框架,并介绍了OpenStack的系统结构和各组件功能。在此基础上论文对OpenStack三种部署方式进行了研究。然后,本文主要对OpenStack框架中负责私有云平台访问控制资源的Keystone组件,进行研究和分析。从Keystone的用户管理、多租户机制和Token管理几方面入手,通过对实际代码的分析,总结了Keystone组件的安全认证工作流程。通过对Keystone组件的研究,为构建私有云平台的访问控制体系提供了依据和方法。接下来,本文阐述了私有云平台下需要管理的资源,并对用于管理资源的OpenStack组件分别进行研究分析。最后论文给出了一个针对实际应用的私有云平台构建方案,并且实际演示了部署OpenStack的过程。最后,在已建立起的OpenStack私有云平台上,根据实际应用需求进行二次开发。实现了对虚拟机资源,网络资源,存储资源,镜像资源等私有云平台资源进行统一管理的资源池功能。同时实现了对资源进行访问控制的功能。所有功能的开发均调用OpenStack所提供的API,实现了OpenStack平台的可扩展性和模块之间的独立性。开发的私有云管理平台可以提供对IT资源的基本管理,以及用户对私有云平台资源访问控制管理。
[Abstract]:Driven by the rapid development of cloud computing technology, the improvement of network speed and the greatly enhanced computing power of hardware, People are entering the Internet age. Companies and organizations around the world are using cloud computing technology to build their own public and private clouds. For schools and small organizations, It is a good choice to use the open source cloud framework to build its own private cloud. It is of practical significance to use the private cloud platform to manage resources and improve the efficiency of resource utilization. First of all, this paper starts with the development of cloud computing technology, studies the advantages of building private cloud and the problems that need to be solved. By comparing the characteristics of several open source cloud platform frameworks, we select OpenStack as the open source framework to build private cloud platform. The system structure and component functions of OpenStack are introduced, and the three deployment modes of OpenStack are studied in this paper. Then, this paper mainly studies and analyzes the Keystone component which is responsible for private cloud platform access control resource in OpenStack framework. From the aspects of Keystone user management, multi-tenant mechanism and Token management, this paper analyzes the actual code. This paper summarizes the security authentication workflow of Keystone components and provides the basis and method for constructing the access control system of private cloud platform through the research of Keystone components. Then, this paper describes the resources to be managed under the private cloud platform, and analyzes the OpenStack components used to manage the resources. Finally, this paper presents a private cloud platform construction scheme for practical applications. And the actual demonstration of the deployment of OpenStack process. Finally, on the established OpenStack private cloud platform, according to the actual application requirements, the secondary development of virtual machine resources, network resources, storage resources, The resource pool of private cloud platform resources such as mirror resources is managed uniformly. At the same time, the access control function of resources is realized. All the functions are developed by calling API provided by OpenStack, and the extensibility of OpenStack platform is realized. Private cloud management platform developed to provide basic management of IT resources, And the user to the private cloud platform resource access control management.
【学位授予单位】：北方工业大学
【学位级别】：硕士
【学位授予年份】：2015
【分类号】：TP393.09;TP309

【参考文献】